Hi Felix, I've got one of this device ! Work like a charm ! Love the idea that everything was encrypt inside of the device, nothing on the computer. Try to restore my wallet, again no problem !!!
I will love to see one of this device for PGP. I'm thinking to use a smartcard inside Gemalto K50 but on a computer without GPG is useless... Same thing about NitroKeys Last thing: For Trezor, you have to install a bridge compatible on Windows, MacOSX and Linux. Of course, source code is available: https://github.com/trezor/trezord 2015-03-06 13:50 GMT+01:00 Felix E. Klee <felix.k...@inka.de>: > Yesterday in Las Palmas de Gran Canaria, I attended a [talk][1] by Marek > Palatinus, one of the relatively early Bitcoin miners and cofounder of > [SatoshiLabs][2]. He gave an introduction to his path into Bitcoin, and > things that went wrong, and then he presented the [Trezor][3] crypto > device. > > The Trezor has a little display and two buttons. It generates and stores > your private key which is used for identifying your address in the > Bitcoin network. The Bitcoins that you own are associated with your > address. Connected via USB to a computer, the Trezor signs Bitcoin > transactions. > > Marek later explained to me that the Bitcoin crypto standard is > different from those used with PGP. > > After the talk, I hammered him with questions: > > * What if I lose the device or if it breaks? For backup, the device > presents a list of 24 English words, that the user should write down > and keep on paper in a safe place. Using this list, the private key > can be recreated. > > * What if Eve wants to access the device without my authorization? > There is a PIN. > > * How is the key generated? With an RNG on the device, using entropy > gathered from the connected computer. > > * There’s no PIN pad on the device; Couldn’t malware sniff the PIN? > The device has a little screen that displays a matrix of nine > numbers. On the computer’s screen appears the same matrix without > numbers, and one clicks on these with the mouse. > > * Do I have to enter the PIN for every transaction? Only once, then > the device remains activated. > > * Once the device is activated, couldn’t malware do arbitrary > transactions? For every transaction there is information displayed > on the device’s display, and it has to be confirmed with the press > of a button on the device. > > * Can I trust the firmware? [Source code][4] is available. Users can > check the code, compile it, and flash their own version. > > * What if Eve modifies the firmware in a malignant way and flashs it > to the device? Flashing unsigned firmware causes the private key to > be erased by the bootloader. > > * Can I trust the bootloader? Source code is available as well. > > Of course there could still be backdoors. However, at the moment I > cannot see what can be done better, other than building your own > hardware, ideally down to chip manufacturing level. > > [1]: http://www.meetup.com/lpa-tech/events/220413356/ > [2]: http://satoshilabs.com/ > [3]: http://satoshilabs.com/trezor/ > [4]: https://github.com/trezor/ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Antoine Michard
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
