Bitcoin value plummets as MtGox exchange goes offline

07-13 11:42 - 'I addressed some points mentioned in the video here: [link] / copy-paste below: / ----- / Q: Why didn't you use Secure Element or Secure Chip? / A: We want to keep TREZOR as open as possible (both firmware and hardware are comple...' by /u/stickac removed from /r/Bitcoin within 0-7min

'''
I addressed some points mentioned in the video here: [link]1
copy-paste below:
Q: Why didn't you use Secure Element or Secure Chip?
A: We want to keep TREZOR as open as possible (both firmware and hardware are completely open source and available at our GitHub). If we used Secure Element we would limit hobbyist and hackers in creating their own clones, because you cannot use Secure Element in your design unless you sign a non-disclosure agreement with the vendor. By using standard off the shelf components, we make that really easy. I am aware of Secure Element advantages, but we are trying to fix most disadvantages of generic MCU in the software (see below). Also there is a blog post of a community member gbg describing how he built such clone: [link]2
Q: Why didn't you use epoxy like it was suggested in the video?
A: I see three reasons why use epoxy.
First is to increase the durability of the device. We feel that TREZOR is durable enough even without the epoxy.
Second, to obfuscate components you are using in your design. This is not needed as the design is open source.
Thirdly, to make access to the MCU harder. If you are highly motivated, epoxy will just slow you down, not stop you. Also MCU has disabled JTAG, so there is no need to block access to MCU pins.
Q: What's up with the side channels attacks?
A: Side channel attacked described by Jochen Hoenicke were fixed by rewriting all crypto functions to use constant time. Jochen did almost all of the fixing and we've been collaborating ever since on various security and non-security related improvements. We love our community! Also we ask PIN before every operation involving a private key (e.g. generating of the public key), so even if there was some side channel attack left, you still need to know the PIN to trigger it.
Q: How about MCU glitching?
A: We did our best to protect the MCU against glitching (e.g. when we check the PIN, we first increase the PIN failure count, write it to flash, verify that write was OK, then check whether the PIN was correct and if it was correct then we reset the PIN failure count). That way you cannot glitch the PIN increase write. That said, recently, we received couple of ideas for further improvements from Josh Datko and he'll talk about the issues (and fixes we are together working on) in his Defcon talk later this month: [link]3
Q: My neighbour has an one million dollar microscope equipment and he is examining my TREZOR. Should I worry?
A: No. There is a big difference between attacks on smart cards and TREZOR. If your smart card is stolen and one can read the secrets from it, you can basically do nothing about it. (You don't have the secrets and only attacker has them). TREZOR is a different animal. You have the backup so you can use that to send your funds before the attacker has access to them.
Also we have introduced a concept of so-called passphrase. If you use passphrase, you are requested to enter your passphrase before the signing operation. This passphrase is combined with the secret stored in the device, resulting in creation of a completely new secret key and thus a completely new wallet! If an attacker has successfully extracted the secret from the device and he does not know your passphrase, he still cannot access your funds! Also because passphrase does not act like password (it is not not compared against known value but rather combined with the secret, making every passphrase valid), it provides a plausible deniability. If you are interrogated, you can give any passphrase you want and attacker will see empty wallet. (Or you can use passphrase "lonelypumpkins" where you store millions and passphrase "funnyspirit to create a wallet where you just send a few dollars - to make it look like it's being really used).
For more information about the concepts I described here, please check our FAQ and User Manual: [link]4 [link]5
TL;DR: We try to combine hardware and software effots to create a really open security device. We are not big fans of security through obscurity and we rather introduce smart logical concepts which are unbreakable by design, rather than relying on chance that hardware vendor did the good job obfuscating the design.
'''
Context Link
Go1dfish undelete link
unreddit undelete link
Author: stickac
1: www.e*v*lo*.c*m*forum/bl**/e*vblog-100*-*re*or-bitcoi*-hard*are-w*llet-*e****wn**sg1**52*8/*ms*1255268 2: www.stel*aw.in*o/b*og/2**5**2*22/i-built*m**own-tr**or-*lone-d*n*sa*r*hi*h*p-zero 3: w****efco*.org*h*ml/de*con-25****25-speakers*html#D*tko 4: d*c*sa*oshil*b***om/trezor*faq/ 5: **c.s*toshilabs.com/tr**or*u*e*/
Unknown links are censored to prevent spreading illicit content.
submitted by removalbot to removalbot [link] [comments]

The Infamous Defcon Bitcoin Briefcase DEF CON 22 - Wesley McGrew- Instrumenting Point-of-Sale Malware SCAM BITCOIN GENERATOR HACK ARE SCAM... ADDRESS THIEF. DefCon 22 Conference Videos - YouTube DEF CON 22 - Felix Leder - NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It

As is their wont, each faction described the growth of WBTC tokens, whose value is pegged one-to-one against a locked-up reserve of actual bitcoin, as proof of their coin’s superiority over the other. The Ethereum crowd said it showed that even BTC “hodlers” believe Ethereum-based applications provide a better off-chain transaction experience than platforms built on Bitcoin, such as ... I will cover bitcoin and bitcoin mining. After we know about how bitcoin works, we will cover purchasing items. I will cover purchasing PO Box's and the pickup of packages. Finally I will finish up with some concerns you may want to be aware of and my recommendations to help make the use of TOR, Bitcoin, and Marketplaces more secure. Started in 1992 by the Dark Tangent, DEF CON is the world's longest running and largest underground hacking conference. Hackers, corporate IT professionals, and three letter government agencies all converge on Las Vegas every summer to absorb cutting edge hacking research from the most brilliant minds in the world and test their skills in contests of hacking might. [ ] Defcon Speaker Discusses Liberating $300K Worth of Bitcoin From an Encrypted File Bitcoin News [ ] Institutional ... But the performance of Off The Chain Capital, a digital currency investment firm that focuses on value investing in bitcoin, tells a different story. As one of the best-performing funds in the space, it has shown that reliable performance and BTC can go hand in hand. “We ... Bitcoin's value has fallen 22 per cent after its most important business Mt. Gox went offline after rumours that $375 million-worth has been stolen. ADVERTISEMENT. The rumoured theft and ...

[index] [50723] [44294] [139] [28712] [50833] [9939] [6629] [44414] [13614] [18171]

The Infamous Defcon Bitcoin Briefcase

Whether you want to add exotic TV channels, watch right from bit-torrent, or are crazy enough to do bitcoin mining on your TV – you are in charge. We will demonstrate several methods to become ... For more details: MyFinanceTeacher.org FB: https://www.facebook.com/groups/328846917550793 Twitter: [at] MyFinanceTeache Bitcoin price increased a lot in the... the video explains it all ....sorry i couldn't illustrate with real video proof ...i had already deleted the app..... In which I meet some clever hardware hackers at Defcon who built this awesome Bitcoin vending briefcase. Like what you see? Donate with Bitcoin to 1JqU22aWrv... Educate yourself on how to trade Bitcoin correctly, just like I have done. If you take all 3 levels, the last level is jaw-dropping as you will learn how to buy stocks for free. Get a $50 discount ...

#