Although most bitcoin users rely on freely-available web and mobile wallets, recent security scares clearly illustrate the need for safer alternatives. Here, we take a closer look at one device designed to address the problem.
The Trezor hardware wallet is targeted at bitcoiners who wish to maintain a substantial stash of coins, but do not want to rely on third-party bitcoin storage services or impractical forms of cold storage. Developed by Czech startup SatoshiLabs, the $99 device is essentially a USB dongle designed to add an extra authentication layer to all outbound bitcoin transactions. By virtue of its design, Trezor can be used to sign transactions on 'unsafe' computers and is impervious to keyloggers and many other vectors of attack, so even if your host PC is compromised, the attacker has no way of getting your private key.
That's also where the device gets its name, as 'trezor' translates into 'vault' in most Slavic languages, including Czech. A kind of 'vault' for your private bitcoin key, Trezor claims to use a number of clever tricks to maintain security even on compromised and unsafe machines. Here, we take a closer look at these failsafes one at a time, from setup to transaction. Unboxing and specsThe device is roughly the size of an average USB stick, albeit somewhat wider, and ships in a very small package.
The box features a holographic sticker on top and a warning urging users to get in touch with support in case they suspect the package was opened. The sticker feels redundant however, as there is so much glue holding the box together that it is practically impossible to open without causing an obvious amount of damage in the process.
The box includes the Trezor device, a USB to micro-USB cable, an installation manual and a (very) small lanyard. As for the device itself, we got a white, plastic sample. It also comes in grey and black. Although the company developed and marketed metal units, they are no longer on offer and the first batches went out to early Trezor backers earlier this year. The CE and RoHS-certified device measures 60 x 30 x 6mm (2.4 x 1.2 x 0.2 inches) and weighs in at 12g (0.42oz). While not certified as fully waterproof, the company says the device is at least water resistant.
In terms of hardware, Trezor is based on an ARM Cortex M3 processor clocked at 120MHz. It has a 128 x 64 pixel OLED screen that is both legible and crisp. The second component of the user interface comes in the form of two hardware buttons, used to perform a number of actions necessary to set up the device and sign transactions. A standard micro-USB port is located at the bottom. The micro-USB port is the device's only communication with the outside world and only source of power, as there is no battery on board.
As far as build quality goes, things could have been better. The top of the device and the edges feel very robust, but the same cannot be said of the centre, between the buttons and micro USB port. This part of the device exhibits a bit of flex and it squeaks when pressure is applied. However, the white plastic has a matte anti-scratch finish and it should be able to stand up to a fair bit of abuse. The plastic lanyard pin is surrounded by sharp edges and the opening is poorly shaped, so inserting a lanyard can be frustrating. This may sound like a case of nitpicking, so let's be clear: for a USB dongle, the build quality and design are excellent, but consumers spoiled by bulletproof high-end smartphones may find these minor issues annoying.
Installing the device is straightforward, but it involves a bit of work. There is no way of getting around this, as you must jump through a number of hoops since you are dealing with a secure device. After connecting the device, the first step is to head over to myTREZOR and download a browser plugin. The process is automated, although the user needs to allow the plugin to install. Once the plugin is activated, myTREZOR will prompt you to enter a PIN. This is where the keylogger protection kicks in. You don't actually type the PIN, you have to click on an obscured numerical pad displayed in the browser.
The position of each number changes randomly, so every time you enter the PIN you will have to check your Trezor device for the layout. An attacker using a simple keylogger, or even an attacker with complete remote access to the desktop, would not be able to determine the numbers, as they are displayed only on the Trezor device. The next order of business is to write down a randomly generated 24-word seed. This seed will allow you to reconstruct your Trezor wallet in case you lose the device. This is the only backup that can be used to recover your wallet in case of loss or theft. Trezor uses BIP39 and BIP44 standards for creating new wallets, so the generated seed can be recovered and used by other compatible wallets. SatoshiLabs confirmed that users can use Mycelium 2.0, Wallet32 or Multibit HD to load Trezor's recovery seed to their computer.
Technically, the device does not use standard random algorithms, as they would make it prone to random generator attacks. Instead, it uses deterministic signatures and external random entropy sources, which means it uses multiple different sources to generate the 'random' seed. The whole setup should take no more than 10-15 minutes. Convenience and everyday useThe Trezor wallet tries to reconcile two opposite extremes. On one hand it adds a new layer of security, but at the same time tries to make the user experience as simple as possible.
The device tackles the problem admirably, since there is not a lot of work left after the initial setup.
Using Trezor is not time consuming and a transaction can be approved in a matter of clicks, with minimal interaction with the device. You have to punch in the PIN to access the wallet and each transaction must be approved on the device.
While the default myTrezor wallet offers a sleek design and works quite well, it still relies on a single service.
For this reason, users wanting to avoid any form of centralisation can opt for either third-party wallet. The device currently supports Multibit HD (beta) and Electrum 2.0 wallets.
You don't need the device to receive bitcoins, only to send them. Even then, the process is rather straightforward, but Trezor isn't intended for every bitcoin transaction you make. Ideally it should be used to secure a substantial cache of bitcoins, transferring them to more convenient mobile wallet platforms for smaller transactions.
One potential issue for the device is its lack of mobile support. For the time being, the Trezor device can only work with desktop operating systems such as Windows, OS X and Linux. This means you cannot pair it with your mobile phone or tablet, unless you happen to use a Windows 8.1 tablet. However, Satoshi Labs is working on enabling USB On-The-Go (OTG) functionality, which would enable its use on Android devices. This is planned for future releases and an open-source library for Android OTG support is already available on GitHub. Another update will enable support for BIP70, the latest bitcoin payment protocol designed to offer additional security-oriented features.
The Trezor hardware wallet works as advertised. It offers a number of advantages over traditional wallets and renders your private key impervious to many forms of attack. The downside is that it is simply not an on-the-go device that can be used to make everyday transactions. Rather, it is a niche product for people looking to secure their bitcoins and top up mobile wallets from time to time. In other words, if you do not have a bitcoin stash at all times, Trezor (and other hardware wallets) are simply not designed for you. Crypto enthusiasts, BTC hoarders and small businesses are the target audience. It lives up to its name, as it is more of a crypto vault than a wallet. Since Trezor has no battery and relies on external power, it could work as a mobile solution, provided Android support is implemented. It is compact enough to carry around on a keychain and connect to a phone when necessary, so we expect Satoshi Labs to tackle OTG support soon.
Bitcoin is often marketed as allowing people to “be your own bank”. The caveat, however, is that you have to take the responsibility worthy of a banker. It may sound simple; all it requires is to keep the private key safe, but the simplicity can be deceiving.
A Bitcoin private key is a long string of alphanumeric. They are all unique but look sort of like one another. While the entropy makes it hard to crack by random guessing, it is quite impractical to memorize for most.
Many people use paper wallets, which is the written or printed form of private keys. While this is a relatively secure way of storing the bitcoins, it is rather troublesome for those who need to spend their funds often. Many of them would rather use a third party online wallet service such as Blockchain.info, at the cost of increased risks.
The quest for paper wallet-grade security without compromising the convenience of online wallets led to what is known as hardware wallet.
Though nobody claims to be inventor of the Bitcoin hardware wallet, one of the pioneers who posited the concept is Clement Cap, a professor at University of Rostock in Prague.
In a 2011 speech, Prof. Gap described the requirements of a Bitcoin hardware wallet as:
My Trezor arrives in a square plastic-sealed box. Rip the wrap off, you will see a sealing sticker. It has a warning message that reads: "Make sure the sticker is intact before opening”. Take this warning seriously because at stake is more than the 100 USD you paid for the device, but whatever amount of Bitcoin that you will trust it with.
Look at the Internet and it is not hard to get the impression that hardware wallets are reminiscent of mobile phones in the early days – there seem no unified design language or standard to speak of. While some, with touch screens and wireless connections, look like smart phones, the plainness of Trezor reminds me of my first MP3 player bought over a decade ago.
Simplicity is definitely in the heart of Trezor’s design. The designers seem to have tried to remove all unnecessary parts and stick to the essentials: a screen, two buttons, a tiny electronic board with a USB port. The benefit of simplicity is increased reliability. Compare a decade-oldNokia and a new iPhone, as much as you may enjoy the rich user experience that the later offers, you may have to admit that the former is much less likely to crash.
For the paranoid, they may be interested to know the conditions under which these devices are manufactured. Even though the hardware is supposed to be open-source, most of us don’t have the capacity to examine it, so we still have to trust Satoshi Labs who designed it and the manufacturer that it chooses to work with. I contacted Satoshi Labs customer support and was told that the devices were made In Czech Republic, where Satoshi Labs was based. In the email, I was told that: “All components are stored in a restricted access area watched by cameras 24/7…Only chosen employees can get into the area. The plastic casing parts are joined with an ultrasound that melts the material together so it's impossible to replace the internals without a notable damage to it.”
All the assurance notwithstanding, the little thing still looks a little too flimsy to inspire much confidence in me. For that matter, the company also has an aluminum version, with a metal body that give some extra psychological comfort. But on the flip side, that Trezor doesn’t look like something that can potentially keep money (and a lot) is actually not a bad idea. After all, you don’t want it to attract too much unwanted attention to your safe.
The first step is setting up a pin – the pin is password that you have to use when sending money out. It is quite different from setting up an email password: A 3*3 grid appears on Trezor’s screen, each grid containing one of the digits from 1 to 9, all scrambled out of order. On the computer screen there is another 3*3 grid, identical except each grid contains a question mark. It may sound complicated, but the real process is quite ingenious. Basically, you move the cursor and click on the question mark on the computer screen that correspond to the digit you would like to select on the Trezor screen. This is designed to prevent malicious programs from secretly recording your keystrokes.
Then you will need to set up a recovery seed. In case you lose your Trezor or forget the pin, the recovery seed is all you can count on to recover your funds. The seed is a string of randomly selected English words. Write them down on a piece of paper (or the tiny notebook that comes with Trezor). Once you are done, put it away. Don't put it too close to your Trezor. You would lose your money if you lose both.
The thing I like most about Trezor is the ease of use. Even when compared with online wallets, it is just more convenient. Blockchain.info for example, requires one to type in the password every time. When you have the two factor authentication activated, you will also have to type in the verification code. With Trezor, to check the balance, all you need to do is to plug in and go to Mytrezor.com.
One thing that users may frown at is the current lack of support from other websites. There should be alternative sites if Mytrezor.com experiences a server failure. But these alternatives don’t exist at the moment (at least I didn't see any information on Mytrezor.com). Another issue that may prevent the device from becoming more successful is that it doesn’t have multilanguage support. So if you want to use a Trezor, some basic English reading skill is a requisite.