jackbox
Legendary
 Offline
Activity: 1246
Merit: 1024
|
 |
June 21, 2015, 01:45:42 PM |
|
Is my understanding correct in that you can have say a sort of 'hot' wallet or rather everyday use wallet (with no password) and then say two further wallets each with their own password. If one starts up the Trezor you then only need to enter the relevant password for the wallet you are trying to access?
yes If the above is correct, is there a limit on the number of wallets you can have on a single Trezor?
no (not practically at least, it's limited by the maximum amount of possible passwords) Just keep in mind that if you forget a password the coins associated with that password are inaccessible forever. No way to recover from lost password as the password is used in the encryption to create a unique set of keys. |
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
June 21, 2015, 03:48:56 PM |
|
While you guys are on this topic....
I plan on buying a Trezor in the next 2 or 3 weeks and was planning on buying 3 but it seems like this is not needed seeing as you can have more than one account on a Trezor.
Is my understanding correct in that you can have say a sort of 'hot' wallet or rather everyday use wallet (with no password) and then say two further wallets each with their own password. If one starts up the Trezor you then only need to enter the relevant password for the wallet you are trying to access?
If the above is correct, is there a limit on the number of wallets you can have on a single Trezor?
Yes, that's correct. Technically, the passphrase is added to the seed to generate the HD seed. Knowing that it's easy to see that one can generate a very large number of different wallets this way (probably even all possible wallets, but not sure about that). I would call these "wallets", by the way, because "account" is already used inside HD wallets. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
GenTarkin
Legendary
Offline
Activity: 2450
Merit: 1002
|
|
June 21, 2015, 06:42:00 PM |
|
Hey all, I just got a trezor and have a question.
Initially set it up w/ only PIN protection. If I enable password protection and leave some funds in the 'non password protected' accounts as well as the newly created 'password protected account'....
How does the recovery process work in this case? When doing the seed recovery process would I check the box 'password encrypted'(or w/e it is) ... if so would this restore both my 'non password protected' & 'password protected' accounts?(even tho the 'non password protected' accounts have no password?)
You should be able to use both "wallets" in parallel (or rather alternatingly) without using the restore process in between. Depending on which pw you use (empty or "something"), a different wallet is loaded. I don't know exactly how it works with myTrezor (I use electrum), but entering a different password (or no password) should do the trick. Maybe someone who is doing this with myTrezor could chip in? It doesn't matter if you set 'password encrypted' during recovery, you can change it later after recovery to access your password protected funds. The password function disabled technically is like entering an empty password so you can only access those funds while you have the feature disabled. Enable the feature and your other funds get accessible with the correct password. tl-dr: yes it works, it will restore both (all) accounts. I got ya guys, thanks! I see how it works now =) Thats pretty badass you can have any number of password'd unique wallets on ur device! Im guessing the way it works is the seed is simply encrypted w/ a password and the HD tree is generated from the encrypted seed unique to whatever password u use. |
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
June 22, 2015, 02:47:03 AM |
|
Hey all, I just got a trezor and have a question.
Initially set it up w/ only PIN protection. If I enable password protection and leave some funds in the 'non password protected' accounts as well as the newly created 'password protected account'....
How does the recovery process work in this case? When doing the seed recovery process would I check the box 'password encrypted'(or w/e it is) ... if so would this restore both my 'non password protected' & 'password protected' accounts?(even tho the 'non password protected' accounts have no password?)
You should be able to use both "wallets" in parallel (or rather alternatingly) without using the restore process in between. Depending on which pw you use (empty or "something"), a different wallet is loaded. I don't know exactly how it works with myTrezor (I use electrum), but entering a different password (or no password) should do the trick. Maybe someone who is doing this with myTrezor could chip in? It doesn't matter if you set 'password encrypted' during recovery, you can change it later after recovery to access your password protected funds. The password function disabled technically is like entering an empty password so you can only access those funds while you have the feature disabled. Enable the feature and your other funds get accessible with the correct password. tl-dr: yes it works, it will restore both (all) accounts. I got ya guys, thanks! I see how it works now =) Thats pretty badass you can have any number of password'd unique wallets on ur device! Im guessing the way it works is the seed is simply encrypted w/ a password and the HD tree is generated from the encrypted seed unique to whatever password u use. Yes, that is correct but if you forget the password you lose the coins, period. No way to recover them if you cannot remember the password(s). |
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
June 22, 2015, 07:37:42 AM
Last edit: June 22, 2015, 07:51:45 AM by molecular |
|
Hey all, I just got a trezor and have a question.
Initially set it up w/ only PIN protection. If I enable password protection and leave some funds in the 'non password protected' accounts as well as the newly created 'password protected account'....
How does the recovery process work in this case? When doing the seed recovery process would I check the box 'password encrypted'(or w/e it is) ... if so would this restore both my 'non password protected' & 'password protected' accounts?(even tho the 'non password protected' accounts have no password?)
You should be able to use both "wallets" in parallel (or rather alternatingly) without using the restore process in between. Depending on which pw you use (empty or "something"), a different wallet is loaded. I don't know exactly how it works with myTrezor (I use electrum), but entering a different password (or no password) should do the trick. Maybe someone who is doing this with myTrezor could chip in? It doesn't matter if you set 'password encrypted' during recovery, you can change it later after recovery to access your password protected funds. The password function disabled technically is like entering an empty password so you can only access those funds while you have the feature disabled. Enable the feature and your other funds get accessible with the correct password. tl-dr: yes it works, it will restore both (all) accounts. I got ya guys, thanks! I see how it works now =) Thats pretty badass you can have any number of password'd unique wallets on ur device! Im guessing the way it works is the seed is simply encrypted w/ a password and the HD tree is generated from the encrypted seed unique to whatever password u use. Yes, that is correct but if you forget the password you lose the coins, period. No way to recover them if you cannot remember the password(s). No, that's not how it works. wallet seed = device seed + passphrase What I call "device seed" here (those are the words you write down) is not encrypted in any way (at least not with the passphrase). The passphrase is sent to the trezor device and simply added to that seed in some way (xor, concatenation + hash or something) and that results in the HD wallet seed used by the device to generate the wallet (addresses, xpub, private keys,...) But of course it's true: you need the password(s) to access the wallet(s). EDIT: here's the relevant code in the trezor firmware:
if (storage.has_passphrase_protection && storage.passphrase_protection && strlen(sessionPassphrase)) {
// decrypt hd node
uint8_t secret[64];
uint8_t salt[12];
memcpy(salt, "TREZORHD", 8);
layoutProgressSwipe("Waking up", 0);
pbkdf2_hmac_sha512((const uint8_t *)sessionPassphrase, strlen(sessionPassphrase), salt, 8, BIP39_PBKDF2_ROUNDS, secret, 64, get_root_node_callback);
aes_decrypt_ctx ctx;
aes_decrypt_key256(secret, &ctx);
aes_cbc_decrypt(sessionRootNode.chain_code, sessionRootNode.chain_code, 32, secret + 32, &ctx);
aes_cbc_decrypt(sessionRootNode.private_key, sessionRootNode.private_key, 32, secret + 32, &ctx);
}
memcpy(node, &sessionRootNode, sizeof(HDNode));
Now I'm not so sure any more  |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
June 22, 2015, 07:05:17 PM |
|
cool. thanks for posting. from that link: To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt.
hmmm. Looking at the code I pasted before, it seems to me to me the trezor doesn't use "mnemonic" + passphrase as salt, but "TREZORHD". |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
June 22, 2015, 10:08:47 PM
Last edit: June 22, 2015, 10:21:43 PM by Carlton Banks |
|
cool. thanks for posting. from that link: To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt.
hmmm. Looking at the code I pasted before, it seems to me to me the trezor doesn't use "mnemonic" + passphrase as salt, but "TREZORHD". No, you're interpreting that wrong. The salt value is getting defined in the previous line. The line you're referring to is a function call that uses a variable called salt, a string literal with the value "TREZORHD" and an integer literal number 8. Look at the line after it: if you interpret that with the same logic, then the salt is being assigned the integer literal 8. Don't quit your job for software engineering just yet  I've changed my mind. Having read the code in detail, I think you're right, they are using TREZORHD as the salt. More obvious if you look at the differences in this commit: https://github.com/trezor/trezor-mcu/commit/e99aafd94928eb547f7590fdf90116dcb7ef0672 |
Vires in numeris
|
|
|
|
AussieHash
|
|
June 23, 2015, 12:28:40 AM |
|
I'm not a programmer, but Trezor firmware for the last few versions updates the secret seed's version number to prevent firmware downgrades from accessing it.
The node part might reflect a static variable for BitID / TrezorConnect
|
|
|
|
|
GenTarkin
Legendary
Offline
Activity: 2450
Merit: 1002
|
|
June 24, 2015, 12:49:59 AM |
|
Hey all, I just got a trezor and have a question.
Initially set it up w/ only PIN protection. If I enable password protection and leave some funds in the 'non password protected' accounts as well as the newly created 'password protected account'....
How does the recovery process work in this case? When doing the seed recovery process would I check the box 'password encrypted'(or w/e it is) ... if so would this restore both my 'non password protected' & 'password protected' accounts?(even tho the 'non password protected' accounts have no password?)
You should be able to use both "wallets" in parallel (or rather alternatingly) without using the restore process in between. Depending on which pw you use (empty or "something"), a different wallet is loaded. I don't know exactly how it works with myTrezor (I use electrum), but entering a different password (or no password) should do the trick. Maybe someone who is doing this with myTrezor could chip in? It doesn't matter if you set 'password encrypted' during recovery, you can change it later after recovery to access your password protected funds. The password function disabled technically is like entering an empty password so you can only access those funds while you have the feature disabled. Enable the feature and your other funds get accessible with the correct password. tl-dr: yes it works, it will restore both (all) accounts. I got ya guys, thanks! I see how it works now =) Thats pretty badass you can have any number of password'd unique wallets on ur device! Im guessing the way it works is the seed is simply encrypted w/ a password and the HD tree is generated from the encrypted seed unique to whatever password u use. Yes, that is correct but if you forget the password you lose the coins, period. No way to recover them if you cannot remember the password(s). No, that's not how it works. wallet seed = device seed + passphrase What I call "device seed" here (those are the words you write down) is not encrypted in any way (at least not with the passphrase). The passphrase is sent to the trezor device and simply added to that seed in some way (xor, concatenation + hash or something) and that results in the HD wallet seed used by the device to generate the wallet (addresses, xpub, private keys,...) But of course it's true: you need the password(s) to access the wallet(s). EDIT: here's the relevant code in the trezor firmware:
if (storage.has_passphrase_protection && storage.passphrase_protection && strlen(sessionPassphrase)) {
// decrypt hd node
uint8_t secret[64];
uint8_t salt[12];
memcpy(salt, "TREZORHD", 8);
layoutProgressSwipe("Waking up", 0);
pbkdf2_hmac_sha512((const uint8_t *)sessionPassphrase, strlen(sessionPassphrase), salt, 8, BIP39_PBKDF2_ROUNDS, secret, 64, get_root_node_callback);
aes_decrypt_ctx ctx;
aes_decrypt_key256(secret, &ctx);
aes_cbc_decrypt(sessionRootNode.chain_code, sessionRootNode.chain_code, 32, secret + 32, &ctx);
aes_cbc_decrypt(sessionRootNode.private_key, sessionRootNode.private_key, 32, secret + 32, &ctx);
}
memcpy(node, &sessionRootNode, sizeof(HDNode));
Now I'm not so sure any more Programming mode aside: I got the gist of it =) Just semantics haha! |
|
|
|
GenTarkin
Legendary
Offline
Activity: 2450
Merit: 1002
|
|
June 24, 2015, 12:58:30 AM |
|
I have to say, Im thoroughly impressed w/ the trezor. Its become the only device / service that I fully trust w/ my bitcoin other than myself.
Ive not yet found anything worthy of that roll, till the trezor.
The idea of making as many hidden wallets I want w/ passwords thrills the hell outta me. Knowing my BTC are secure even in the event of theft / loss and not known to even exist is quite a feat. It could even function in that regard as both hot & cold storage wallets!
Also, knowing the entire thing is recoverable w/ a simple seed. Which, I would gather I could put anywhere, cuz once again, even if someone found it ... if they tried to use it, they would not see any funds unless they knew the exact passwords I used for my wallets.
It works flawlessly w/ my phone & mycelium as well... which is also awesome. Ive started using electrum as my bitcoin-core wallet replacement(took some getting used to but its working out well). Its nice to see a decent amount of addresses for each account in electrum so I know which ones are 'in queue'.
I still run bitcoin-core for full node support & my addresses are in there as watch only mode.
Overall very fucking impressive product! I think anyone serious about BTC should have one.
Its much better than the HW.1 & ledger products which Ive tried HW.1(same as ledger pretty much cept for software) ... they suck in comparison.
|
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
June 24, 2015, 07:34:19 PM |
|
I want to buy a used android tablet to use with the trezor. Does anybody use a trezor with the mycelium app on a google nexus 7? There are two generations of the nexus 7, both support USB OTG (on-the-go), so it should work.  |
Bitcointalk member since 2013! 
|
|
|
chriswilmer
Legendary
Offline
Activity: 1008
Merit: 1000
|
|
June 24, 2015, 08:37:06 PM |
|
Any multisig-with-Trezor wallets out there yet? (e.g., Copay with Trezor, multisig-electrum-with-Trezor, multisig on the mytrezor.com page...)
|
|
|
|
|
|
|
dnaleor
Legendary
Offline
Activity: 1470
Merit: 1000
Want privacy? Use Monero!
|
|
June 25, 2015, 12:11:19 AM |
|
I want to buy a used android tablet to use with the trezor. Does anybody use a trezor with the mycelium app on a google nexus 7? There are two generations of the nexus 7, both support USB OTG (on-the-go), so it should work. i tried it multiple times, it works, but you don't have full functionality (as far as I know) I didn't manage f.e. to create new accounts in a wallet (the sub"wallet" behind a certain password) You shouldn't fear using it on a desktop though, or on the smartphone you use daily. It's safe on every device |
|
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
June 25, 2015, 06:13:36 AM |
|
I want to buy a used android tablet to use with the trezor. Does anybody use a trezor with the mycelium app on a google nexus 7? There are two generations of the nexus 7, both support USB OTG (on-the-go), so it should work. i tried it multiple times, it works, but you don't have full functionality (as far as I know) I didn't manage f.e. to create new accounts in a wallet (the sub"wallet" behind a certain password) You shouldn't fear using it on a desktop though, or on the smartphone you use daily. It's safe on every device Thanks for pointing this out, signing tx with the trezor is safe one every device of course. But as an iPhone user I'd like to have an android device as well to test out several apps available only on this platform! |
Bitcointalk member since 2013!
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 25, 2015, 02:31:52 PM |
|
hey, just got an email Satisfaction Survey with a link. is it legit?
|
|
|
|
|
|
RustyNomad
|
|
June 25, 2015, 02:37:21 PM |
|
hey, just got an email Satisfaction Survey with a link. is it legit?
Seems to be, just did it, only asks three or so questions and no personal info required. |
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 25, 2015, 02:45:56 PM |
|
hey, just got an email Satisfaction Survey with a link. is it legit?
Seems to be, just did it, only asks three or so questions and no personal info required. you sure you didn't end up downloading something? |
|
|
|
|
maheshmahi
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 25, 2015, 03:23:14 PM |
|
How a transaction can be in hardware wallet.
Whats is advanced in hardware other than software.
|
|
|
|
|
|
