If Trezor's servers go down, what would happen to wallets w/ 25th password?

[OROBTC]

...

Something I have wondered about for a while, but never got around to asking, is what would happen to wallets with a "13th Word"?

For example, I do not see how BTC could be recovered from a Trezor with the extra word via blockchain.com, Wasabi, BitPay or Ledger wallets (the only ones I am familiar with).  I have not downloaded or used Electrum or any other wallets.

For that matter, are there ANY hardware wallets that do not have to be used only with specific servers?  If not, that seems like an extra risk...

[1715434667]

1715434667

[1715434667]

1715434667

[1715434667]

1715434667

[1715434667]

1715434667

[ranochigo]

Most of them will work without.

Many of the HW wallet, or wallets in general uses BIP39 to generate their seed phrase. The method for them to generate the seed passphrase is completely transparent and it is not difficult to obtain the private keys from that directly. Even if they use a different standard like Electrum, you'll probably be able to figure out how it's done by looking at the codes, the extract the private keys yourself.

[Chikito]

For that matter, are there ANY hardware wallets that do not have to be used only with specific servers?  If not, that seems like an extra risk...

Trezor can completely connect with your own node, which means we can be completely independent of any servers [1]. when connected to wasabi, Trezor will also connect to the wasabi server, so are the others. cmiiw

[1]. https://wiki.trezor.io/User_manual:Running_a_local_instance_of_Trezor_Wallet_backend_(Blockbook)

[Husires]

If you need to connect to any server for wallet seed creation then your hardware wallet can send your wallet seed to any third part or not trust its security.
wallet seed is BIP protocol you can extract the private keys using https://github.com/iancoleman/bip39 and export it to any wallet. electrum or others.

Trezor's servers go down and there is no way to send coins people can use any other software.

[Lucius]

Something I have wondered about for a while, but never got around to asking, is what would happen to wallets with a "13th Word"?

If I understood you correctly, the question is actually whether Trezor wallet can be recovered if in addition to the seed, there is also what you call an extra word (passphrase). Of course this is possible if the alternative crypto wallet supports the extra word option, and this is the case with Electrum. Of course there is no point in doing that, because you can simply connect your Trezor to Electrum and get access to your BTC wallet at any time.

For example, I do not see how BTC could be recovered from a Trezor with the extra word via blockchain.com, Wasabi, BitPay or Ledger wallets (the only ones I am familiar with).  I have not downloaded or used Electrum or any other wallets.

As far as I know, the seed generated by Trezor can be easily entered into the Ledger and vice versa - and in my opinion this is the only safe solution in which I would not consider such a seed compromised. Entering HW seed in online wallet would really be a stupid move, especially if someone were a victim of phishing at the same time.

https://wiki.trezor.io/Apps:Electrum

[o_e_l_e_o]

For example, I do not see how BTC could be recovered from a Trezor with the extra word via blockchain.com, Wasabi, BitPay or Ledger wallets (the only ones I am familiar with).  I have not downloaded or used Electrum or any other wallets.

Blockchain.com and BitPay won't support it, but these are two of the worst wallets in existence and there a plethora of reasons you should not use them, with lack of passphrase support being the least of your worries.

However, both Wasabi and Ledger will support seed phrases with additional passphrases (also known as the "25th word"), as will a number of other wallets such as Electrum. There are even open source tools such as https://iancoleman.io/bip39/ which will allow you to import both a seed phrase and an additional passphrase (don't do this on an online computer!)

The passphrase/25th word/seed extension/etc. is a very standard part of seed generation, and is detailed in BIP39 itself:

A user may decide to protect their mnemonic with a passphrase. If a passphrase is not present, an empty string "" is used instead.

To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt.

For that matter, are there ANY hardware wallets that do not have to be used only with specific servers?  If not, that seems like an extra risk...

Both Trezor and Ledger can be used without requiring you to use their own servers or software, by pairing them with Electrum or similar.

[dkbit98]

I think that Trezor satoshilabs developers first created BIP39 standard back in 2013 and most hardware and software wallets are supporting it today.
Trezor servers are not connected with your passphrase in any way so you don't have to worry about that, you can even generate your seed words and passphrase offline, and if servers go down you can just use any other wallet.
I would however be very careful and not use any online and hot wallets for recovering and importing backup phrase and passphrase.

For that matter, are there ANY hardware wallets that do not have to be used only with specific servers?  If not, that seems like an extra risk...

Coldcard hardware wallet have no servers so you must use your own Bitcoin full node or use some other wallets with servers like Electrum.

[ranochigo]

If you need to connect to any server for wallet seed creation then your hardware wallet can send your wallet seed to any third part or not trust its security.

Same reason why people urge others to run a local instance of their wallet instead of having to connect to something that can be changed at a whim without any of the user's authorization.

Trezor's servers go down and there is no way to send coins people can use any other software.

There is[1]. It isn't necessary for the user to use SatoshiLabs' servers, they can run their own and be perfectly fine.

[1] https://wiki.trezor.io/User_manual:Running_a_local_instance_of_Trezor_Wallet_backend_(Blockbook)

[OROBTC]

...

Thank you all for your responses.  Many of your responses are "beyond my scope", so let me run an idea past you all that I got from my nearby thread on Wasabi wallets.  

I now have on my Trezor: (BIP 39) "Word1", "Word2", ... "Word 12", "passphrase"  <--- OK, I'm good there.

I also have Wasabi, and perhaps I could do the below should I want to recover my Trezor wallet (if their servers go away, whatever):

Recover onto Wasabi using same 12 words (seed) as in my Trezor, then use same Trezor "passphrase" as my Wasabi password.

Does that work?  That would be one very nice application for Wasabi.  That also solves the disappearance issue of Trezor servers without me having to get LINUX, Electrum, Ian Coleman, etc. that I know very little about.

Thank you again for your assistance.



EDIT: Install Trezor Suite to allow Trezor to work with bech32 addresses.  I did so (install and create a bech32), backed up the passphrase-protected Trezor wallet into Wasabi, and then made a transaction.  It worked just fine.  A great tool for just in case...

[o_e_l_e_o]

Recover onto Wasabi using same 12 words (seed) as in my Trezor, then use same Trezor "passphrase" as my Wasabi password.

Does that work?

I haven't done it myself, but it should work just fine.

If you look at the Wasabi docs here - https://docs.wasabiwallet.io/FAQ/FAQ-UseWasabi.html#what-is-the-password-used-for - it says that the password you set on your Wasabi wallet is used as a passphrase as described in BIP39, which is exactly how Trezor uses the passphrase.

Also here - https://docs.wasabiwallet.io/using-wasabi/WalletRecovery.html#mnemonic-recovery-words-and-password - it says you can recover a wallet generated from any BIP39 software, again by inputting your seed phrase and then by inputting your passphrase as the password.

Why not create a dummy wallet on your Trezor and test it yourself?

[OROBTC]

Recover onto Wasabi using same 12 words (seed) as in my Trezor, then use same Trezor "passphrase" as my Wasabi password.

Does that work?

I haven't done it myself, but it should work just fine.

If you look at the Wasabi docs here - https://docs.wasabiwallet.io/FAQ/FAQ-UseWasabi.html#what-is-the-password-used-for - it says that the password you set on your Wasabi wallet is used as a passphrase as described in BIP39, which is exactly how Trezor uses the passphrase.

Also here - https://docs.wasabiwallet.io/using-wasabi/WalletRecovery.html#mnemonic-recovery-words-and-password - it says you can recover a wallet generated from any BIP39 software, again by inputting your seed phrase and then by inputting your passphrase as the password.

Why not create a dummy wallet on your Trezor and test it yourself?

Yes, in essence, that's what I did, but I first had to install Trezor Suite to be able to get Trezor and Wasabi to work together nicely (w/ bech32 addresses).

It did indeed work just fine.

[HCP]

EDIT: Install Trezor Suite to allow Trezor to work with bech32 addresses.  I did so (install and create a bech32), backed up the passphrase-protected Trezor wallet into Wasabi, and then made a transaction.  It worked just fine.  A great tool for just in case...

How exactly did you go about "backing up the passphrase-protected Trezor wallet into Wasabai"?

If you entered your 12/24 words and passphrase directly into Wasabi... you need to move all your coins from your Trezor, then reset your Trezor and create a completely new 12/24 word seeds/passphrase combo and move you coins to that new wallet ASAP, as you have effectively removed all the safeguards of the Trezor by exposing the seed.

You should NEVER put your 12/24 words into anything other than your Trezor (or another hardware wallet)... unless you are attempting to recovery funds due to the device being stolen/lost/broken and you can't wait until you can get another hardware wallet to restore your wallet to.

[OROBTC]

EDIT: Install Trezor Suite to allow Trezor to work with bech32 addresses.  I did so (install and create a bech32), backed up the passphrase-protected Trezor wallet into Wasabi, and then made a transaction.  It worked just fine.  A great tool for just in case...

How exactly did you go about "backing up the passphrase-protected Trezor wallet into Wasabai"?

If you entered your 12/24 words and passphrase directly into Wasabi... you need to move all your coins from your Trezor, then reset your Trezor and create a completely new 12/24 word seeds/passphrase combo and move you coins to that new wallet ASAP, as you have effectively removed all the safeguards of the Trezor by exposing the seed.

You should NEVER put your 12/24 words into anything other than your Trezor (or another hardware wallet)... unless you are attempting to recovery funds due to the device being stolen/lost/broken and you can't wait until you can get another hardware wallet to restore your wallet to.

I created a dummy account in Trezor (after setting up Trezor Suite) a bech32 ("bc1qxxx") address with a passphrase, and put a tiny amount of BTC into it.  Then:

1)  In Wasabi I clicked "Recover Wallet"
2)  Entered into Wasabi's "Password" the Trezor passphrase
3)  Entered into Wasabi the 12 seed words

Trezor wallet recovered, BTC balance there in the bech32 address (same one as in Trezor), and transferred it just fine

EDIT: I did not recover (in Wasabi) my main Trezor passphrase-protected account, which as you mention, defeats the purpose of the hardware wallet.  I just wanted to find a way to recover a passphrase-protected account just in case of loss, theft, or loss of function of my Trezor.

[o_e_l_e_o]

HCP is right though. You should have done this with an entirely dummy wallet and dummy seed phrase, not just a new account on your main seed. Although your main account is still protected by its passphrase, by entering your 12 word seed phrase in to Wasabi you have exposed it to the internet and so it can no longer be considered safe. You have effectively reduced the security of your main account to whatever the security of the passphrase on that account is. Only you will know how secure or otherwise this is, but most people tend to use easily memorable and therefore easily guessed passphrases with far less than 128 bits of entropy (such as common words or phrases, names, addresses, etc.), and not truly random and secure passphrases such as &Lb_"z\wA^Dc]d8hL5+[.

If it were me, I would be moving everything on my Trezor to a new and secure seed phrase.

[OROBTC]

HCP is right though. You should have done this with an entirely dummy wallet and dummy seed phrase, not just a new account on your main seed. Although your main account is still protected by its passphrase, by entering your 12 word seed phrase in to Wasabi you have exposed it to the internet and so it can no longer be considered safe. You have effectively reduced the security of your main account to whatever the security of the passphrase on that account is. Only you will know how secure or otherwise this is, but most people tend to use easily memorable and therefore easily guessed passphrases with far less than 128 bits of entropy (such as common words or phrases, names, addresses, etc.), and not truly random and secure passphrases such as &Lb_"z\wA^Dc]d8hL5+[.

If it were me, I would be moving everything on my Trezor to a new and secure seed phrase.

Mmmm, I see your (and HCP's) point.  I have some homework to do, too bad that I had my current seed nicely memorized, but, yes, security first.  Thank you both for the tip.

[Lucius]

...too bad that I had my current seed nicely memorized, but, yes, security first.

I hope you don’t rely solely on your memory when it comes to backup, it’s a very unreliable way to store sensitive information. In addition, this information can be extracted from you if you come under the influence of drugs or alcohol, so it may be better not to memorize such things. Simply make 2 or more backups, and store them if possible in different locations, and for extra security add an extra word (passphrase).

[o_e_l_e_o]

In addition, this information can be extracted from you if you come under the influence of drugs or alcohol, so it may be better not to memorize such things.

I don't disagree that relying solely on your memory is a terrible idea when it comes to backing up seed phrases or wallets, but not for this reason. If you ever find yourself in a situation where someone is extracting information from you, then they can just as easily force you to tell them the PIN for your hardware wallet, or the decryption key for your wallet.dat files, or the location of you back ups, or your exchange account password, or whatever it is they desire.

The only protection if you find yourself in a such a scenario is plausible deniability, usually in the form of multiple passphrases or hidden encrypted volumes.

[OROBTC]

In addition, this information can be extracted from you if you come under the influence of drugs or alcohol, so it may be better not to memorize such things.

I don't disagree that relying solely on your memory is a terrible idea when it comes to backing up seed phrases or wallets, but not for this reason. If you ever find yourself in a situation where someone is extracting information from you, then they can just as easily force you to tell them the PIN for your hardware wallet, or the decryption key for your wallet.dat files, or the location of you back ups, or your exchange account password, or whatever it is they desire.

The only protection if you find yourself in a such a scenario is plausible deniability, usually in the form of multiple passphrases or hidden encrypted volumes.

Mmm, hmm. 

Yes, I have the seed written in a couple of places (secured) as well as memorized.

Yes, I use passphrases.

And, yes, I have another hardware wallet w/ passphrase.

[Coin-Keeper]

I would also suggest you consider setting a self-destruct PIN on your Trezor.  At least you would have an option to consider if you were forced to reveal your PIN.  Setting a unique PIN that if entered will WIPE all wallet and/or SEED info - completely - would be your call at that time.  Obviously that will take things to an all new level, but at least you have an option in that exact instance.  In my case IF I use my self-destruct PIN the ONLY way to get my SEED is to go to my safe deposit box.  Period, no exceptions!  I really have my destruct PIN set as a trap for a stolen Trezor.  The PIN would be an obvious one to attempt if someone knew me.

[Pmalek]

I would also suggest you consider setting a self-destruct PIN on your Trezor.  At least you would have an option to consider if you were forced to reveal your PIN.  Setting a unique PIN that if entered will WIPE all wallet and/or SEED info - completely - would be your call at that time. 

If you find yourself in a situation where someone is threatening your life or the life of your family members, do you really want to wipe your device clean in front of them and go: "fuck you, now you have nothing. Btw, please don't hurt my family, I love them".

Plausible deniability is still the better choice. Keep a few grands that you can access with a separate PIN and hand them over. Just enough for the thieves to get something and not go berserk on you, your family, or your property, but also not the majority of your holdings.