Storing Seed in Trezor Password manager itself?

[MrMik]

I have this idea to store the Trezor seed in Trezor, but I might be missing some obvious problem, shoot me down if that's the case, please!

In order to have access to the Trezor seed, I could store it, using Trezor Password Manager, in an encrypted file in DropBox. https://chrome.google.com/webstore/detail/trezor-password-manager/imloifkgjagghnncjkhggdhalmcnfklk?hl=en

I'm not suggesting to use this as an alternative for the paper seed backup, but as a backup for the paper seed backup.

If Trezor is as safe as reported, then it should be impossible to get the seed unless one already has access to the physical Trezor device and the pin number. 

That may therefore sound as if it has no adantages, but I can think of several scenarios when it would come in handy:
1) Your paper seed backup has been destroyed.
2) The paper seed is unaccessible due to whatever.
3) Or worse, the paper seed has fallen into the wrong hands and 'they' will sooner or later figure out what it is.

Having access to the electronically saved seed when you still have access to the physical Trezor (and you remember the pin) would allow to make a new paper seed.
The old seed in the hands of the thieves becomes useless AND your crypto coins remain safe in a Trezor wallet at all times. For the procedure to do this see: https://doc.satoshilabs.com/trezor-user/advanced_features.html#changing-your-trezor-recovery-seed

A '5-dollar-wrench attack' would expose everything that's in the Trezor device, anyway, unless passphrases are used. And access to the seed does not change that.
 

So, what am I missing?

And can you see any problems using the Trezor Password Manager to store passwords / addresses or seeds for other crypto currency wallets (Those not supported by Trezor)?

And can anyone think of a way to add plausible deniability to the Trezor Password manager? As in: Not all passwords are displayed when the password manager is opened?

Thanks for any explanations to educate me about this, much appreciated!

[1715497866]

1715497866

[1715497866]

1715497866

[1715497866]

1715497866

[1715497866]

1715497866

[1715497866]

1715497866

[1715497866]

1715497866

[bob123]

In order to have access to the Trezor seed, I could store it, using Trezor Password Manager, in an encrypted file in DropBox.

I would never suggest doing this.
You can't be 100% sure whether:
1) the implementation of the encryption is flawless
2) their server don't get compromised

What you are doing when backing up via online services is: You trust a 3rd party.
Cryptos are made to be functional in a trustless system. Don't rely on someone to keep your backup.

If Trezor is as safe as reported, then it should be impossible to get the seed unless one already has access to the physical Trezor device and the pin number. 

There already has been a vulnerability which allowed people with physical access to the trezor to get the seed out of the device (without pin).
Hardware wallets are safe, yes. But not 100% secured. Nothing is 100% secured.

That may therefore sound as if it has no adantages, but I can think of several scenarios when it would come in handy:
1) Your paper seed backup has been destroyed.
2) The paper seed is unaccessible due to whatever.
3) Or worse, the paper seed has fallen into the wrong hands and 'they' will sooner or later figure out what it is.

In all of these scenarios a second (paper) backup in a different place would be the solution.
No need to upload your encrypted private key into a cloud.

Having access to the electronically saved seed when you still have access to the physical Trezor (and you remember the pin) would allow to make a new paper seed.
The old seed in the hands of the thieves becomes useless AND your crypto coins remain safe in a Trezor wallet at all times. For the procedure to do this see: https://doc.satoshilabs.com/trezor-user/advanced_features.html#changing-your-trezor-recovery-seed

With physical access (and known pin) to your own trezor you could simply just create a new seed and send all of your coins over to your new (non-compromised) trezor seed.
If a (paper) seed backup gets stolen, simply create a new one and send your coins over (since you have physical access). No need to backup your seed in your trezor itself.
If you can access your trezor, you can access your coins. So whats the explicit reason to store the seed inside trezors password manager?

And can you see any problems using the Trezor Password Manager to store passwords / addresses or seeds for other crypto currency wallets (Those not supported by Trezor)?

This actually (storing the seed of cryptos not supported by trezor inside trezors password manager) does make sense.



I would never suggest to store private keys (or any other sensitive information) online.
Every encryption can theoretically be attacked. Quite a lot keys already got compromised because of bad implementations (e.g. bad pseudo random number generator).
You can never be 100% sure this won't happen with the encryption algo you are going to use.
My advice would be to keep all of your private keys offline.

[tumis]

Why do they want to produce a new device when you can use those that other manufacturers produce? After all, all functionality is in the software. Even if I am wrong and their device will be created, our concept of using already proven and existing equipment, optimizing costs and functionality will make us sell the wallet for the "ordinary man" while they are only for the chosen ones waiting in the long queue for their wallet.

[Rath_]

I would never suggest to store private keys (or any other sensitive information) online. [...]
My advice would be to keep all of your private keys offline.

As far as I know, they are working on a new version of their password manager. I can't really tell where but I read that they wanted to make their password manager work with SD Card slot in their TREZOR T. It's a bit more secure than depending on TREZOR's servers.

Why do they want to produce a new device when you can use those that other manufacturers produce? After all, all functionality is in the software. Even if I am wrong and their device will be created, our concept of using already proven and existing equipment, optimizing costs and functionality will make us sell the wallet for the "ordinary man" while they are only for the chosen ones waiting in the long queue for their wallet.

Not related to the topic. Anyway, TREZOR T has different software inside which aim is to help developers add new altcoins. Unfortunately, even good software won't do much without a good, reliable hardware. Now you don't have to type in anything on your computer, seed, passphrase, PIN are entered directly on the device's screen, you don't have to worry about keyloggers. There's also a SD Card slot which I mentioned earlier, right now it is only used for upgrading the bootloader.

[sergio]

This is my recommendation for security, do not store the seed directly on trezor password manager if you have lots of funds.

A better method is to store the seed encrypted locally on a secure physical location that you control, and on the trezor password manager store the password for the encryption.
That way if the trezor password manager has a vulnerability which could happen, your seed is not compromised, only the password to the encrypted file is compromised, however since they do not have access to the encrypted file you are still safe and now have time to create a new encrypted file with a new password.

Extra work, however you have an additional layer of security which is needed, in addition on the trezor use a passphrase which is critical, since Trezor has be psychically hacked, however the passphrase is not stored on the trezor which is a needed level of security for physical theft.

I personally like the Trezor T a lot, but I also use the Trezor one since sometimes I had trouble with trezor T which I never had with Trezor one when dealing with u2f.

My approach for security is to have several secure wallets, trezor ledger and coldcard, being coldcard the most secure, and Trezor the most user friendly.

The coldcard has a method to encrypt the seed into a file which is great, then store the 12 word passphrase to decrypt the file on trezor password manager, and do not use a computer to handle the encrypted file since you could have a virus especially in windows, use the coldcard to handle the file, and the seed can also be used on trezor or ledger.

Many of my hardware wallets where on a safe on Mexico and they were stolen by the Mexican police and military, however I had backups so I am safe, and they completely failed at hacking them, luckily for me I was not there when the theft took place, it was 15 guys army and police in mexico armed with machine guns.
That shows that hardware wallets are very safe.