EEVblog Electronics Community Forum
EEVblog => EEVblog Specific => Topic started by: EEVblog on March 08, 2018, 09:50:18 pm
-
Unboxing and review of the new Trezor Model T cryptocurrency bitcoin hardware wallet. And comparison with
Crypto Currency:
https://www.eevblog.com/crypto-currency/ (https://www.eevblog.com/crypto-currency/)
https://kit.com/EEVblog/crypto-hardware (https://kit.com/EEVblog/crypto-hardware)
Hardware Github: https://github.com/trezor/trezor-core/blob/master/docs/hardware.md (https://github.com/trezor/trezor-core/blob/master/docs/hardware.md)
https://www.youtube.com/watch?v=ibPgfzd9zd8 (https://www.youtube.com/watch?v=ibPgfzd9zd8)
-
What do you mean it would constantly be forking if the blocks were faster (30:35 in the video)? Can you please elaborate?
I think it's a good idea that they constantly remind their users the Bcash is a shitcoin and not the real Bitcoin. >:D
-
This is the first time I did not watch a whole EEBlog main channel video. Sorry.
-
The release of the video seems to have bitcoin tanking again. Dave may have started the end!
-
Its not gov in general thats the problem, it's the private banks, bankers but fore most oligarchs in various dressupps. ::)
Im fore some sort of planetary currency (crypt or not) but one that cannot be "speculated in".
-
Have you people seen this:
Firmware 1.4: deep dive into three vulnerabilities which have been fixed (https://www.ledger.fr/2018/03/20/firmware-1-4-deep-dive-security-fixes/)
Blog post by the 15 year old who reported the flaw (https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/)
Brian Krebs's post about this (https://krebsonsecurity.com/2018/03/15-year-old-finds-flaw-in-ledger-crypto-wallet/)
It's about the Ledger Wallet, but seeing as Dave compares them a little in the recent wallet video, I figured this is relevant here as well...
-
Regarding "Trezor" bitcoin wallet (I don't know how many models there are, or much about this). I just saw this below on twitter. Unsure if referring to same model.
The model below is alleged to be insecure with what is said to be older (or previous) firmware. The original article mentions pin codes having been added (to something) to address the previous vulnerability.
I don't understand exactly how this unit is vulnerable myself, maybe limited to a particular circumstance, or maybe it is super easy, I don't know.
"Extracting the Private Key from a TREZOR Bitcoin Wallet with a $70 Oscilloscope"
https://blog.adafruit.com/2018/06/07/extracting-the-private-key-from-a-trezor-bitcoin-wallet-with-a-70-oscilloscope/
"Extracting the Private Key from a TREZOR ... with a 70 $ Oscilloscope"
https://jochen-hoenicke.de/trezor-power-analysis/
"However, also the generation of the public key may leak some information via a side channel. Until firmware 1.3.2 of TREZOR this was not PIN protected. Therefore, I investigated whether it is possible to use a side channel to recover the private key from the public key computation."
"Also, if you have passphrase protection, this attack does not work even with firmware 1.3.1, so you may consider adding that, too."
The main article simply mentions there being a 'seed' involved in some of the calculations. I am no cryptographer and I don't know anything about bitcoin wallets, but with no further description of this seed, it sounded weird to me. I am also wondering what the difference between 'private key' and 'master private key' would be.
-
Regarding "Trezor" bitcoin wallet (I don't know how many models there are, or much about this). I just saw this below on twitter. Unsure if referring to same model.
The model below is alleged to be insecure with what is said to be older (or previous) firmware. The original article mentions pin codes having been added (to something) to address the previous vulnerability.
I don't understand exactly how this unit is vulnerable myself, maybe limited to a particular circumstance, or maybe it is super easy, I don't know.
"Extracting the Private Key from a TREZOR Bitcoin Wallet with a $70 Oscilloscope"
https://blog.adafruit.com/2018/06/07/extracting-the-private-key-from-a-trezor-bitcoin-wallet-with-a-70-oscilloscope/
"Extracting the Private Key from a TREZOR ... with a 70 $ Oscilloscope"
https://jochen-hoenicke.de/trezor-power-analysis/
That article is about 3 years old, Trezor fixed this issue a long time ago.
I got a whole bunch of people message me about this this week, it seems the article is redoing the rounds as if it's new.