|
Title: To knowledgeable people: Ledger S and Trezor question Post by: Dr Bloggood on October 16, 2017, 03:38:53 PM I'm on the fence whether to buy a Trezor or a Ledger S. I know they are both good. BUT:
1. I recently heard that Trezor had some security vulnerability exposed (with its recovery seed, I believe). What happened there, and is this a danger for the future? 2. Once my device arrives, I want to test the recovery seed (pretend I lost my device, and use the recovery seed to recover my wallet). As I understand, if I do this with the Ledger, the seed and thus my device will be worthless afterwards; whereas with the Trezor this is possible without problems. Correct? Any hints of knowledgeable people would make me a happy hodler! Title: Re: To knowledgeable people: Ledger S and Trezor question Post by: achow101 on October 16, 2017, 06:28:20 PM 1. I recently heard that Trezor had some security vulnerability exposed (with its recovery seed, I believe). What happened there, and is this a danger for the future? The vulnerability required physical access to the device and destruction of the casing, so it would only occur if someone stole your Trezor. The vulnerability has also been patched with a firmware update (for older devices) and a bootloader update (for new devices; the bootloader cannot be updated outside of the factory).2. Once my device arrives, I want to test the recovery seed (pretend I lost my device, and use the recovery seed to recover my wallet). As I understand, if I do this with the Ledger, the seed and thus my device will be worthless afterwards; whereas with the Trezor this is possible without problems. Correct? No, where did you hear that? You can restore your recovery seed without any risk or damage to the device. They are designed for people to be able to restore seeds and then wipe them later to allow for people to recover coins from lost devices.Title: Re: To knowledgeable people: Ledger S and Trezor question Post by: HCP on October 17, 2017, 12:09:18 AM 2. Once my device arrives, I want to test the recovery seed (pretend I lost my device, and use the recovery seed to recover my wallet). As I understand, if I do this with the Ledger, the seed and thus my device will be worthless afterwards; whereas with the Trezor this is possible without problems. Correct? No, that isn't correct. If anything, the ledger is slightly more secure when restoring the seed as you enter it all on the device itself... you don't type anything into your computer, so keyloggers will be unable to record your seed words. Downside is that it takes a LONG time and a LOT of button pressing :PThe Trezor attempts to work around this in one of two ways... Firstly, using the standard restore, you type the words in random order... and are occasionally asked to type in a randomly displayed word that is NOT part of your seed. The idea being to confuse keyloggers with "junk" data. Secondly, Trezor have implemented an "advanced recovery" mode, where you get the 3x3 grid of letters displayed on the device screen and click on the 3x3 grid on the PC screen to enter the appropriate letter sequences. Nice and secure, but like the Ledger system... takes a LONG time and a lot of mouse clicks ;) Both of the devices are solid hardware wallets. I would not hesitate to recommend either to someone looking to secure their coins. |