Originally slated for the end of 2013, the release of the Trezor hardware wallet has been postponed for several months. Delays like this are familiar in the Bitcoin world, but unlike preorders for mining equipment where delays destroy the profitability of the gear and leave customers feeling abused, waiting for the Trezors didn’t cost customers anything other than patience. If anything, it’s been reassuring to know how hard Stick and Slush have been working to refine the security of this first-of-its-kind device.
For me, the wait has been eight months. And it ended today.
The Trezor is a device which looks ahead and tries to solve a problem that casual bitcoin users may not even have realized yet. Sure, bitcoin is powerful and flexible and fast, and lets users maintain control of their own money to an unprecedented degree, but it is vulnerable to the kinds of things that personal computers are susceptible to: viruses and malware at the point of the end user. It doesn’t matter how secure and unbreakable the blockchain is if your roommate or your kid accidentally installs a keylogger on your computer. And unfortunately, unlike currencies supported by banks and credit cards, if a hacker vaccuums up your bitcoin there is no recourse, no one to complain to who can fix it for you. It’s just gone.
“Trezor” means “safe” or “vault” in Czech, and it’s designed to keep your private key safe on the device, and theoretically unhackable. When connected to a computer via USB it springs to life and is able to sign transactions initiated on the computer, but it does not share the key with the computer. The idea is that one could use the Trezor on any computer, even an untrusted one — even an infected one — without compromising the user’s private key, or bitcoin.
The aluminum version is beautiful and feels like quality: solid, rigid and feather-light at the same time. The manual gently informs us that it is not actually waterproof or indestructible, which is a great reminder to at least take prudent care since the little guy feels like he could take a hammer attack.
After installing a browser plugin and connecting the device with the micro USB cable, the website MyTrezor.com leads the user through the simple setup process. The Trezor screen displays a 12 word seed one word at a time, prompting the user to write them down in the included booklet, then repeats the sequence again so you can double-check each word. This seed is your one and only “backup” from which your wallet can be reconstructed, either in a Trezor or another wallet which supports BIP32 deterministic wallets.
If you create a PIN, you get to use the Trezor’s nifty PIN system which displays a grid of nine numbers on the screen, the order of which changes with each use. The PIN is then entered on the computer screen onto a blank grid by clicking the button which corresponds to the number position displayed on the device, making the PIN immune to keyloggers, as well as invisible to people watching your computer screen — as long as you keep the tiny grid on the Trezor itself hidden.
Once you’re set up and have loaded the Trezor with some bitcoin, sending is as easy as initiating the transaction on your computer, then confirming it on the Trezor by pressing one of the two buttons. The destination address pops up on the Trezor screen so you can verify that it’s going to the right place.
Inside this slim device and behind its simple interface is a lot of serious cryptographic voodoo.
The only minor disappointment is the device’s current reliance on the MyTrezor.com website. I believe the team originally hoped that the Trezor would launch with support from major bitcoin wallets, but when that didn’t materialize in time they came up with the solution of creating the MyTrezor web wallet. MyTrezor works well and has a clean design, it will just be nice if other platforms step up and offer support so there are more options.
I already love my Trezor, if only for its delightful bleeding-edge obscurity, a stunningly specialized piece of hardware that’s difficult to even explain to people who aren’t Bitcoin hardcore. It’s challenging to even show to your friends, since it has no battery and thus when it’s not connected to a computer its screen will always be stubbornly dark. You can’t show them your balance, or really do anything other than tell them that it really does work.
It’s so secure, it’s hard to even prove that it even exists.