(pest) asciilifeform: most reichs, unsurprisingly, Officially mandate bureaucratic processing of the dead. so that, well, montrezors can't so easily stuff their fortunatos in a vacant berth in the wine cellar
(asciilifeform) asciilifeform: 'for the love of god, montrezor!'
(asciilifeform) dulapbot: (trilema) 2015-09-21 asciilifeform: speaking of, last i checked, 'trezor' was still reflashable from the usb jack.
(asciilifeform) dulapbot: Logged on 2021-04-21 14:36:23 asciilifeform: however never tried 'ledger', 'trezor', etc. given as these all have asinine design which requires a pc with prb. defeating the entire nominal purpose of the box.
(asciilifeform) asciilifeform: however never tried 'ledger', 'trezor', etc. given as these all have asinine design which requires a pc with prb. defeating the entire nominal purpose of the box.
(asciilifeform) gregorynyssa: asciilifeform: I am talking about the gadget. like Trezor or Ledger.
(trilema) a111: Logged on 2015-09-22 03:01 asciilifeform: speaking of, last i checked, 'trezor' was still reflashable from the usb jack.
(trilema) a111: Logged on 2018-08-09 21:08 asciilifeform: 'In about 500 submissions on average we recover the whole key' << from e.g. montrezor, other shitwallets, etc.
(trilema) asciilifeform: 'In about 500 submissions on average we recover the whole key' << from e.g. montrezor, other shitwallets, etc.
(trilema) ben_vulpes: trinque: trezors also do that dumb shit.
(trilema) mircea_popescu: shouldn't you have been already aware of this ? if the "trezor" wasn't patent medicine, that is ?
(trilema) mircea_popescu: ask yourself : why do you learn of say from me ?
(trilema) Guest45857: so i assume is considered crap. Asking this cause i've one and i was thinking to be on the safe side. Should i discard every hardware wallet or is there something significantly better than trezor?
(trilema) mircea_popescu: yes well, let's not confuse the inept products of idiots with the broader categories. trezor is a specific piece of shit, not something as lofty as "a hardware wallet".
(trilema) mircea_popescu: !#s trezor
(trilema) Guest45857: hello, i would like to ask about trezor security. in your opinion is safer a properly air gapped computer or specific hardware wallet like trezor?
(trilema) asciilifeform: << lollamatic, support for segshitness etc
(trilema) a111: Logged on 2015-09-22 03:01 asciilifeform: speaking of, last i checked, 'trezor' was still reflashable from the usb jack.
(trilema) a111: Logged on 2015-12-27 16:07 jurov: as predicted by alf
(trilema) asciilifeform: static const auto https_cert_uri = "";
(trilema) asciilifeform: static const auto https_privkey_uri = "";
(trilema) asciilifeform: for the LUVV OF gAwD, MONTREZOR!111
(trilema) deedbot: << Qntra - Another Trezor "Hardware Wallet" Default Flaw: Trezord.exe Phones Home
(trilema) asciilifeform: lol, and witness the 'montrezors' in linked thread
(trilema) mircea_popescu: !#s trezor
(trilema) asciilifeform: re the trezor nonsense -- it's the , what' 8th year of btc, and still nobody made the obvious sanewallet - txmaker runs from rom, and eats privkey when-required via paper tape
(trilema) a111: 38 results for "from:asciilifeform trezor",
(trilema) asciilifeform: !#s from:asciilifeform trezor
(trilema) asciilifeform: FOR ZE LUVV of GAWd, Montrezor!!!
(trilema) mircea_popescu: iirc we said trezor is not to be used cca 2015./
(trilema) ben_vulpes: "As soon as you connect your Trezor to a power source such as a computer, without entering any PIN codes or opening any websites, the Trezor device firmware by itself fills the SRAM with all your sensitive secret information."
(trilema) deedbot: << Qntra - Trezor, Others Affected By "Fault Injection" – May Leak Keys
(trilema) asciilifeform: << lol, luke-jr 'Core Developer' ; Mycelium; Electrum; TREZOR; misc. crapola
(trilema) asciilifeform: fortheloveofgawd, MONTREZOR!!!!111
(trilema) asciilifeform: 'for ze luvvv of gawwwd, monTrezor!!11'
(trilema) ben_vulpes: my wot, mon trezor!
(trilema) pete_dushenski: lemme guess, trezor ?
(trilema) asciilifeform: as i pointed out a year+ ago, a trezor plugged into a specially-instrumented but visually uninteresting pc will give up its key.
(trilema) asciilifeform: (and also i will add that trezor has a considerably simpler orifice, but we digress, folks who read the logz know what it is)
(trilema) assbot: Logged on 27-12-2015 16:46:59; thestringpuller: oh wow. ALF was right on the money using DPA to break the trezor.
(trilema) thestringpuller: oh wow. ALF was right on the money using DPA to break the trezor.
(trilema) jurov: as predicted by alf
(trilema) mircea_popescu: << lulz at the trezor/"bitcoin speculation" derp. seriously, "there exists consensus" ? tardstalk references ? le sigh already.
(trilema) ascii_field: obligatory montrezor:
(trilema) asciilifeform: 'KeepKey is actually a fork of the Trezor project. We have maintained compatibility through development, and are compatible with Trezor v1.3.3.' << l0l
(trilema) asciilifeform: for the love of god, montrezor!!!11
(trilema) asciilifeform: speaking of, last i checked, 'trezor' was still reflashable from the usb jack.
(trilema) mircea_popescu: << dude get out, buy one. what do you think this is, the trezor ?
(trilema) asciilifeform: !s montrezor
(trilema) asciilifeform: 'for the love of god, montrezor!!!'
(trilema) BingoBoingo: I was kinda iffy about him with the whole Trezor thing
(trilema) mircea_popescu: BTW: Homeland Security was storing all the seized Bitcoins on a Trezor that they either purchased or seized from someone else!
(trilema) mircea_popescu: Finally, my question: All of my transactions into the Trezor showed up as confirmed as soon as they got confirmed, however the send transaction (through Coinbase at our donation web sites) took hours to show up as confirmed in the myTrezor wallet even though it had many, many confirmation on
(trilema) ascii_field: for the love of god, montrezor !!!
(trilema) nubbins`: "My Trezor finally arrived (but with scratches and rusted/not working cable)... I am happy anyway! I want to share my happiness :-)"
(trilema) liquidassets: sometimes I buy a few small things using their interface like a trezor or mycelium entropy
(trilema) menahem: lol, the trezor is a bit of a bitch to setup. but really not that bad.
(trilema) jurov: i tried to set it, but sux
(trilema) kakobrekla: i gave a bunch of trezors to various people
(trilema) menahem: im going through the logs a bit, are you using your trezor much ?
(trilema) asciilifeform: for the love of god, montrezor! (tm)
(trilema) assbot: Logged on 26-04-2015 05:53:14; mircea_popescu: "Unfortunately unlike Bitcoin there is no reputation Trezor." << a) trezor's kinda dysfunctional/derpy ; b) of course there is. airgapped gpg.
(trilema) mircea_popescu: "Unfortunately unlike Bitcoin there is no reputation Trezor." << a) trezor's kinda dysfunctional/derpy ; b) of course there is. airgapped gpg.
(trilema) ben_vulpes: the point is a constrasting of how people use keys (properly) and how people use trezors (improperly)
(trilema) mircea_popescu: i guess re-reading this is ambiguous. did you mean "do to trezor" as in, fixing ? or as in, exploiting ?
(trilema) ascii_field: 'for the love of god, montrezor!' (TM)
(trilema) ascii_field: now who wants to tell me why it took so long to do to 'trezor' what i suggested doing to it immediately upon learning of the circuit ?
(trilema) mircea_popescu: !s trezor
(trilema) mircea_popescu: The_Shrander no, but it is kinda lulzy. in any case trezor had mixed reviews at best here.
(trilema) pete_dushenski: heh. i dun think anyone here really trusted trezors to begin with
(trilema) assbot: All TREZOR users should update their firmware for protection against a physical attack - Extracting the Private Key from a TREZOR with a $70 Oscilloscope : Bitcoin ... ( )
(trilema) The_Shrander: hi to all, have you seen this?
(trilema) asciilifeform: fortheloveofgodmontrezor! (tm)
(trilema) mircea_popescu: lol @ dat trezor drama.
(trilema) nubbins`: trezor fail
(trilema) assbot: Trezor Code no Longer LGPLv3, but now more restrictive Microsoft Reference Source License : Bitcoin ... ( )
(trilema) jurov: such shitstorm. wow.
(trilema) thestringpuller: << how is this not news yet?
(trilema) assbot: Got pulled over and my Trezor was confiscated, Police claimed its a voice recorder : Bitcoin ... ( )
(trilema) nubbins`:
(trilema) mircea_popescu: !s trezor
(trilema) infobel: any thoughts on Trezor anybody?
(trilema) assbot: Now you can buy a TREZOR-like hardware wallet in less than $30 , take a look : Bitcoin ... ( )
(trilema) kakobrekla: lulz ensured
(trilema) mircea_popescu: public is apparently happy with trezor and glass.
(trilema) kakobrekla: well one of the idiots that i gave trezor to still kept the coins on bitstamp until after the hack
(trilema) kakobrekla: i think ascii had objection over trezor saying "not sure if its better than a web wallet"
(trilema) Naphex: kako, you use a trezor? lol :)
(trilema) cazalla: this has been another andreas recommendation.. trezor, the best!
(trilema) jurov: kakobrekla heh guess who did the (ofted defunct) stuff?
(trilema) asciilifeform: mircea_popescu: ... gmaxwell aware enough to notice [one of] trezor holes. << the differential power thing is plain as daylight to anyone who has seen the published schematic.
(trilema) mircea_popescu: asciilifeform << gmaxwell aware enough to notice [one of] trezor holes.
(trilema) kakobrekla: jurov do you know why trezor guys went with "m/44'/0'/0'/0/0"
(trilema) jurov: dunno if there's bip32/trezor support in any noobish standalone client.. last i checked electrum was under development
(trilema) jurov: under linux got broken so i filed it under "fuck that"
(trilema) kakobrekla: jurov did you ever update your trezor
(trilema) kakobrekla: one of the two co-authors of trezor
(trilema) kakobrekla: well you can enter your own private key in trezor and null it after done
(trilema) asciilifeform: the reason i even bothered to respond to the trezor thing is to share the hypothesis that all of the available products are dumb because the problem they are 'solving' - is dumb.
(trilema) punkman: asciilifeform: here
(trilema) punkman: too much fukken code
(trilema) assbot: Updating your TREZOR’s firmware — TREZOR User Manual 1.0 documentation ... ( )
(trilema) asciilifeform: kakobrekla: use the python tools to do anything with the Trezor << one of these days, someone should explain to me why a gadget like 'trezor' is necessary
(trilema) kakobrekla: punkman im quoting here > You can use the python tools to do anything with the Trezor, but there's no user interface for (most of) it currently.
(trilema) punkman: can you trezor without the web2.0?
(trilema) kakobrekla: i decided ill equip the bitcoin newbs with trezors for new years gifts
(trilema) thestringpuller: BitStash and trezor huh
(trilema) asciilifeform: !s Montrezor
(trilema) asciilifeform: 'For the love of God, Montrezor!'
(trilema) jurov: 1. stopped working under linux (worked before in ff/konq)
(trilema) jurov: wanted to check if my trezor still works, so sent half a bitcent to deedbot
(trilema) kakobrekla: trezor, without quotes
(trilema) jurov: she's showing off trezor
(trilema) kakobrekla: ill donate you a trezor if you want to attack it
(trilema) thestringpuller: so basically you're attempting to hack the trezor via DPA?
(trilema) assbot: Hardware — TREZOR Technical Manual 1.0 documentation
(trilema) jurov: hmm, mytrezor site does not react to clicks
(trilema) thestringpuller: is the trezor guy in wot?
(trilema) devthedev: I'm having trouble with the mytrezor site
(trilema) devthedev: Is anyone in possession of a Trezor?
(trilema) peeta: so are you getting a Trezor Mircea?
(trilema) mrstickball_: who are you using to get the trezor's shipped out with?
(trilema) bitcoinpete: @slushcz: I'm so overworked that I even cannot celebrate that we've shipped all #bitcoin #trezor preorders few moments ago.
(trilema) dexX7: would it be possible to create a gpg targeted firmware for a trezor device?
(trilema) kakobrekla: thats trezor
(trilema) kakobrekla: as to rng on trezor
(trilema) jurov: should have made bet on trezor instead
(trilema) asciilifeform: antephialtic: re: trezor: open the widget and let it speak for itself.
(trilema) antephialtic: right now its a lot clunkier than using normal GPG signatures, but if the trezor becomes widespread, I could see people improving the tooling
(trilema) antephialtic: trezor can sign arbitrary messages, not just bitcoin transactions
(trilema) antephialtic: asciilifeform: do you worry that trezor's message signing capabilities might reduce demand for the cardano?
(trilema) jurov: BCB, Trezor folks used this on facebook and wrote a comment "can't happen with Trezor"
(trilema) ozbot: My new TREZOR
(trilema) novusordo: the only thing I use the forum for nowadays is following updates from friedcat and the trezor fellows
(trilema) asciilifeform: novusordo: what does trezor look like to host machine? tty ?
(trilema) asciilifeform: novusordo: what prompts? last i saw, 'trezor' had no keyboard
(trilema) novusordo: if you take a factory-fresh trezor and you have a bip32 wallet you'd like to put on it
(trilema) novusordo: so apparently the trezor has a better recovery system than I thought
(trilema) dexX7: "Some of the sources are at We are in the process of finalizing and cleaning up the sources and preparing a security audit of the code. We will publish the sources before shipping TREZOR to our customers."
(trilema) Ademan: mircea_popescu: considering the trezor hasn't been released yet though, it hardly bothers me.
(trilema) dexX7: ninjashogun: trezor firmware is open source afaik, so you can always verify for yourself or push your own version
(trilema) asciilifeform: ninjashogun: there is sufficient information available about 'trezor' to learn the answer to this. but please do own homework
(trilema) ninjashogun: (question: has trezor been audited?)
(trilema) Apocalyptic: is trezor still a thing ?
(trilema) asciilifeform: ninjashogun: anyway, take this to the 'trezor' folks, not me. i've personally no interest in manufacturing 'lukewarm wallets.'
(trilema) ninjashogun: I mean if you took Trezor and made it look like an ATM card, by shrinking it down to the same chip size. (chip and pin)
(trilema) ninjashogun: asciilifeform, yes, if you moved trezor into the form factor of an ATM card with a PIN, and using the same technology - then it would be interesting.
(trilema) asciilifeform: that'd be something like 'trezor'
(trilema) asciilifeform: ninjashogun: i think you have the wrong address. that'd be 'trezor' et al.
(trilema) asciilifeform: but tell the 'trezor' etc. folks that.
(trilema) dexX7: asciilifeform: what do the trezor guys wrong for example? i didn't really follow the progress
(trilema) asciilifeform: the 'trezor' stuff is almost physically painful to read. it's as if they knew every single correct design decision, and did... the exact opposite.
(trilema) asciilifeform: trezor's published code is curiously missing the interesting bits.
(trilema) ozbot: More Pre Order Scams..... (TREZOR)
(trilema) asciilifeform: mircea_popescu: the trezor folks took preorders !?!11!
(trilema) asciilifeform: 'Its not clear how you would build a secure way to initialise the Trezor, as youd need to use an untrusted computer to present trusted keys into the device. A virus (MITM) could intercept and rewrite the keys as they were being loaded into the device. Unless you had key fingerprints written down on paper, itd be impossible to notice a mismatch. Pre-agreed root certs installed at the factory solve this
(trilema) mircea_popescu: incidentally, i hear that's why the trezor kid got shot.
(trilema) nubbins`: i dunno, i think you're fucked if you're trusting a trezor as a cold wallet
(trilema) ozbot: TREZOR The Bitcoin Safe - news
(trilema) asciilifeform: difficult, lacking a trezor
(trilema) mike_c: it would be awesome if you published a trezor hack with the cardano release.
(trilema) asciilifeform: 'trezor' appears to use a cheapo consumer ARM
(trilema) asciilifeform: when was 'trezor' 1st announced?
(trilema) asciilifeform: wait, maybe trezor isn't u.s. based
(trilema) jurov: trezor isn't sold yet either
(trilema) asciilifeform: how do the 'trezor' folks even get away with shipping the damn thing internationally without publishing source?
(trilema) asciilifeform: contains no source for the embedded micro, as far as i can see.
(trilema) asciilifeform: For the love of God, Montrezor!
(trilema) ozbot: TREZOR The Bitcoin Safe - news
(trilema) jurov: i have seen only trezor prototype board, to be delivered in 2 weeks
(trilema) asciilifeform: anybody here get hold of a 'trezor' and pick it apart?
(trilema) asciilifeform: 'Now the Trezor is fully deterministic device...'
(trilema) jurov:
(trilema) thestringpuller: looks like the cardano will be more secure if used as a wallet than the trezor...
(trilema) thestringpuller: the trezor only uses PRNG?
(trilema) asciilifeform: "For the love of God, Montrezor!"
(trilema) asciilifeform: phun phact: 'trezor' machine uses vendor's on-chip TRNG.
(trilema) nubbins`: i should design a trezor-looking HID that, when connected, sends "[windows-r],, [enter]"
(trilema) asciilifeform: "For the love of God, Montrezor!"
(trilema) ozbot: TREZOR The Bitcoin Safe
(trilema) asciilifeform: wat's a trezor
(trilema) nubbins`: i can't wait until the first malicious fake trezors hit the streets.
(trilema) skinnkavaj: pankkake: Armory and Trezor is coming with LTC support
(trilema) jurov: asciilifeform: you have not considered adding a display? it's the thing i like about trezor
(trilema) thestringpuller: is this the trezor wallet?
(trilema) nubbins`: now, suppose the trezor instead just displayed private keys
(trilema) nubbins`: plugging a trezor into a computer = plugging a keyboard/mouse into a computer
(trilema) nubbins`: problem is, how does the OS know whether "send all BTC to xyz" is coming from the actual keyboard or the fake trezor?
(trilema) mircea_popescu: i dont know much about trezor, never used it, never considered it.
(trilema) nubbins`: TREZOR
(trilema) nubbins`: trezor
(trilema) kakobrekla: not trezor
(trilema) kakobrekla: i said trezor like
(trilema) nubbins`: trezor
(trilema) kakobrekla: or trezor like device
(trilema) nubbins`: let's discuss why devices like the trezor exist when it's obviously a bad idea
(trilema) nubbins`: and you could make hardware wallets WAY less complicated than the trezor
(trilema) kakobrekla: trezor is slush and company
(trilema) ThickAsThieves: Trezor will be there, isn't someone here involved with that?