With Value Approach, Off The Chain Capital Is Changing The ...

07-13 11:42 - 'I addressed some points mentioned in the video here: [link] / copy-paste below: / ----- / Q: Why didn't you use Secure Element or Secure Chip? / A: We want to keep TREZOR as open as possible (both firmware and hardware are comple...' by /u/stickac removed from /r/Bitcoin within 0-7min

I addressed some points mentioned in the video here: [link]1
copy-paste below:
Q: Why didn't you use Secure Element or Secure Chip?
A: We want to keep TREZOR as open as possible (both firmware and hardware are completely open source and available at our GitHub). If we used Secure Element we would limit hobbyist and hackers in creating their own clones, because you cannot use Secure Element in your design unless you sign a non-disclosure agreement with the vendor. By using standard off the shelf components, we make that really easy. I am aware of Secure Element advantages, but we are trying to fix most disadvantages of generic MCU in the software (see below). Also there is a blog post of a community member gbg describing how he built such clone: [link]2
Q: Why didn't you use epoxy like it was suggested in the video?
A: I see three reasons why use epoxy.
First is to increase the durability of the device. We feel that TREZOR is durable enough even without the epoxy.
Second, to obfuscate components you are using in your design. This is not needed as the design is open source.
Thirdly, to make access to the MCU harder. If you are highly motivated, epoxy will just slow you down, not stop you. Also MCU has disabled JTAG, so there is no need to block access to MCU pins.
Q: What's up with the side channels attacks?
A: Side channel attacked described by Jochen Hoenicke were fixed by rewriting all crypto functions to use constant time. Jochen did almost all of the fixing and we've been collaborating ever since on various security and non-security related improvements. We love our community! Also we ask PIN before every operation involving a private key (e.g. generating of the public key), so even if there was some side channel attack left, you still need to know the PIN to trigger it.
Q: How about MCU glitching?
A: We did our best to protect the MCU against glitching (e.g. when we check the PIN, we first increase the PIN failure count, write it to flash, verify that write was OK, then check whether the PIN was correct and if it was correct then we reset the PIN failure count). That way you cannot glitch the PIN increase write. That said, recently, we received couple of ideas for further improvements from Josh Datko and he'll talk about the issues (and fixes we are together working on) in his Defcon talk later this month: [link]3
Q: My neighbour has an one million dollar microscope equipment and he is examining my TREZOR. Should I worry?
A: No. There is a big difference between attacks on smart cards and TREZOR. If your smart card is stolen and one can read the secrets from it, you can basically do nothing about it. (You don't have the secrets and only attacker has them). TREZOR is a different animal. You have the backup so you can use that to send your funds before the attacker has access to them.
Also we have introduced a concept of so-called passphrase. If you use passphrase, you are requested to enter your passphrase before the signing operation. This passphrase is combined with the secret stored in the device, resulting in creation of a completely new secret key and thus a completely new wallet! If an attacker has successfully extracted the secret from the device and he does not know your passphrase, he still cannot access your funds! Also because passphrase does not act like password (it is not not compared against known value but rather combined with the secret, making every passphrase valid), it provides a plausible deniability. If you are interrogated, you can give any passphrase you want and attacker will see empty wallet. (Or you can use passphrase "lonelypumpkins" where you store millions and passphrase "funnyspirit to create a wallet where you just send a few dollars - to make it look like it's being really used).
For more information about the concepts I described here, please check our FAQ and User Manual: [link]4 [link]5
TL;DR: We try to combine hardware and software effots to create a really open security device. We are not big fans of security through obscurity and we rather introduce smart logical concepts which are unbreakable by design, rather than relying on chance that hardware vendor did the good job obfuscating the design.
Context Link
Go1dfish undelete link
unreddit undelete link
Author: stickac
1: www.e*v*lo*.c*m*forum/bl**/e*vblog-100*-*re*or-bitcoi*-hard*are-w*llet-*e****wn**sg1**52*8/*ms*1255268 2: www.stel*aw.in*o/b*og/2**5**2*22/i-built*m**own-tr**or-*lone-d*n*sa*r*hi*h*p-zero 3: w****efco*.org*h*ml/de*con-25****25-speakers*html#D*tko 4: d*c*sa*oshil*b***om/trezor*faq/ 5: **c.s*toshilabs.com/tr**or*u*e*/
Unknown links are censored to prevent spreading illicit content.
submitted by removalbot to removalbot [link] [comments]

Bitcoin price rally, 22 Oct 2020 - YouTube The Infamous Defcon Bitcoin Briefcase What is Bitcoin's Intrinsic value? DEF CON 22 - Felix Leder - NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It DEF CON 22 - Wesley McGrew- Instrumenting Point-of-Sale Malware

seeing the list of speaker of the next DEF CON 25 (July 27-30, 2017 at Caesars Palace in Las Vegas!) list of speakers I find a very interesting presentation named: BREAKING bitcoi My name is Griffin, next to my good friend Metacortex, we are from the DC801 group, which is based in Salt Lake City, Utah. We want to show something that looks pretty funny and spend a sightseeing tour on the dark side of the Internet. We are both researchers who like to wander through dark […] [ ] Defcon Speaker Discusses Liberating $300K Worth of Bitcoin From an Encrypted File Bitcoin News [ ] Institutional ... But the performance of Off The Chain Capital, a digital currency investment firm that focuses on value investing in bitcoin, tells a different story. As one of the best-performing funds in the space, it has shown that reliable performance and BTC can go hand in hand. “We ... Bitcoin's value has fallen 22 per cent after its most important business Mt. Gox went offline after rumours that $375 million-worth has been stolen. ADVERTISEMENT. The rumoured theft and ... Bitcoin Kurs: "After a couple years the value of Bitcoin increased as bitcoins traded for about $0.30 on January 1, 2011, went to $31.50 about six months later and ended the year at $4.25. 2012 proved to be a less volatile year with the Bitcoin price staying under $15. 2013 - The Insane Bitcoin Price Bitcoin's Value Increases But 2013 is a year to remember in Bitcoin since the Bitcoin value ...

[index] [8631] [25080] [11747] [23744] [49498] [29726] [26937] [13469] [41553] [42483]

Bitcoin price rally, 22 Oct 2020 - YouTube

For more details: MyFinanceTeacher.org FB: https://www.facebook.com/groups/328846917550793 Twitter: [at] MyFinanceTeache Bitcoin price increased a lot in the... In which I meet some clever hardware hackers at Defcon who built this awesome Bitcoin vending briefcase. Like what you see? Donate with Bitcoin to 1JqU22aWrv... the video explains it all ....sorry i couldn't illustrate with real video proof ...i had already deleted the app..... This hurts analysts that wish to continue to work more in-depth on a sample, and reduces the value of such analyses to those who would otherwise be able to use them to learn reverse engineering ... Whether you want to add exotic TV channels, watch right from bit-torrent, or are crazy enough to do bitcoin mining on your TV – you are in charge. We will demonstrate several methods to become ...