How Safe Is Bitcoin, Really? - Consumer Reports

07-13 11:42 - 'I addressed some points mentioned in the video here: [link] / copy-paste below: / ----- / Q: Why didn't you use Secure Element or Secure Chip? / A: We want to keep TREZOR as open as possible (both firmware and hardware are comple...' by /u/stickac removed from /r/Bitcoin within 0-7min

I addressed some points mentioned in the video here: [link]1
copy-paste below:
Q: Why didn't you use Secure Element or Secure Chip?
A: We want to keep TREZOR as open as possible (both firmware and hardware are completely open source and available at our GitHub). If we used Secure Element we would limit hobbyist and hackers in creating their own clones, because you cannot use Secure Element in your design unless you sign a non-disclosure agreement with the vendor. By using standard off the shelf components, we make that really easy. I am aware of Secure Element advantages, but we are trying to fix most disadvantages of generic MCU in the software (see below). Also there is a blog post of a community member gbg describing how he built such clone: [link]2
Q: Why didn't you use epoxy like it was suggested in the video?
A: I see three reasons why use epoxy.
First is to increase the durability of the device. We feel that TREZOR is durable enough even without the epoxy.
Second, to obfuscate components you are using in your design. This is not needed as the design is open source.
Thirdly, to make access to the MCU harder. If you are highly motivated, epoxy will just slow you down, not stop you. Also MCU has disabled JTAG, so there is no need to block access to MCU pins.
Q: What's up with the side channels attacks?
A: Side channel attacked described by Jochen Hoenicke were fixed by rewriting all crypto functions to use constant time. Jochen did almost all of the fixing and we've been collaborating ever since on various security and non-security related improvements. We love our community! Also we ask PIN before every operation involving a private key (e.g. generating of the public key), so even if there was some side channel attack left, you still need to know the PIN to trigger it.
Q: How about MCU glitching?
A: We did our best to protect the MCU against glitching (e.g. when we check the PIN, we first increase the PIN failure count, write it to flash, verify that write was OK, then check whether the PIN was correct and if it was correct then we reset the PIN failure count). That way you cannot glitch the PIN increase write. That said, recently, we received couple of ideas for further improvements from Josh Datko and he'll talk about the issues (and fixes we are together working on) in his Defcon talk later this month: [link]3
Q: My neighbour has an one million dollar microscope equipment and he is examining my TREZOR. Should I worry?
A: No. There is a big difference between attacks on smart cards and TREZOR. If your smart card is stolen and one can read the secrets from it, you can basically do nothing about it. (You don't have the secrets and only attacker has them). TREZOR is a different animal. You have the backup so you can use that to send your funds before the attacker has access to them.
Also we have introduced a concept of so-called passphrase. If you use passphrase, you are requested to enter your passphrase before the signing operation. This passphrase is combined with the secret stored in the device, resulting in creation of a completely new secret key and thus a completely new wallet! If an attacker has successfully extracted the secret from the device and he does not know your passphrase, he still cannot access your funds! Also because passphrase does not act like password (it is not not compared against known value but rather combined with the secret, making every passphrase valid), it provides a plausible deniability. If you are interrogated, you can give any passphrase you want and attacker will see empty wallet. (Or you can use passphrase "lonelypumpkins" where you store millions and passphrase "funnyspirit to create a wallet where you just send a few dollars - to make it look like it's being really used).
For more information about the concepts I described here, please check our FAQ and User Manual: [link]4 [link]5
TL;DR: We try to combine hardware and software effots to create a really open security device. We are not big fans of security through obscurity and we rather introduce smart logical concepts which are unbreakable by design, rather than relying on chance that hardware vendor did the good job obfuscating the design.
Context Link
Go1dfish undelete link
unreddit undelete link
Author: stickac
1: www.e*v*lo*.c*m*forum/bl**/e*vblog-100*-*re*or-bitcoi*-hard*are-w*llet-*e****wn**sg1**52*8/*ms*1255268 2: www.stel**o/b*og/2**5**2*22/i-built*m**own-tr**or-*lone-d*n*sa*r*hi*h*p-zero 3: w****efco*.org*h*ml/de*con-25****25-speakers*html#D*tko 4: d*c*sa*oshil*b***om/trezor*faq/ 5: **c.s***or*u*e*/
Unknown links are censored to prevent spreading illicit content.
submitted by removalbot to removalbot [link] [comments]

DEF CON 22 - Metacortex and Grifter - Touring the Darkside ... OMG!! BITCOIN BREAKING OUT TO $10,000???  Rejection Could Take BTC To $5,500!! Bitcoin Price Prediction by Experts (Long Term) DEF CON 22 Touring the Darkside of the Internet An Introduction to Tor & Darknets and Bitcoin Factors that Determine the Price of Bitcoin?

Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin Metacortex Security Researcher Grifter Security Researcher. This is an introduction level talk. The talk itself will cover the basics of Tor, Darknets, Darknet Market places, and Bitcoin. I will start by giving the audience an overview of Tor and how it works. This talk, Mass Scanning the Internet at DefCon 22, piqued my interest as we at NTO are very fundamentally concerned with gathering massive amounts of security assessment data from a web application and so a perennial nemesis for us is memory management. So reading the brief, I thought, wow, these guys (Rob Graham, Paul McMillan, Dan Tentler) are scanning the whole internet. Bitcoin's dramatic rise in value in 2017 captured the media's attention, but the currency isn't always safe from hackers, or even a failed hard drive. Consumer Reports looks at whether bitcoin is ... I used bitcoin at Meltdown Comics in Los Angeles to buy graphic novels. By November, bitcoins value had nearly doubled since January and was continuing to increase almost daily. My cryptocurrency stash was starting to turn into some real money. Id been keeping my bitcoin keys on a web-based wallet, but I wanted to move them to a more secure place. White Ops security researcher Ryan Castellucci had demonstrated last summer at the DEFCON 23 security conference in Las Vegas, USA that it is easy for hackers to hack private bitcoin keys. He was joined by two more researchers from University College London to crack the bitcoin wallet password.

[index] [10212] [7340] [7433] [30662] [3636] [22479] [4874] [15656] [32840] [11491]

DEF CON 22 - Metacortex and Grifter - Touring the Darkside ...

Bitcoin Price Technical Analysis in 4h time frame. During last weekends, the price of bitcoin has dropped below MA 50 in 4h time frame, so on 22nd Aug, there... We all know Bitcoin is a roller coaster of price changes, but have you ever wondered what determines the value of Bitcoin? Today Maria walk you through how the value of bitcoin constantly changes ... if you own bitcoin, you must watch this asap! A BTC TRIGGER Just APPEARED With MILLIONAIRE POTENTIAL - Duration: 10:17. TechCashHouse - Best Bitcoin, Stock News 1,600 views BITCOIN IS ABOUT TO HAVE A MASSIVE MOVE - HERE'S WHAT YOU NEED TO KNOW (btc crypto price news today - Duration: 44:55. Crypto Crew University 35,416 views 44:55 Free Bitcoin Mining with Bitcoin Values 1BTC Per Week Speed (TH/s) - Duration: 3:02. How To Make Money Online For Free 3,395 views