tmsr - Search: from:asciilifeform trezor

asciilifeform: https://github.com/trezor/trezor-mcu/blob/master/firmware/signing.c << lollamatic, support for segshitness etc

asciilifeform: static const auto https_privkey_uri = "https://wallet.trezor.io/data/bridge/cert/localback.key";

asciilifeform: static const auto https_cert_uri = "https://wallet.trezor.io/data/bridge/cert/localback.crt";

asciilifeform: re the trezor nonsense -- it's the , what' 8th year of btc, and still nobody made the obvious sanewallet - txmaker runs from rom, and eats privkey when-required via paper tape

asciilifeform: !#s from:asciilifeform trezor

asciilifeform: http://btcbase.org/log/2017-04-02#1636123 << lol, luke-jr 'Core Developer' ; Mycelium; Electrum; TREZOR; misc. crapola ☝︎

asciilifeform: as i pointed out a year+ ago, a trezor plugged into a specially-instrumented but visually uninteresting pc will give up its key.

asciilifeform: (and also i will add that trezor has a considerably simpler orifice, but we digress, folks who read the logz know what it is)

asciilifeform: 'KeepKey is actually a fork of the Trezor project. We have maintained compatibility through development, and are compatible with Trezor v1.3.3.' << l0l

asciilifeform: speaking of, last i checked, 'trezor' was still reflashable from the usb jack. ☟︎☟︎

asciilifeform: trezor news << For the love of god, Montrezor!

asciilifeform: mircea_popescu: ... gmaxwell aware enough to notice [one of] trezor holes. << the differential power thing is plain as daylight to anyone who has seen the published schematic.

asciilifeform: the reason i even bothered to respond to the trezor thing is to share the hypothesis that all of the available products are dumb because the problem they are 'solving' - is dumb.

asciilifeform: kakobrekla: use the python tools to do anything with the Trezor << one of these days, someone should explain to me why a gadget like 'trezor' is necessary

asciilifeform: http://doc.satoshilabs.com/trezor-tech/hardware.html

asciilifeform: jurov: if you mean my widget - as soon as it's done. but please remember that it does not serve the same purpose as 'trezor.'

asciilifeform: note that i have never touched, smelled, used, 'trezor.' all i know comes from the manufacturer's specs.

asciilifeform: artifexd, jurov: 'trezor' uses arm's satanic rng for ecdsa signing nonce. if this bothers you (it bothers me) - don't use.

asciilifeform: antephialtic: re: trezor: open the widget and let it speak for itself.

asciilifeform: novusordo: what does trezor look like to host machine? tty ?

asciilifeform: novusordo: what prompts? last i saw, 'trezor' had no keyboard

asciilifeform: ninjashogun: there is sufficient information available about 'trezor' to learn the answer to this. but please do own homework

asciilifeform: ninjashogun: anyway, take this to the 'trezor' folks, not me. i've personally no interest in manufacturing 'lukewarm wallets.'

asciilifeform: that'd be something like 'trezor'

asciilifeform: ninjashogun: i think you have the wrong address. that'd be 'trezor' et al.

asciilifeform: but tell the 'trezor' etc. folks that.

asciilifeform: the 'trezor' stuff is almost physically painful to read. it's as if they knew every single correct design decision, and did... the exact opposite.

asciilifeform: https://github.com/trezor

asciilifeform: trezor's published code is curiously missing the interesting bits.

asciilifeform: mircea_popescu: the trezor folks took preorders !?!11!

asciilifeform: 'It’s not clear how you would build a secure way to initialise the Trezor, as you’d need to use an untrusted computer to present trusted keys into the device. A virus (MITM) could intercept and rewrite the keys as they were being loaded into the device. Unless you had key fingerprints written down on paper, it’d be impossible to notice a mismatch. Pre-agreed root certs installed at the factory solve this

asciilifeform: difficult, lacking a trezor

asciilifeform: 'trezor' appears to use a cheapo consumer ARM

asciilifeform: when was 'trezor' 1st announced?

asciilifeform: wait, maybe trezor isn't u.s. based

asciilifeform: how do the 'trezor' folks even get away with shipping the damn thing internationally without publishing source?

asciilifeform: https://github.com/trezor contains no source for the embedded micro, as far as i can see.

asciilifeform: http://www.bitcointrezor.com/news/celebrate-day-of-bitcoin-trezor

asciilifeform: anybody here get hold of a 'trezor' and pick it apart?

asciilifeform: 'Now the Trezor is fully deterministic device...'

asciilifeform: https://github.com/trezor/rng-test/blob/master/dev_random_1.dieharder

asciilifeform: https://github.com/trezor/rng-test

asciilifeform: phun phact: 'trezor' machine uses vendor's on-chip TRNG.

asciilifeform: wat's a trezor