On 01/16/2017 05:38 PM, Marek Marczykowski-Górecki wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, Jan 16, 2017 at 04:39:04PM -0500, taii...@gmx.com wrote:
On 01/16/2017 07:45 AM, Franz wrote:
On Mon, Jan 16, 2017 at 4:08 AM, taii...@gmx.com <taii...@gmx.com> wrote:
On 01/16/2017 12:37 AM, Franz wrote:
On Sat, Jan 14, 2017 at 10:39 PM, Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, Jan 14, 2017 at 09:17:32PM +0100, Maksymilian Skica wrote:
Hi,
Does anyone actually make Qubes OS working with some bitcoin hardware
wallet? I want to buy one now and my first requirement is that it will
work with Qubes.
Yes, it should work using qvm-usb. At least Trezor do work.
Also assigning to a Trezor-VM the USB controller of a USB expresscard
dedicated to Trezor, it works perfectly.
Best
Fran
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYetLfAAoJENuP0xzK19csHIMH/ihx8tx2LUGlVgvUSptwa52h
Oor7Y/zeaDbeZzDsFCXwca2XVtfhm+idkqehmk6VamYeVRAeVg9iBYGlLWG4sC8M
hBsIiz4ZOWBqWokBSRFO72PZDqbwkz6E2cCuWXFanRkPrWfTNFGruf3OjYN52fCC
gCLpLWgsAMVEQH4OunrQJSDkBgcIfEobtDwFqxckdGVen/pos+C0sI0DBO8WVQiK
y3rw7MRp5X0brRycbVJ531TRsFVK+nZCcFdO4x/aSQDaXIQlm+RfxR6VQQzIjC+c
qP3vxy1IbNOGQYPmhQTVIU0BHysT6cJBt58GdUEiLz3u7RYCjMuQvjXPYnfE+P8=
=8Z0H
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/qubes-users/20170115013942.GB3974%40mail-itl.
For more options, visit https://groups.google.com/d/optout.
Am I the only one who thinks it is a horrible idea to use a closed
source hardware device designed by a bunch of kids and probably made in
china to manage lots of money?
Hardware crypto sucks because it can't be verified without a team of PhD's
and millions of dollars in equipment.
Well, every way has its own problems. We have seen that even using a cold
VM with Qubes may fail because of a Xen bug, so the most reasonable with
money is to share the risk among different and independent routes, so if
one fails you'll not loose everything. So Trezor may well be one of them.
That said, isn't this https://github.com/trezor/ some indication that we
may trust Trezor a little bit?
Best
Fran
That repo doesn't have the source for the device, nor the
compilation/flashing instructions (tivo'ized!) and the firmware and hardware
isn't open source either.
I think you've missed the second repo on this page:
https://github.com/trezor/trezor-mcu
and here:
http://doc.satoshilabs.com/trezor-tech/hardware.html
Just out of curiosity - I've compiled it (very simple instructions) and
the resulted binary have exactly the same hash as the binary firmware
downloadable from their website.
It also needs a web-app and a browser plugin on chrome of all things to
properly function.
Or a simple python tool (https://github.com/trezor/python-trezor). Or
electrum wallet (also open source). And probably many more have support
for it.
It hasn't been audited by an outside firm for security
I don't know any, but as none of your other asserts are true, I will assume
the same here.
and it uses the
insecure USB bus which can easily be fucked around with.
Yes, USB is quite complex, especially on the host side. On the device
side there is also some complexity, but much less. Especially when you
implement only serial-like link (disguised as HID device).
Actually in case of Trezor, I'd be more concerned about adding too much
functionality (gpg, ssh-agent, u2f and more...).
If you have that much money in bitcoin maybe you should simply buy and carry
around a novena or an old coreboot compatible small laptop, you could have
them talk to eachother via rs-232 serial which is very safe much safer than
black box crypto.
Of course you can do whatever you like. Some consider hardware wallets
secure enough, some do not. But lets use facts when taking such
decision.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYfUtWAAoJENuP0xzK19cs7EsH/1iEeEppkVsRJRV1Q2Hs54BP
S2ed5UKM+Vj1sug7FFAG42q8kWhIljB9AguueObVuew0qf63QqGidB0xzO9urRYi
Oye6N9w3grNZ10MEJc3gsDpm7sZwNJEIh9ZL/xrd/OiYY0CFbTelhQ0yawSVwoO7
BEIw02Ui3cIFV82da4vv9vxFGcSb4f0UcQEROUuo2CXSu8uHZh408W6L3v+YhmKI
prTYBGLQjBfjrJVAdnmqycaCAFS2/diSAcesTnEz4kIeYcJHhPE13r9Q/ntyvY9j
9Zuc9/qA24Z3h3L16YHd4Z8bHoNj//8q4u+w51udZiyHe5tb/GpK8g957fd16NA=
=0WJy
-----END PGP SIGNATURE-----
Ahh my mistake, I didn't see the MCU repo and I had spent 5mins on their
website without finding anything more than marketing speak so I assumed
that was the case.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/e49699d3-0746-935a-bfd5-85bd412b6c9a%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
