Bitcoin Forum
February 22, 2020, 05:37:25 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Trezor&Keepkey - Unfixable Seed Extraction - A practical and reliable attack!  (Read 117 times)
Lucius
Legendary
*
Offline Offline

Activity: 1694
Merit: 1528


⚔ Fortis Fortuna Adiuvat ⚔


View Profile WWW
August 30, 2019, 10:13:33 AM
Merited by bones261 (2), NeuroticFish (1), DireWolfM14 (1)
 #1

On July 1, 2019 Ledger Donjon Team has published the results of their research on Trezor, Keepkey and all clones based on them. They found a pretty big flaw in those hardware wallets which unfortunately cannot be repaired, and it allows very easy extraction of seed from stolen hardware wallet. In short hacker need very cheap equipment (around $100) and some 5 minutes to extract seed.

Although the problem cannot be fixed via firmware upgrade, users can protect their seed with use of a long passphrase. Donjon Team suggest that this passphrase should be about 37 characters long to prevent dictionary and brute-force attacks.

This is just a warning to all Trezor&Keepkey users to add passphrase to their wallets in case the device is stolen. But be very careful in adding passphrase to your device, it will create new wallet and you will need to send coins from your main wallet to this wallet in transaction/s.

All essential information about passphrase : Passphrase — the ultimate protection for your accounts

Link to Ledger Donjon Team announcement : Unfixable Seed Extraction on Trezor - A practical and reliable attack

Special thanks to o_e_l_e_o for this information.

1582393045
Hero Member
*
Offline Offline

Posts: 1582393045

View Profile Personal Message (Offline)

Ignore
1582393045
Reply with quote  #2

1582393045
Report to moderator
1582393045
Hero Member
*
Offline Offline

Posts: 1582393045

View Profile Personal Message (Offline)

Ignore
1582393045
Reply with quote  #2

1582393045
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582393045
Hero Member
*
Offline Offline

Posts: 1582393045

View Profile Personal Message (Offline)

Ignore
1582393045
Reply with quote  #2

1582393045
Report to moderator
1582393045
Hero Member
*
Offline Offline

Posts: 1582393045

View Profile Personal Message (Offline)

Ignore
1582393045
Reply with quote  #2

1582393045
Report to moderator
1582393045
Hero Member
*
Offline Offline

Posts: 1582393045

View Profile Personal Message (Offline)

Ignore
1582393045
Reply with quote  #2

1582393045
Report to moderator
bitmover
Hero Member
*****
Offline Offline

Activity: 756
Merit: 1281



View Profile
August 30, 2019, 01:58:28 PM
 #2

One more physical attack on hardware wallets...

I think that's nothing to worry about. Using a long passphrase is always good, specially because you can keep the seed in one place and the passphrase on another. So you cannot get robbed if someone sees your seed.

NeuroticFish
Legendary
*
Online Online

Activity: 2128
Merit: 1473


First 100% Liquid Stablecoin Backed by Gold


View Profile
August 30, 2019, 02:06:03 PM
 #3

Actually the lesson to learn is that hardware wallets are not the ultimate protection. The user should keep on hardware wallet only the funds he expects to spend in the near future.
The real funds should stay completely offline, whether it's on paper wallets or cold wallets or whatever method the user finds suitable, as long as it's (always) offline.

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 840
Merit: 3646


Decent


View Profile
August 30, 2019, 02:42:35 PM
Merited by bones261 (2), NeuroticFish (1)
 #4

The real funds should stay completely offline, whether it's on paper wallets or cold wallets or whatever method the user finds suitable, as long as it's (always) offline.
The attack in question is a physical attack on Trezor devices; the attacker has to have access to your device. Keeping your wallet permanently offline wouldn't protect against this kind of attack. If an attacker has access to your paper wallet or airgapped machine, then they are just as vulnerable as a Trezor device (unless you have strong encryption on your wallet file).

Everyone with a hardware wallet should be using a strong passphrase, and probably even multiple strong passphrases. They mitigate attacks like this one, they protect you if your seed is found/stolen, and they also provide plausible deniability in the event of physical attacks against you. Treat your passphrase like your seed - back it up to paper only, never store it electronically, and store it separately to your hardware device and your mnemonic phrase.

NeuroticFish
Legendary
*
Online Online

Activity: 2128
Merit: 1473


First 100% Liquid Stablecoin Backed by Gold


View Profile
August 30, 2019, 04:21:40 PM
Merited by o_e_l_e_o (1)
 #5

The real funds should stay completely offline, whether it's on paper wallets or cold wallets or whatever method the user finds suitable, as long as it's (always) offline.
The attack in question is a physical attack on Trezor devices; the attacker has to have access to your device. Keeping your wallet permanently offline wouldn't protect against this kind of attack. If an attacker has access to your paper wallet or airgapped machine, then they are just as vulnerable as a Trezor device (unless you have strong encryption on your wallet file).

Everyone with a hardware wallet should be using a strong passphrase, and probably even multiple strong passphrases. They mitigate attacks like this one, they protect you if your seed is found/stolen, and they also provide plausible deniability in the event of physical attacks against you. Treat your passphrase like your seed - back it up to paper only, never store it electronically, and store it separately to your hardware device and your mnemonic phrase.

You are 100% correct and I guess that I have to elaborate my idea to avoid misunderstanding.
In my head one keeps the hardware wallet with him, for example when he's traveling. And in such cases theft and physical access is more likely than if you keep it at home.
But if you lose 0.1 or 0.01 Bitcoin with it, well, life goes on. If you lose a couple of Bitcoin, then it hurts.
I cannot really imagine why would somebody spend money on a hardware wallet that always stays offline / out of reach. But maybe my logic is broken, I don't know.

Strong passwords are a must nowadays everywhere really, I don't see who could argue in that.

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 840
Merit: 3646


Decent


View Profile
August 30, 2019, 04:39:00 PM
Merited by bones261 (2), NeuroticFish (1)
 #6

I cannot really imagine why would somebody spend money on a hardware wallet that always stays offline / out of reach. But maybe my logic is broken, I don't know.
Ease of use, I guess.

It is much easier for a newbie to plug in a hardware wallet and use it without making a mistake, than it is to set up and airgapped or paper wallet.

With both an airgapped machine and a paper wallet, to set them up properly you need some degree of technical competence. With airgapped wallets, you need to be able to remove the WiFi adapter from the computer, and learn how to set up a watch only wallet and transfer transactions back and forth with QR codes. With paper wallets, you need to be able to produce a secure source of entropy, avoid malware attacks on your computer and printer, and learn about how to properly spend from paper wallets so you don't lose the change. There's no great resource that talks a complete newbie through these steps one by one.

For an airgapped machine you also need, well, a machine. If you don't have an old laptop lying around, then not many people will buy an entire computer just to use as a wallet. Raspberry Pi or similar are an option, but again, the learning curve is much more steep* than with a hardware wallet.

With a Trezor or a Ledger, you can just plug it in and go. They come with an instruction manual and a website with very basic step-by-step instructions to follow. They are relatively difficult to do something catastrophic on, short of not checking your transactions and being a victim of clipboard malware, whereas it is relatively easy to accidentally send your funds from a paper wallet to an address you cannot access, for example.

I use a mobile wallet for day to day spending, a hardware wallet (with several passphrases, obviously) which largely stays at home (or comes with me if I'm going on an trip somewhere) which I transfer in and out of several times a month as needed, and an airgapped machine with full drive encryption for long term cold storage. Appropriate levels of risk for the amount of funds stored on each.



*As an aside, "steep learning curve" is one of the commonly used figures of speech I hate (despite me using it here, shut up Tongue). In the graph of knowledge on the y axis against time on the x axis, a steep curve means that a lot of knowledge is gained in a short amount of time i.e. something is easy to learn. A shallow learning curve is one that takes a lot of time to gain new knowledge. The colloquial usage of "steep learning curve" is the exact opposite of its true meaning.

bitmover
Hero Member
*****
Offline Offline

Activity: 756
Merit: 1281



View Profile
August 30, 2019, 05:38:33 PM
 #7

I cannot really imagine why would somebody spend money on a hardware wallet that always stays offline / out of reach. But maybe my logic is broken, I don't know.

I see no problem in keeping my hardware wallet out of reach. I feel my funds are completely safe within it. The biggest risk, for me, is the paper where my seed is stored, which is really vulnerable to physical attacks.

As o_e_l_e_o said,  HW are easy to setup and use. I withdrawal my funds from my hardware wallet like 2-3 times a year on the most, so I see no reason to keep it within my reach. I am not a trader, but a holder (in traditional investments and bitcoin).

For small quantities, the bitcoin I want to be in my hands all the time, I use a mobile wallet. Personally, I like electrum and Coinomi. If I lose the money that is stored there, no worries.

SM23031997
Hero Member
*****
Offline Offline

Activity: 910
Merit: 572


View Profile
August 30, 2019, 07:18:15 PM
 #8

I cannot really imagine why would somebody spend money on a hardware wallet that always stays offline / out of reach. But maybe my logic is broken, I don't know.

I see no problem in keeping my hardware wallet out of reach. I feel my funds are completely safe within it. The biggest risk, for me, is the paper where my seed is stored, which is really vulnerable to physical attacks.

As o_e_l_e_o said,  HW are easy to setup and use. I withdrawal my funds from my hardware wallet like 2-3 times a year on the most, so I see no reason to keep it within my reach. I am not a trader, but a holder (in traditional investments and bitcoin).

For small quantities, the bitcoin I want to be in my hands all the time, I use a mobile wallet. Personally, I like electrum and Coinomi. If I lose the money that is stored there, no worries.
Yup, you are right.
I'll it is not only prone to physical attacks, but there is also one more thing you need to avoid.
Although passphrase could be safe in a locker if somehow the ink get removed or letter become unrecognisable with time. I saw a few cases where people were unable to recognize the words on paper. So, better you keep checking it regularly as well.
Lucius
Legendary
*
Offline Offline

Activity: 1694
Merit: 1528


⚔ Fortis Fortuna Adiuvat ⚔


View Profile WWW
August 31, 2019, 09:40:43 AM
 #9

One more physical attack on hardware wallets...

Just one more possible physical attack on hardware wallets, but with one important difference - it can't be repaired with firmware upgrade. This means that most users will continue to use theirs hardware wallets without even being aware that this problem exists.

But we can assume that probably 90% of users is using passphrase on hardware wallets, and they can never be stolen because they are in underground bunkers or something similar - problem solved Lips sealed

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!