trezor-firmware icon indicating copy to clipboard operation
trezor-firmware copied to clipboard

Published 20 hours ago verified publisher icon trezor

IDEA: Lock Trezor to work only with a particular host

Open prusnak opened this issue 6 years ago • 2 comments
trafficstars

It is possible to lock the device to communicate only with a particular host.

The implemenetation would look like this:

  • trezor bridge would collect various serial numbers (such as MAC addresses of LAN, Wifi, etc.) and compute a hash of them to create a 256-bit identifier
  • this identifier would be sent in the Initialize Messages
  • unless the identifier would be the same as the one stored in the device, the device will not respond to incoming messages

prusnak avatar Mar 26 '19 13:03 prusnak

I dislike using of MAC addresses, which is basically a public information. If ever, I would consider providing some "key file" to Bridge, stored somewhere in the user profile.

slush0 avatar Apr 05 '19 19:04 slush0

Another option is to use the keyfile in the bridge to encrypt the whole communication (v2 protocol) and ignore the communication with the wrong communication key.

prusnak avatar Apr 05 '19 20:04 prusnak