Bitcoin Forum

Hi Folks,

So, we all know that hardware wallets are the safest way to store your crypto-currencies.


I was just thinking how it actually works in terms of storing my private key. when I send a transaction using my trezor, it communicates with the trezor web-interface which means it has to share my private key with it over the internet? or how does it actually work?

i.e with BitcoinCore, blocks are downloaded and the private key is never shared online to access the coins, all happen offline I assume? because the copy of the blockchain is simply downloaded.

However, with trezor, is it the same thing?

 Thanks

The interface is just a way to interact with your hardware wallet. The device does the signing, so the private keys never leave it.

I really think the private keys are the ones that you will download and store in you PC, or anything that you can store it with like USB, Cellphone, or even mail it to your self but as you can see it can be hack if you would put it online, And I really think moreover your private key there are 12 given phrase that would will memorize or put it on a notepad, this will let you access your wallet if you might lost your private key but again there is some wallets like that so I think it will be available to your trezor, nano, or cold store device.

Thanks for your reply, I do possess Trezor + Ledger and I have 85% of my crypto on there.

Thanks for the reply, Your answer makes sense, I know a brief how bitcoin works, so I can understand the signing which is pretty useful in this case.

So, when I am in my trezor interface and I click send, Trezer asks me to confirm and that is the signing bit? correct?

so even if hackers breached into a PC they would not be able to get the private key because it is simply offline even while my Trezor is connected via USB.

Just yesterday, I read an article on how a 15 year old kid called Saleem Rashid from the UK discovered recently a vulnerability on Ledger Nano S which enabled a system for someone to gain access to your private keys. Not easily, and there is no known malignant known real life case, but the door to manipulation is there.

Ledger Nano S contains within a chip with a secure processor, and another chip with an unsecure microcontroller that commands USB communications, the devices graphical interface, etc. The vulnerable point is precisely the communications that are performed between both chips, being the microcontroller vulnerable to the execution of malicious code.

Nevertheless, the above vulnerability cannot be exploited remotely and requires physical access to your Ledger Nano S. I own one, so no panic from me.

It is notwithstanding very recommendable that we update the firmware to version 1.4.1 to avoid the above vulnerability. A bonus feature is that the firmware update not allows for more crypto apps to be installed simultaneously on the Ledger Nanos S (up to 18 in the best case scenario, but 10 to 12 is the expected average amount).

Yes. I'm pretty sure you can safely send a transaction using your Trezor or LedgerNanoS on an malware-infested computer, just make sure that the BTC is actually being sent to the correct address. There are viruses that detects when you copy an address, and when you paste it, it pastes the hacker's wallet address instead. Just take note of that.

14. It is quite sure that anyone can complete a safe transaction by using Trezor or LedgerNanoS. But before that ensuring the correct address it must as viruses can easily identify copied address and drag the currency in the hacker’s wallet instead of the desired address.

Says who?

They're less safe with regard to physical access, compared to general-use PCs or storage media. And those Trezor and Ledger logos announce what they are outright to a potential adversary. Beyond that, there were some recent disclosures about vulnerabilities in Ledger's security model (https://bitcointalk.org/index.php?topic=3169014.msg32779807#msg32779807). Supposedly, the potential attacks include supply-chain and remote (non-physical) attacks.


The hardware wallet model attempts to simulate offline storage. They are designed to shield your private keys from online connections. Private keys are never sent to the online device. But keep in mind, any security model can potentially be broken. I would avoid putting all funds on any one medium, let alone a hardware wallet.

14. It is quite sure that anyone can complete a safe transaction by using Trezor or LedgerNanoS. But before that ensuring the correct address it must as viruses can easily identify copied address and drag the currency in the hacker’s wallet instead of the desired address.

Trezor and Nano ledger is very secured private key that secure you cryptocurrency wallet. When you make a transaction, these private keys are needed to authenticate. In this process you have to face two step verification that ensure the strong privacy.

Trezor uses an open-source software that can be verified and verifiable hardware as well as embedded random RNG in Trezor.

Hope this helps!

That's just a web interface to connect u with internet, private key never leaves the device, so its 100% secure and safe to do the transactions with your Trezor Or Ledger Nano

This right here, you always have your private keys so that's not an issue. HW's are the best things to go with if you're going to be using your coins regularly, or have a mass amounts of coins that you want to keep as safe as possible.

I would hope that more people innovate in the space of HW and buy these wallets, but most people would rather put speed and convenience over safety of their funds -- which they'll learn is one of the most idiotic decisions you can EVER make. I guess some people just need to learn the hardway.

trezor is a hard wallet that provides a high level of security, even if your computer is exposed to malware. trezor can make transactions during online connected.

and how trezor work almost the same as ledger, when you will make a transaction, the bitcoin software will send the template to trezor to sign as a approval that you agree with bitcoin transaction, and your transaction will avoid pishing.