Whoa that read like a Tom Clancy novel. I started reading right before we had to go somewhere so I told my wife when we got into the car (I was driving) “please read this out loud”. At the end she and my daughter were completely captivated and wrapped up in the drama.
Then from the backseat I hear my daughter say, “What’s a Bitcoin?”
What the fuck kind of cryptographic hardware security device is unlocked with a PIN and stores the plaintext of the PIN? What cryptosystem generates a recovery key and then stores the recovery key? That is a clown-car vulnerability.
Later
You know what I bet? I bet the PIN check is literally a string comparison, between the input PIN, and a stored "correct" PIN that they decrypt every time you try a PIN.
The recovery key isn’t just used for recovery - every operation is derived from the recovery key. The device has to know it, in plaintext, in order to actually do anything.
> The device has to know it, in plaintext, in order to actually do anything
How so? You can use pins for encryption, I believe that's what tptacek was referring to.
If you use a strong key derivation function with an efficient hardware (i.e. within a few orders of efficiency limits of current generation), while using maybe 10J of energy, will economically protect at least about $1000, or $16000 with an 8 character pin. In practice significantly more because of hardware costs for a parallel attack, and the casual cracker wouldn't be willing to spend that much on a totally uncertain reward. At moderate hardware costs it could take years to crack.
That's how they work - the PIN decrypts the encrypted seed key. However, after decryption, the seed key ("recovery key") is kept around in memory in order to actually be able to sign transactions/etc.
There are a few methods in which they could avoid keeping direct plaintext entries in memory that are difficult to extract without knowing the ROM code.
Here I am sweating about if my hkdf and onioning different aes modes is future-proof enough. It's a good reminder that time to market is the only thing that matters.
> when the Trezor is powered on, its firmware (basically, the Trezor’s operating system) copies its PIN and 24 seed words into the Trezor’s SRAM [...] in an unencrypted form.
> If you do what is called a “soft reset” on the device—accomplished by delicately shorting two pins on its printed circuit board—you can then install the exploit firmware without wiping the SRAM’s memory. This allows you to see your PIN and seed numbers.
There's the primary vulnerability.
I fear there are other vulnerabilities that could defeat the anti-PIN cracking delays...
Old-school pay-tv hackers (Chris Tarnovsky anyone?) would probably have a field-day with micro-probers and more invasive recovery techniques on these hardware wallets. At $100 and in small volumes (plus the cost of flashy UIs and marketing), who knows how secure the silicon is.
The more I think about it, the more I think PIN-enabled wallets are the wrong way to go for long-term storage. Print your recovery words, store them appropriately (not all with one person and/or in one place, etc.) and then crush the generation device. Hopefully its random numbers can't be predicted.
Treat the hardware wallet as securely as the seed words. The advantage is being able to sign and spend from the addresses on the hardware wallet without exposing to an untrusted computer each time you spend.
Nothing is perfect, but I'd trust it after doing a small trial, and maybe my own conversion mapping (e.g. 1=16, 2=14, 3=15, etc.) just to satisfy some amount of paranoia.
That's a funny story. He may have got lucky: if he hadn't been locked out for so long, he may have been tempted to sell the bitcoins after the value doubled or so.
He put the recovery code (only copy) under his daughter‘s pillow and then forgot about that? How stupid is that?
A big folder with emergency/in case of death information (including Bitcoin recovery codes, but also, oh maybe banking information, which insurance companies you‘ve used, a will, medical directives etc., would have been a better idea.
And then put it where you keep big folders and people will actually find it when they‘re looking for it while in distress.
„My father died, he has this shelve with document folders, but let‘s ignore that and search my room“ said nobody ever.
That is where a thief would search too. You have the possibility to store those things at a bank for example but this leads to other problems (what is it your are on a run). Or you dig a hole in your garden only to forget the exact location. There is no distinct answer to where should I store those I think.
This article compelled me to go back and find old wallets that I may have left trace amount of BTC in when last I was mining in 2011 or so. So far I've found 1.09 BTC combined between them! Thanks article for compelling me to search the couch cushions for $6k!
> This decentralized nature of the bitcoin network is not without consequences—the main one being that if you screw up, it’s your own damn problem.
This is going to be a deal-breaker for most people. For mass adoption, you'll need bitcoins to be held by institutions that take responsibility for screwups like lost keys (ie, banks).
It's not a "problem with bitcoin" per se, it just means that bitcoin will have to be supported by banks in the same way that cash is - your assets are kept in an account that the bank is responsible for and you only hold a small amount of cash at a time - for it to be useful to people.
There are institutions that do that with multisignature addresses. Thats been around for probably longer than you knew about bitcoin, so there goes your rebuttal.
It's not a technical problem, it's an institutional problem - really multisig is probably worse than just having the bank hold the keys, as it makes it possible for users to lose their money by doing something stupid with their key.
2 of 3 multisig would work with the user having two keys, and one key being authorized by 2 factor authentication. When the user loses their non 2 factor key, they just have the 2 factor one and the institution. The institution can authorize the transaction to move their money to a new address with new keys.
I don't read wired, so not sure if my story is similar, but I have a damage hard drive with 30+ coins on it. It may be worth trying a little harder to restore it...
Just how is the hard drive damaged? Most of the time... the data is fine, but some board-level component died.
Lots of people out there are capable of swapping boards from the drive and swapping the chips storing any user-specific data , then enabling access to the data.
I used to have somewhere around 100 in a wallet from the early days when bitcoin fountains were still a thing. Platters are shattered and no backups, I thought I had it backed up, but it's gone. I can't tell you how many times I've searched for a way to recover that wallet.
choose a date that's significant for you as well as a stock ticker. lookup the closing price of that stock on that date. That's your password, and you'll probably never forget it unless you have Alzheimers.
I manually changed it to lowercase since after I copied it, it was all caps. I was posting from my phone (hard to edit things there) in between talking to my mom about unrelated things.
Then from the backseat I hear my daughter say, “What’s a Bitcoin?”