create account

Why an Update Can't Fix Trezor and KeepKey Vulnerability (And What You Can Do About It) by heiditravels

View this thread on: hive.blogpeakd.comecency.com
trezor · @heiditravels ·
$3.79
Why an Update Can't Fix Trezor and KeepKey Vulnerability (And What You Can Do About It)
# Here's what you should know about Trezor and KeepKey security and how you can improve it:

https://youtu.be/h-YkkSSkaNk


Additional Reading/Links:

[Blog Detailing the Extraktor](https://ledger-donjon.github.io//Unfixable-Key-Extraction-Attack-on-Trezor/)

[How to Add Passphrase on Trezor](https://blog.trezor.io/seed-pin-passphrase-e15d14a0b546)

[Video on multi-passphrase on Trezor here](https://www.youtube.com/watch?v=212NH5xfVrc)

[How to Add Passphrase on KeepKey](https://blog.cryptocoin.cc/2019/05/26/guide-how-to-enable-and-a-bip39-passphrase-with-keepkey-to-increase-your-security/)

[Restoring KeepKey](https://www.reddit.com/r/keepkey/comments/5mmmhe/using_passphrase_with_keepkey/)
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 69 others
properties (23)
authorheiditravels
permlinkwhy-an-update-can-t-fix-trezor-and-keepkey-vulnerability-and-what-you-can-do-about-it
categorytrezor
json_metadata{"tags":["trezor","keepkey","warning","cryptotips","security"],"image":["https://img.youtube.com/vi/h-YkkSSkaNk/0.jpg"],"links":["https://youtu.be/h-YkkSSkaNk","https://ledger-donjon.github.io//Unfixable-Key-Extraction-Attack-on-Trezor/","https://blog.trezor.io/seed-pin-passphrase-e15d14a0b546","https://www.youtube.com/watch?v=212NH5xfVrc","https://blog.cryptocoin.cc/2019/05/26/guide-how-to-enable-and-a-bip39-passphrase-with-keepkey-to-increase-your-security/","https://www.reddit.com/r/keepkey/comments/5mmmhe/using_passphrase_with_keepkey/"],"app":"steemit/0.1","format":"markdown"}
created2019-07-22 10:55:39
last_update2019-07-22 10:55:39
depth0
children4
last_payout2019-07-29 10:55:39
cashout_time1969-12-31 23:59:59
total_payout_value2.940 HBD
curator_payout_value0.853 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length699
author_reputation238,399,845,730,952
root_title"Why an Update Can't Fix Trezor and KeepKey Vulnerability (And What You Can Do About It)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id88,599,194
net_rshares11,137,784,379,509
author_curate_reward""
vote details (133)
@juanete20 · 
Please, let us know if the Ledger is a safe option? 
Enjoy Australia, it's a great country and do some research on the local company "Travel by Bit" you'll love what they're doing over-there.
properties (22)
authorjuanete20
permlinkpv1iro
categorytrezor
json_metadata{"tags":["trezor"],"app":"steemit/0.1"}
created2019-07-22 11:04:36
last_update2019-07-22 11:04:36
depth1
children2
last_payout2019-07-29 11:04:36
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length191
author_reputation821,188,373,352
root_title"Why an Update Can't Fix Trezor and KeepKey Vulnerability (And What You Can Do About It)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id88,599,636
net_rshares0
@heiditravels · 
Like I said in the video, the report was created by the Ledger security team so it isn't completely unbiased. That being said it's something to take seriously either way. In regards to Ledger being "more secure", the best I can say is that so far it has proven to be a successfully secure hardware wallet. Please keep in mind that there are no guarantees in this space.
properties (22)
authorheiditravels
permlinkpv1jb9
categorytrezor
json_metadata{"tags":["trezor"],"app":"steemit/0.1"}
created2019-07-22 11:16:24
last_update2019-07-22 11:16:24
depth2
children1
last_payout2019-07-29 11:16:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length369
author_reputation238,399,845,730,952
root_title"Why an Update Can't Fix Trezor and KeepKey Vulnerability (And What You Can Do About It)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id88,600,134
net_rshares0
@juanete20 · 
Thanks for your reply!
properties (22)
authorjuanete20
permlinkpv1n3t
categorytrezor
json_metadata{"tags":["trezor"],"app":"steemit/0.1"}
created2019-07-22 12:38:18
last_update2019-07-22 12:38:18
depth3
children0
last_payout2019-07-29 12:38:18
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length22
author_reputation821,188,373,352
root_title"Why an Update Can't Fix Trezor and KeepKey Vulnerability (And What You Can Do About It)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id88,603,891
net_rshares0
@zoidsoft · 
There's also Bitfi, which doesn't store your keys, but instead generates them every time from your passphrase.  The problem with Bitfi is that it has a screen that can be hacked, so you don't know if what the device is telling you is the correct address actually is generated from the device or maliciously swapped with a hackers substituted address.  If Trezor or Ledger could follow Bitfi's seed generating practices, but keep their separate screen, that would be the best of both worlds.
properties (22)
authorzoidsoft
permlinkpv249h
categorytrezor
json_metadata{"tags":["trezor"],"app":"steemit/0.1"}
created2019-07-22 18:48:54
last_update2019-07-22 18:48:54
depth1
children0
last_payout2019-07-29 18:48:54
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length490
author_reputation17,657,439,386,076
root_title"Why an Update Can't Fix Trezor and KeepKey Vulnerability (And What You Can Do About It)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id88,617,311
net_rshares0
Help/Feedback