Trezor BitCoin HardwareWallet

Today I received my Trezor BitCoin HardwareWallet. When I ordered it in June 2013, the expected delivery Date was October. But as it happens all that often with BitCoin related hardware, the dates get pushed back. They offered a device with plastic case for XBT 1 and one with an alloy case for XBT 3. After the Bitcoin price skyrocketed end of last year, they stopped taking pre-orders. The devices we early backers received, have a nice “First Edition” label at the back.

The trezor is the first hardware wallet for BitCoin that is mass produced. It has a small screen, two buttons and a microUSB connector. So it is actually a lot more secure than if you just stored the private key on a SmartCard, as could be done with a HW1 or a YubiKey NEO if the software was finally released. You can see the balances on the different addresses in the client on the computer. When you want to send some coins, you see the receiving address and the ammount on the small screen of the trezor. Once you confirm using two button presses, the trezor signs the transaction, and the client on the computer propagates it to the BitCoin network.

Build quality and form factor look quite nice. It is actually a bit smaller than I expected, which is a good thing. Fifteen Swiss Francs in Coins would require about the same space. I guess it helps in that regard that it doesn’t require a battery, but is powered from USB.

The first thing I did was setting it up with the browser plugin from https://mytrezor.com. It’s an easy process where you have to write down the seed which consists of 24 words. Then I sent a small amount back and forth. Only after seeing this succeed, I transferred bigger amounts to the addresses of the device.
Then I wanted to test the electrum plugin that slush recently noted, would be merged soon. I found it in a pull request on github. It didn’t work initially, but several people were quick to help. After all issues were sorted out, also sending with the trezor from electrum works fine.

It wouldn’t be a security device if it worked without entering some kind of secret. Entering the secret on the computer would make it less secure, as some malicious software could record it. Entering it on the device with only two buttons would be cumbersome, as not that many people these days are fluent in morse code. So, I was curious, how they solved that problem. The solution they came up with is actually quite nice. They display a 3×3 grid of buttons with question marks on the cumputer, while the trezor shows a 3×3 grid with digits 1 to 9 in random positions. That way, you enter your pin on the computer using a mouse or touch screen, using the positions found on the trezor screen. Even after playing with the trezor for only some hours, it’s evident that a lot of thought went into it.

I wonder what will happen next in that space.
I was not fully convinced by the HardBit. Indeed it turned out, somebody found out how to activate WiFi and bluetooth of the repurposed SmartPhone. That makes it way less secure. The developers seem eager and friendly, but it might be just not the most secure platform to begin with.
Recently I backed an interesting project called PRISMicide on Indiegogo, but with only 8% funding after half the time, it looks as if they won’t make it.
The picture and description of the BitSave from ButterflyLabs look really slick. But they have a history of overpromising and delivering late.
And finally, I’m sure SatishiLabs, the creators of trezor, will work on a follow up device that is even smaller and communicates with SmartPhones.