
Trezor - a hardware bitcoin wallet, now open for pre-orders  - rplnt
http://www.bitcointrezor.com/
======
Ixiaus
Cool idea, it reminds of an IronKey but for Bitcoin; I'm frustrated that there
isn't any solid or easily findable technical information about the device
though!

When I click on "About Trezor" it takes me to...a brief overview? I would
expect that link to be a much more thorough explanation of _what_ Trezor is,
how it works, and why I should buy it.

Why would Trezor be better than an IronKey? Is it a push button interface for
sending bitcoins? Does it just store my wallet or is it running a bitcoin
client? I read it works with most bitcoin clients, what does that mean? What
are the buttons for?

If it's just _storing my wallet_ what kind of encryption is the device using?
Does the device have hardware-based tamper proofing (IronKeys will self-
destruct after X number of failed passphrase entries, it will self-destruct if
someone tries to physically tamper with it)?

~~~
vertex-four
What I get from the video is that it stores the wallet - a set of public and
private keys for your addresses, along with a list of transactions to/from
those addresses - and signs transactions.

Bitcoin clients will implement support for reading the list of transactions
to/from your addresses to figure out how much money you have. They will also
implement support for using the device to sign transactions, so the private
keys never touch your computer, and therefore a compromised computer cannot
steal bitcoins without the device prompting the user to confirm the
transaction.

As the device is a single-purpose computer, likely running the absolute
minimum code necessary to implement transaction signing, it should be
significantly more secure than your PC just there. And you can easily
physically secure it in any way you want, whether that's carrying it around
with you at all times or locking it in a safe. Anything over that is a bonus,
in my eyes.

I do not currently use Bitcoins, at least partially due to security concerns,
but with this, I would be very interested.

~~~
sliverstorm
The transactions are stored by the bitcoin network, so the device probably
only stores the public and private keys for your addresses, nothing else.

------
miles
What happens when it breaks, gets lost, etc?

A paper wallet (copied to several secure locations) seems safer, if less
convenient:
[https://en.bitcoin.it/wiki/Paper_wallet](https://en.bitcoin.it/wiki/Paper_wallet)

EDIT: Thanks to rplnt[1] for the Bitcointalk forum post link[2]. According to
one of the apparent Trezor creators, _" No need for periodic backups, writing
down the seed to paper during the device initialization will be enough
forever"_

[1]
[https://news.ycombinator.com/item?id=5880849](https://news.ycombinator.com/item?id=5880849)

[2]
[https://bitcointalk.org/index.php?topic=122438.0](https://bitcointalk.org/index.php?topic=122438.0)

~~~
mrb
Generally speaking, most hardware wallets let the end-user re-initialize the
device based on a seed (a random number). So as long as you save this seed
securely (eg. printed on paper and stored in a safe) you can clone the wallet
and recover your coins if you lose it.

I don't know if Trezor has this feature or not.

~~~
miles
Thanks for your reply, mrb. When you say that the wallet can be cloned, would
it require another physical Trezor unit? If so, that would seem to be a
potential downside vs. a regular paper wallet.

~~~
mrb
It would not require another physical wallet. The algorithm creating the
Bitcoin addresses from the seed does not need to be made secret, and could be
run on a computer, for example, then you could re-import the Bitcoin addresses
and the coins into a software wallet.

------
slg
This is a very interesting idea. However I think the ordering process for this
highlights a crucial problem with Bitcoin, instability of value. They aren't
planning to deliver the device for four to five months. Using the last four
months as prediction of future fluctuation in Bitcoin value (insert usual
caveat about past performance predicting future performance), the more
expensive version of the device could cost anywhere from $100 to $700 USD when
you actually receive the product.

~~~
auctiontheory
If you pre-order with one Bitcoin today, then you paid the dollar value of one
Bitcoin today, plus transaction costs. Future fluctuations in Bitcoin value
are irrelevant.

~~~
sliverstorm
I would agree with you if it wasn't a pre-order. You pay, you get your goods,
deal closed.

With a pre-order on the other hand, you give them the money and you get
nothing for four months. Probably longer.

~~~
unclebucknasty
I'm not sure I see the difference. Once you've commited your 1 Bitcoin at
today's value, you have effectively paid that price, irrespective of when you
receive the product.

If the value of Bitcoin fluctuates between now and the time you receive your
product, then you may "lose" or "win", but that's a chance you take, even with
the product in hand. In other words, there is still the possibility that your
1 Bitcoin could have allowed you to purchase something more valuable than the
product in hand at some point down the road.

Seems that the only thing you give up with a preorder is the interest
potential or use of the money for some period before receiving the value (i.e.
product). But, that would be the case with a preorder irrespective of the
currency used.

------
rglullis
1-3 BTC is way too much. This should cost at most as much as a very cheap mp3
player. At the current USD-BTC exchange rate, this means no more than 0.2-0.4
BTC

I understand they have upfront costs, but they could work out a campaign where
the cost per unit goes down as they reach certain sales goals.

~~~
tlrobinson
I don't doubt the price will drop as they become more popular (it's probably a
few dollars worth of raw hardware), but right now it's a fairly niche product.

"a campaign where the cost per unit goes down as they reach certain sales
goals."

That's an interesting idea. It gives purchasers an incentive to promote the
campaign, as opposed to "early bird" specials which incentivises early
purchasers, but almost disincentivises later purchasers.

This has been done on Kickstarter and software bundles like MacHeist in the
form of "unlocking" additional rewards, but I don't think I've ever seen them
actually lower the price if they hit certain goals.

~~~
ruswick
It seems as though this model will merely deter possible buyers. Why would I
pay a premium now when I can wait a few days, let others incur the initial,
inflated cost, and then purchase my thing at a substantially lower cost?

This phenomenon, where people wait until the last minute to go in on a
product, is already pervasive on Kickstarter. (I'm not entirely sure why, but
the most obvious reason is that people want to ensure that the project will
definitely be funded or will attain some sort of stretch-reward before
buying). Dynamic price-lowering will only exacerbate this trend, discourage
initial purchases, and likely produce more failed projects.

~~~
rglullis
You got it backwards. Think of a model where you initially commit to pay full
price, but everyone gets a discount that increases as sales targets are met.
It would be no different than any "refer-a-friend" discount that you see at
gym clubs or satellite subscriptions.

------
gsibble
I want one badly, but this is simply too expensive. $100 for that little
device in plastic and $300 (3x more) for it in metal? Outrageous.

~~~
marssaxman
Think of this pitch as being less like a normal retail product and more like a
self-organized kickstarter campaign. You are not paying for the device, you
are paying for their living expenses and prototyping costs while they spend
the months it will take to get the device ready for production. Hardware
engineering is an unbelievably slow and tedious process if you are used to
software development. On top of that, the material costs can be substantial.
It is not uncommon for the cost of a pre-production prototype to be 50-100x
that of the final manufactured version.

I happen to be working on a design for a small electronic device in my free
time. It is a much simpler device than the Trezor, and the ultimate
manufacturing cost per unit will be around $5, despite its simplicity, because
I'll only be making a few dozen of them. Cost for the first prototype will be
close to $90, accounting for my time at $0/hr. If I get it wrong, I will have
to redesign it and build another one. Hardware is expensive.

~~~
ruswick
> _Think of this pitch as being less like a normal retail product and more
> like a self-organized kickstarter campaign. You are not paying for the
> device, you are paying for their living expenses and prototyping costs while
> they spend the months it will take to get the device ready for production._

This is why I'm not as infatuated with crowdfunding as everyone else. Because
individual customers are supposed to supplant traditional investors, initial
costs are much higher for customers because we have to subsidize research,
cost-of-living, etc. Moreover, we also incur all of the risk (which is
formidable, considering the volume of failed projects and the ubiquity of
scams on many crowdfunding sites).

I don't understand why I, as a consumer, would prefer a system where all of
the cost and all of the risk are precipitated onto me, instead of onto the
country's investment apparatus.

Better all these guys spend some rich VC's money than spend mine.

------
dobbsbob
I dont pre order anything bitcoin related after numerous vaporware and the BFL
saga which is still ongoing.

~~~
wmf
It's a shame that the standard terms in the Bitcoin world are now 100% paid 6
months in advance preorders. I realize that Bitcoin has attracted a lot of
get-rich-quick suckers, but it seems like Bitcoin companies are trying to
drive away any non-suckers. Or maybe this is just what a race to the bottom
looks like.

~~~
sneak
> It's a shame that the standard terms in the Bitcoin world are now 100% paid
> 6 months in advance preorders.

It's not "a shame" because it's what individual market participants each chose
to tolerate. If you don't like it, offer better terms and steal their
business, but don't complain about other people's voluntary acceptance of
transaction terms.

~~~
wmf
I don't think honest businesses can compete on a level playing field with
companies that are indistinguishable from scams. Hence stuff like the FTC,
although I realize many Bitcoiners would like to try a world without such
regulation.

------
randall
It'd be cool if you could do NFC or some other method, so you could couple it
with a mobile device. USB is great, but some less wired approach makes this
even cooler. (for v2, obviously.)

Something like this makes me think the future of currency is bitcoin, or
something like bitcoin.

~~~
foley
I'm working on an NFC card for Bitcoin for my final year engineering project.
Aiming for a credit card sized final product.

------
swalsh
This is one of the first times i've seen the round number price in BTC rather
than USD.

------
gesman
I don't think people need yet another dedicated gadget that is no matter how
secure - prone to be lost and potentially misused.

I'd probably steer toward Yubikey as it's more universal and solves the same
problem - keyloggers and malware.

~~~
rplnt
How does Yubikey protects you from malware? I'm genuinely curious as from the
overview it seems to only store passwords?

As for the misuse, the device can be PIN protected (it's not much but saves
you some time to transfer the bitcoins).

~~~
specialp
Yubikey does not store passwords, it generates them. It generates one time
passwords for two factor authorization that expire very quickly. So if your
password is stolen, the attacker would also need your Yubikey to generate a
one time password that can be verified by Yubikey with your device. The
Yubikey plugs in USB and acts like a keyboard typing in the password when you
hit the button

~~~
rplnt
I see. So it doesn't protect your private keys.

------
finnw
I can see firmware updates being a problem.

If the malware can hijack the firmware update process, then it copy itself
onto the Trezor (making the device worse than useless.)

I assume it will display a fingerprint of the new firmware and the user will
need to press the button (like with a BTC transaction.) Still, a few users
will probably be caught out by this.

Unless they Tivoize it (then the "open source" claim is rather dubious, but I
think this may be the best solution anyway.)

So don't buy a used one.

~~~
marssaxman
What firmware update process are you talking about?

~~~
jzwinck
If there is no firmware update process that may be even more reason to avoid
buying a used Trezor. No process to authenticate a device of untrusted
provenance, yet bad actors could still figure out a way to tamper with the
firmware (see the photo on the site of the unit in development with the cover
off and an extra cable attached), or replace the board entirely.

A well-documented, well-understood firmware update process with mutual
authentication (firmware and device must both be validated) might improve
things for secondhand Trezor buyers.

~~~
marssaxman
A validation process is a good idea but I'd still feel safer if the device
were frozen with no way to update firmware. Many microcontrollers have
"e-fuses" which you can blow post-manufacturing to render the program flash
read-only, for example. One can also pot the board in epoxy to make tampering
more difficult.

~~~
finnw
What if the current firmware has a bug that allows an attacker to steal your
keys?

------
dsego
In case anyone is wondering, trezor translates to vault or safe (or even
treasury).

------
ChikkaChiChi
I'm a bitcoin skeptic, but I guess I don't understand why there aren't
bitcoin....coins.

Seems to me it wouldn't be terribly difficult to throw some bitcoin info on an
NFC disk.

~~~
wmf
[https://www.casascius.com/](https://www.casascius.com/)

------
ctz
I completely failed to find the sources for this :(

------
return0
Have they got any patents on this?

~~~
rplnt
No, and it's going to be open hardware (and software).

------
fianchetto
Hell yeah, I'll give those boys with the funny accents a bitcoin.

