How much would you trust trezor?

[Quickseller]

Another, probably more realistic risk for most users is that (AFAIK), even with the seed, you need to use a trezor in order to spend any BTC that is stored on the trezor. This means that if their trezor were to malfunction or break, that the user would need to wait until they can purchase a new trezor, and until it arrives to be able to spend the BTC they are trusting it with, and this is assuming they make proper backups of their seed.

You do not have to wait for a new Trezor, the Trezor seed can be used on Electrum to recover the wallet. So you will be able to access your wallet and move the bitcoins to an alternative wallet should you lose your Trezor.

This is not true. Electrum will not calculate the private keys for you (at least as of several months ago) with the seed. It will force you to confirm any transaction via the trezor if you restore via a trezor seed

[dsattler]

Even if I have trust in my trezor, I would never store all of my coins on it. It's better to spread your BTC over several storage methods. Use paper wallets (look at mycelium entropy's 2-of-3, that's fantastic) for bitcoins you want to keep long-term and use a mobile wallet like copay for convenient every-day spending with a small amount of BTC in it.

[Amph]

i like to run a trap wallet on my desktop and use simply my computer, stealing that few cent of bitcoin, will immediately put me on the fence and proceed to wipe out the disk, never happened for now, so my computer is safe

for now i only trust my usb and my ssd, i don't use anything expensive like trezor, and i'm not going to use it in the future

What if the attacker gets to both of your trap wallet and the actual wallet itself before doing any transactions?

the actual wallet is a cold storage the trap wallet is a hot wallet with a very low amount, unless he know that , the wallet is a trap and i have more bitcoin hidden off line, he will steal immediately those coins

[Carlton Banks]

I would personally suggest using electrum for both your cold and hot wallets (at least for your hot wallet on your computer). It takes up very little resources, is deterministic, and has all the same features that armory has.

One important feature Armory has that Electrum does not: transcations and/or extended public key data are kept private when using Armory, whereas using a Trezor with Electrum involves sharing your transaction history with public Electrum nodes. Those nodes are unlikely to be trying to use that information for antything, but it's better if that info is not made available to strangers in the first place.

It'd be really good for the privacy of Trezor users if:

• Electrum devs implemented an easy to use "full node" mode
• Armory devs integrated Trezor
• Bitcoin Core integrated Trezor

[Mickeyb]

I do trust it. Yes, some will say you must trust Satoshi labs but in the same way you must trust Core developers. You must trust Electrum developers, etc. In pretty much every instance, you have to trust someone to the certain degree!

OP, I know that you have reviewed the Trezor and code throughly and you haven't found any problems with it. Also, I have reviewed it the best I could with my technical knowledge and I found it trustworthy enough. I don't see then why I wouldn't use it and why I wouldn't trust it!

[Cuidler]

If I had one I guess 10-20% of coins. After few months (and more trust) I guess up to 75% of coins. But I dont putting all my coins at one place today as well.

Anyway, I think trezor is best hardware wallet on market today - but very expensive considering you can get better tech phone for about 20 USD, so 20 USD is the price I would really consider buying the trezor...

[LiteCoinGuy]

Just something I've been thinking lately - I hold a sizeable sum in a trezor that I bought lately (after I did some review of the code and the protocols used), but I'm wondering about how much others would trust a trezor personally. I used to use Offline Armory exclusively but it's taking a toll on my SSD's by running a full client on my online computer.

use several methods to store your coins. that is the best you can do.

maybe i would trust the trezor 10-20% of my coins 

[twister]

Just something I've been thinking lately - I hold a sizeable sum in a trezor that I bought lately (after I did some review of the code and the protocols used), but I'm wondering about how much others would trust a trezor personally. I used to use Offline Armory exclusively but it's taking a toll on my SSD's by running a full client on my online computer.

use several methods to store your coins. that is the best you can do.

maybe i would trust the trezor 10-20% of my coins 

I agree, I don't have a big stash but if I did I would distribute them over several encrypted paper wallets and offline electrum wallets, with encrypted back ups of their keys on pen drives and dvds that have never been online. And write the seed somewhere smartly in a way that I could understand it. Atleast with offline printed encrypted paper wallets with several back ups I don't have to worry about getting my bitcoins stolen, just have to make sure they are safe from degradation and are proper backed up.

[BitcoinNewsMagazine]

IMO all hardware wallets are much too new and untested for it to be a good idea to store large amount of bitcoin on them.

Users with a more of an advanced understanding of Bitcoin should be able to audit any address they are told to send to based on the seed, as well as any change address it will send to as part of a transaction. Although the trezor seems to be marketed more towards more novice users. (they can audit based on the seed which can be used to calculate the xpubkey).

The risk with the trezor is that it is really not known how resilient to attacks it will be in the event that an attacker were to come into physical possession of the trezor. I believe that some security researchers have been able to detect radio waves from a trezor without inputting valid credentials, which could, at least in theory, lead to the private keys the trezor is suppose to be keeping private.

Another, probably more realistic risk for most users is that (AFAIK), even with the seed, you need to use a trezor in order to spend any BTC that is stored on the trezor. This means that if their trezor were to malfunction or break, that the user would need to wait until they can purchase a new trezor, and until it arrives to be able to spend the BTC they are trusting it with, and this is assuming they make proper backups of their seed.

I would personally suggest using electrum for both your cold and hot wallets (at least for your hot wallet on your computer). It takes up very little resources, is deterministic, and has all the same features that armory has. Also you will have greater control over when your private keys will potentially be vulnerable -- if you are using full disk encryption and a strong passphrase for both the wallet file and to decrypt your harddrive, then your private keys will be minimally vulnerable while your computer is "on" and will be fully exposes for the few seconds (if that) that your private key is in ram; if you are not sure that you will be able to fully power off your computer after decrypting your wallet, then you simply should not decrypt your wallet to sign a tx. Plus I believe it is possible to calculate the private keys based on the seed in the event that you do not have access to a copy of electrum.

You have not taken the time to research Trezor properly or you would not post nonsense. When you set up a Trezor you save your 24 word seed. If you lose your Trezor you can recreate your wallet in Electrum from the seed until you get a replacement.  Since all addresses and keys are created from the seed, you should think of the seed as your bitcoin. The device used to create your wallet from the seed is just a tool which can be replaced.

Suggesting Electrum is completely safe in normal configuration is just plain wrong. There are trojans that specialize in stealing bitcoin from wallet.dat files even encrypted with a passphrase. I have had it happen to me. A keylogger grabs your password when you type it in.

Electrum and Armory do offer cold storage which is the safe option. However you need two computers. The online computer holds your watching only wallet and the offline computer holds your private keys. Until Trezor came along this was the way we kept bitcoin safe. Trezor has been available for sale since May 2014 and has been thoroughly tested and vetted.

Take a look at the /r/Trezor subreddit if you have a concern about Trezor. Questions are answered pretty promptly by the developers.

[Sir Lagsalot]

Just discovered the Trezor connects to the Bits of Proof server owned by Blythe Masters. I understand that the server doesn't hold the private keys but this still makes me trust Trezor less.

[ajareselde]

i like to run a trap wallet on my desktop and use simply my computer, stealing that few cent of bitcoin, will immediately put me on the fence and proceed to wipe out the disk, never happened for now, so my computer is safe

for now i only trust my usb and my ssd, i don't use anything expensive like trezor, and i'm not going to use it in the future

What if the attacker gets to both of your trap wallet and the actual wallet itself before doing any transactions?

the actual wallet is a cold storage the trap wallet is a hot wallet with a very low amount, unless he know that , the wallet is a trap and i have more bitcoin hidden off line, he will steal immediately those coins

That's not very secure at all. I mean if you pick up wallet stealer it would be ok, but if you pick up some trojan, the owner of trojan will probably inspect all your
storage devices after finding out you are bitcoin user.. Also, it would be logical not to steal your coins right away if he sees that you send and receive coins regulary,
it would be moch more logical for him to wait until you have some sizable amount there..

[Carlton Banks]

Just discovered the Trezor connects to the Bits of Proof server owned by Blythe Masters. I understand that the server doesn't hold the private keys but this still makes me trust Trezor less.

I've been avoiding saying this out loud for some time, for Trezor's sake. Bear in mind that Satoshi Labs run the MyTrezor.com Bits of Proof server, not Blythe Master's cryptocurrency investment vehicle
(also, Bits of Proof was still owned by the original developer when Satoshi Labs bought the BoP licence from him, so they couldn't have predicted that Tamas would sell to these graverobbers)

But you are right to point it out; anything involving Blythe Masters should be steered well clear of. Electrum + Trezor FTW ATM.

[Amph]

i like to run a trap wallet on my desktop and use simply my computer, stealing that few cent of bitcoin, will immediately put me on the fence and proceed to wipe out the disk, never happened for now, so my computer is safe

for now i only trust my usb and my ssd, i don't use anything expensive like trezor, and i'm not going to use it in the future

What if the attacker gets to both of your trap wallet and the actual wallet itself before doing any transactions?

the actual wallet is a cold storage the trap wallet is a hot wallet with a very low amount, unless he know that , the wallet is a trap and i have more bitcoin hidden off line, he will steal immediately those coins

That's not very secure at all. I mean if you pick up wallet stealer it would be ok, but if you pick up some trojan, the owner of trojan will probably inspect all your
storage devices after finding out you are bitcoin user.. Also, it would be logical not to steal your coins right away if he sees that you send and receive coins regulary,
it would be moch more logical for him to wait until you have some sizable amount there..

then he will wait a very long time because i'm not touching my cold storage until the bitcoin price will increase drammatically, and anyway, because the value will be greater, i have planned a secure erase for the that time

therefore i should be relatively safe

[Mickeyb]

Just discovered the Trezor connects to the Bits of Proof server owned by Blythe Masters. I understand that the server doesn't hold the private keys but this still makes me trust Trezor less.

I've been avoiding saying this out loud for some time, for Trezor's sake. Bear in mind that Satoshi Labs run the MyTrezor.com Bits of Proof server, not Blythe Master's cryptocurrency investment vehicle
(also, Bits of Proof was still owned by the original developer when Satoshi Labs bought the BoP licence from him, so they couldn't have predicted that Tamas would sell to these graverobbers)

But you are right to point it out; anything involving Blythe Masters should be steered well clear of. Electrum + Trezor FTW ATM.

Just to make sure guys, the thing that you are talking about is when we are using Trezor with mytrezor.com wallet, right?

If I am using Trezor with the Electrum than there is no problems with Blythe Masters, right?

Thanks guys for clearing this out and repeating second time, just to make sure!

[kamilosa]

I'm a very paranoid person. I (for real) keep offline-generated BIP38 "paper" wallets (actually etched in metal, but that's besides the point) buried in the ground in the forest outside of my town. I leave my cellphone at home when I go to the burial sites so my cellphone company has no record of me being in the area. I use a FIPS 140-2 Level 3 validated hardware-encrypted thumbdrive, with an encrypted linux partition (on which I have a TrueCrypt container) to store my wallet. I only plug said thumbdrive into a dedicated device (laptop) which doesn't even have a HDD. I'm so paranoid that I actually flashed the BIOS on said laptop with openBIOS. I run Tails OS to access my secure thumbdrive, and I carry the thumbdrive with me around my neck all day (yes I even sleep with it). I'm basically a paranoid nutcase when it comes to my data -- especially my cryptocurrency. I ordered a Trezor and I´m storing most of my funds on this device. I hope that gives you an idea of how secure this is. These guys really know what they are doing and have addressed every concern I could imagine.

[kamilosa]

Just discovered the Trezor connects to the Bits of Proof server owned by Blythe Masters. I understand that the server doesn't hold the private keys but this still makes me trust Trezor less.

Well, Trezor was on the market much earlier than Blythe stepped into the Bitcoin game. BOP was acquired by her company and what from I know, SatoshiLabs are working on new backend solution.
You do not need to rely on SatoshiLabs servers, because you can use Electrum, Multibit, Encompass wallet or Mycelium.

[Carlton Banks]

Just discovered the Trezor connects to the Bits of Proof server owned by Blythe Masters. I understand that the server doesn't hold the private keys but this still makes me trust Trezor less.

I've been avoiding saying this out loud for some time, for Trezor's sake. Bear in mind that Satoshi Labs run the MyTrezor.com Bits of Proof server, not Blythe Master's cryptocurrency investment vehicle
(also, Bits of Proof was still owned by the original developer when Satoshi Labs bought the BoP licence from him, so they couldn't have predicted that Tamas would sell to these graverobbers)

But you are right to point it out; anything involving Blythe Masters should be steered well clear of. Electrum + Trezor FTW ATM.

Just to make sure guys, the thing that you are talking about is when we are using Trezor with mytrezor.com wallet, right?

If I am using Trezor with the Electrum than there is no problems with Blythe Masters, right?

Thanks guys for clearing this out and repeating second time, just to make sure!

There's no problems with Blythe Masters at MyTrezor.com AFAIK, but yes, Electrum definitely has zero association, however loose, with her or with any other JP Morgan cronies.

[RayBrady]

To be completely honest, not as much as others may. The chances of them running off are extremely slim, but it's not just that. My Trezor recently crashed, and if it were not for my Recovery Seed's and an old Android phone, it's possible I could've been out a couple of coins.

The hardware does have too many problem, and mytrezor.com is shit tbh. I don't know too much about the company so I won't say too much, I trust them a fair bit.

[smoothie]

Another solution - print out private keys on paper or engrave them into a durable metal possession and store in a safe or bury under the ground and have them in multiple locations.

https://bitcointalk.org/index.php?topic=1013586.0

Paper wallets are generally going to be less secure then an encrypted wallet. You would most likely be better off doing whatever you would do to protect your paper wallet, but omit the step that puts your private keys on paper and instead keep them encrypted on a hard drive.  

You could also encrypt it and then print it out on paper or engrave it into durable metal...then lock it in a safe... you just have to remember your password to decrypt it.

Must have slipped my mind putting that into my post...

The other caveat is that if I split my private key into say 4 sections....engraved on to a durable metal (wont melt in a fire or get destroyed by weather easily etc) and put those 4 pieces of my private key in FOUR safe separate places or in 8 separate places with duplicates of each portion.

Draw back for encrypting your wallet: you forget your password

Draw back for splitting up your wallet in multiple locations: more effort and remembering where you hid each piece (if it isnt obvious).

there will be draw backs for either approach.

Of course creating the keys on an air gapped computer that never connects to a network or the internet.

[RaginglikeaBoss]

I have two wallets, main one that i almost never use, and a "hot" one. If i really need funds i transfer x amount to hot wallet.
Hot wallet has theoretical chance to be compromised, but real one doesn't, because it's on another HDD that's disconnected all the time and has it's own OS.
When i want to transfer coins, i disconnect all other drives , place "real one", with own OS,send coins and disconnect it again.

There's no chance in getting main HDD compromised, as it only has OS and bitcoin client on it, nothing else.

Stuxnet proved that wrong.