Trezor is dead

Op here, welcome.

As an electronic engineer, nothing can be done for already sold units.
The chip itself has a fault AND the software didn't crypt data on RAM.
So, else if you reprogram it, there is no way to fix already sold unit.

Internal acces not required but simpler than messing with USB power lines.

i just use a cheap offline machine and double encrypted usb sticks (blowfish and aes256)
why not more people just airgap ?

Because spending the coins is a more involved process than simply sticking your hardware wallet in.

But I agree, it's the better option.

All you have to do is turn on encryption, and nobody will be able to steal shit even if they were to do this attack.

doc.satoshilabs.com/trezor-user/advanced_settings.html

It have to be tested.

This attack dumps the RAM, not the ROM.
So, data may be encrypted on ROM, if at start, you uncrypt everything and keep it in RAM, it's unsecure.

I really see no purpose in these, why don't people just keep their coins/wallet/keys on truecrypt encrypted USBs?

>truecrypt
Isnt that obselete ?, are you suppose to use veracrypt now

Doesn't make any sense. No security. You would need an offline PC either way to get similiar functionality.

>Dead
>Post medium FUD with wrong information
>Post about old issue that Trezor ALREADY fixed
>Doesn't go out and look at the information
>Just believes what he's told like a good goy
>Doesn't know that if you have a PW you're fine
>Doesn't know that if your wallet is hidden you're fine

>Coinbase

>PC

>Literally can't research on his own

>USB sticks

>truecrypt

The minority of Veeky Forums are alright but there is a majority of you ignorant fools. You people are going to run crypto straight into the ground if you don't get your shit together.

Fuck you I want to be spoonfed

i just wrote down my public key and the private in safe in bank double encrypted is bad idea? i wont sell out to fuckin whales anyway

the encryption works by turning your passphrase into a 25th word of the seed, and even you cannot get your coins out if you forget that word. The only way to hack it then is to get that word from you. You could literally just tell them your recovery seed, and they still wouldn't be able to do shit.

just do a firmware update, this has been fixed...

Trezor is colluding with blochstream...

Security model is broken by design. ST microcontrolles can't provide the encryption primitives needed to securely store the private keys.

So even if they update the firmware, a forencics specialist could still dump everything.

HOW THE FUCK YOU GUYS AREN'T DOING COLD STORAGE WITH ONE OFFLINE & ONE ONLINE PC: cryptocompare.com/wallets/guides/how-to-make-a-bitcoin-offline-transaction/

this

who the FUCK needs a "hardware wallet" when you can just use a flash drive

you need a flash drive and an airgapped computer, plus it's annoying as fuck to have to move Txs between your airgapped machine and your internet-connected one

With that said I (sort of) do it that way because I don't trust any of this hardware. I have a $20 pi exposed on my LAN with only port 22 accessible where I sign my Txs and then scp the Tx to my main machine. I keep an encrypted backup of my wallet seed on my main machine and the encryption password in a keepass db. I store the encrypted seed on OneDrive and the encrypted KeePassDB on google drive. I also have two flash drives, one to hold my wallets and the other to hold my keepassdb. I keep one at work and one at home.

Everything women touch turns to shit

At this point I just use paper wallets and create a few backups.

If I can't understand every single possible nuance of it, I'm not using it. I use bitaddress.org only, on an offline computer, have read through the open source and understand all the hashing and all that, and then encrypt that and copy it by hand onto paper wallets because printers store what they print temporarily and I don't want that.

So I'm pretty good here.