Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Re: Trezor: Bitcoin hardware wallet
by
JorgeStolfi
on 28/07/2014, 18:56:10 UTC
Quote from: marcus_of_augustus on July 28, 2014, 05:57:19 PM
Quote from: JorgeStolfi on July 28, 2014, 05:54:04 PM
Quote from: marcus_of_augustus on July 28, 2014, 05:50:38 PM
Quote from: JorgeStolfi on July 28, 2014, 05:40:33 PM
Quote from: marcus_of_augustus on July 28, 2014, 04:51:35 PM
Quote from: JorgeStolfi on July 28, 2014, 04:30:56 PM
Quote from: Coiner.de on July 28, 2014, 03:41:13 PM
Quote from: JorgeStolfi on July 28, 2014, 02:09:34 PM
Do you mean that the firmware can be replaced after the device was assembled?  If so, what is the procedure to do that?
The official procedure is rather nicely shown here: http://doc.satoshilabs.com/trezor-user/updatingfirmware.html
Hm... What if someone get holds of your Trezor without your knowledge, installs malicious firmware that saves your passphrase, returns it to you, then steals it again after you have used it, and downloads the pasphrase?  Or whaterver?
your contortions are getting a little contrived ... and a bit funny too.
You don't build confidence on a system by having it examined only by people who want it to be declared safe.  Wink
until you stray into life of the universe type probabilities it makes sense to question ... after that you are being irrationally paranoid or simply trolling.
Are you acquainted with, say, the false fronts for ATM machines that steal card data? 
they're commonly known as "skimmers" in the trade ...
your "Or whaterver?" seems to be the best summary of the thrust and quality of your arguments thus far.
(I though that this thread was about Trezor, not about me.)

When validating a system one MUST be paranoid.  If there is a way to break it, no matter how "unlikely", that is the way that criminals will aim for.  You cannot expect tham to be nice and only try those attacks that you have protected against.

There is nothing paranoid about fake or compromised Trezors being used to steal  passwords and PINs.

The fact that one can upload new firmware does increase the risks.  For one thing, a hacker or a rogue satoshilabs employee could get his malicious firmware signed, and then use it in many ways (besides the one I described).  I hope that you are paranoid enough to imagine some more.

Suppose that one day a client tries to use his Trezor, where he put all his BTC, and it shows "warning, firmware is unsigned,do you want to continue?" What is the probability that he will click "yes" (and then enter his passphrase when the device asks for it), rather than calling the Trezor hotline?