Bitcoin Forum
October 21, 2018, 04:02:51 PM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Storing Seed in Trezor Password manager itself?  (Read 47 times)
MrMik
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
March 11, 2018, 05:37:04 AM
 #1

I have this idea to store the Trezor seed in Trezor, but I might be missing some obvious problem, shoot me down if that's the case, please!

In order to have access to the Trezor seed, I could store it, using Trezor Password Manager, in an encrypted file in DropBox. https://chrome.google.com/webstore/detail/trezor-password-manager/imloifkgjagghnncjkhggdhalmcnfklk?hl=en

I'm not suggesting to use this as an alternative for the paper seed backup, but as a backup for the paper seed backup.

If Trezor is as safe as reported, then it should be impossible to get the seed unless one already has access to the physical Trezor device and the pin number. 

That may therefore sound as if it has no adantages, but I can think of several scenarios when it would come in handy:
1) Your paper seed backup has been destroyed.
2) The paper seed is unaccessible due to whatever.
3) Or worse, the paper seed has fallen into the wrong hands and 'they' will sooner or later figure out what it is.

Having access to the electronically saved seed when you still have access to the physical Trezor (and you remember the pin) would allow to make a new paper seed.
The old seed in the hands of the thieves becomes useless AND your crypto coins remain safe in a Trezor wallet at all times. For the procedure to do this see: https://doc.satoshilabs.com/trezor-user/advanced_features.html#changing-your-trezor-recovery-seed

A '5-dollar-wrench attack' would expose everything that's in the Trezor device, anyway, unless passphrases are used. And access to the seed does not change that.
 

So, what am I missing?

And can you see any problems using the Trezor Password Manager to store passwords / addresses or seeds for other crypto currency wallets (Those not supported by Trezor)?

And can anyone think of a way to add plausible deniability to the Trezor Password manager? As in: Not all passwords are displayed when the password manager is opened?

Thanks for any explanations to educate me about this, much appreciated!
1540137771
Hero Member
*
Offline Offline

Posts: 1540137771

View Profile Personal Message (Offline)

Ignore
1540137771
Reply with quote  #2

1540137771
Report to moderator
1540137771
Hero Member
*
Offline Offline

Posts: 1540137771

View Profile Personal Message (Offline)

Ignore
1540137771
Reply with quote  #2

1540137771
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1540137771
Hero Member
*
Offline Offline

Posts: 1540137771

View Profile Personal Message (Offline)

Ignore
1540137771
Reply with quote  #2

1540137771
Report to moderator
1540137771
Hero Member
*
Offline Offline

Posts: 1540137771

View Profile Personal Message (Offline)

Ignore
1540137771
Reply with quote  #2

1540137771
Report to moderator
1540137771
Hero Member
*
Offline Offline

Posts: 1540137771

View Profile Personal Message (Offline)

Ignore
1540137771
Reply with quote  #2

1540137771
Report to moderator
bob123
Hero Member
*****
Offline Offline

Activity: 714
Merit: 607



View Profile WWW
March 11, 2018, 10:08:48 AM
 #2

In order to have access to the Trezor seed, I could store it, using Trezor Password Manager, in an encrypted file in DropBox.

I would never suggest doing this.
You can't be 100% sure whether:
1) the implementation of the encryption is flawless
2) their server don't get compromised

What you are doing when backing up via online services is: You trust a 3rd party.
Cryptos are made to be functional in a trustless system. Don't rely on someone to keep your backup.



If Trezor is as safe as reported, then it should be impossible to get the seed unless one already has access to the physical Trezor device and the pin number. 

There already has been a vulnerability which allowed people with physical access to the trezor to get the seed out of the device (without pin).
Hardware wallets are safe, yes. But not 100% secured. Nothing is 100% secured.



That may therefore sound as if it has no adantages, but I can think of several scenarios when it would come in handy:
1) Your paper seed backup has been destroyed.
2) The paper seed is unaccessible due to whatever.
3) Or worse, the paper seed has fallen into the wrong hands and 'they' will sooner or later figure out what it is.

In all of these scenarios a second (paper) backup in a different place would be the solution.
No need to upload your encrypted private key into a cloud.



Having access to the electronically saved seed when you still have access to the physical Trezor (and you remember the pin) would allow to make a new paper seed.
The old seed in the hands of the thieves becomes useless AND your crypto coins remain safe in a Trezor wallet at all times. For the procedure to do this see: https://doc.satoshilabs.com/trezor-user/advanced_features.html#changing-your-trezor-recovery-seed

With physical access (and known pin) to your own trezor you could simply just create a new seed and send all of your coins over to your new (non-compromised) trezor seed.
If a (paper) seed backup gets stolen, simply create a new one and send your coins over (since you have physical access). No need to backup your seed in your trezor itself.
If you can access your trezor, you can access your coins. So whats the explicit reason to store the seed inside trezors password manager?



And can you see any problems using the Trezor Password Manager to store passwords / addresses or seeds for other crypto currency wallets (Those not supported by Trezor)?

This actually (storing the seed of cryptos not supported by trezor inside trezors password manager) does make sense.



I would never suggest to store private keys (or any other sensitive information) online.
Every encryption can theoretically be attacked. Quite a lot keys already got compromised because of bad implementations (e.g. bad pseudo random number generator).
You can never be 100% sure this won't happen with the encryption algo you are going to use.
My advice would be to keep all of your private keys offline.


tumis
Jr. Member
*
Offline Offline

Activity: 266
Merit: 1

Polish <-> English Manager (bounty, translation)


View Profile WWW
March 11, 2018, 10:51:17 AM
 #3

Why do they want to produce a new device when you can use those that other manufacturers produce? After all, all functionality is in the software. Even if I am wrong and their device will be created, our concept of using already proven and existing equipment, optimizing costs and functionality will make us sell the wallet for the "ordinary man" while they are only for the chosen ones waiting in the long queue for their wallet.

▋▋▋www.virtualrehab.co ▋▋▋
Psychological Rehabilitation for the Most Vulnerable
BitCryptex
Sr. Member
****
Offline Offline

Activity: 364
Merit: 298



View Profile WWW
March 11, 2018, 11:04:54 AM
 #4

I would never suggest to store private keys (or any other sensitive information) online. [...]
My advice would be to keep all of your private keys offline.

As far as I know, they are working on a new version of their password manager. I can't really tell where but I read that they wanted to make their password manager work with SD Card slot in their TREZOR T. It's a bit more secure than depending on TREZOR's servers.

Why do they want to produce a new device when you can use those that other manufacturers produce? After all, all functionality is in the software. Even if I am wrong and their device will be created, our concept of using already proven and existing equipment, optimizing costs and functionality will make us sell the wallet for the "ordinary man" while they are only for the chosen ones waiting in the long queue for their wallet.

Not related to the topic. Anyway, TREZOR T has different software inside which aim is to help developers add new altcoins. Unfortunately, even good software won't do much without a good, reliable hardware. Now you don't have to type in anything on your computer, seed, passphrase, PIN are entered directly on the device's screen, you don't have to worry about keyloggers. There's also a SD Card slot which I mentioned earlier, right now it is only used for upgrading the bootloader.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!