Do you recommend passpharse for Trezor One?

[Chris Redfield]

Hello everybody,

I just set up my Trezor One and I see option to set additional protection with passpharse.
However I heard that while it may make things safer,it can also be devastating if I forget it,or lost it.
Some say it's not recommend to use it,other say it's great extra layer of protection.
I would like to know your opinion.

Also,I set up my Trezor and download Trezor Suite app for desktop.
I wrote seed words as well as PIN.
I would like to know is that all and am I now completely protected from any kind of threat like hacking or pishing attacks?

[1714959836]

1714959836

[1714959836]

1714959836

[Charles-Tim]

Trezor is a reputed wallet, it is completely open source which makes it to be one of the wallet that is recommendable. But, there is one thing that was proved about Trezor, it is about if the wallet is stolen, there are ways to attack the wallet and reveal the complete seed phrase in minutes. This can be used to steal all the bitcoin and other cryptocurrencies that is controlled by keys generated by the seed phrase. Although, if the wallet is not stolen and is safe with you, nothing will happen.

But, in case it is stolen, and the thief try to extract out the seed phrase, the passphrase can help, it will make it difficult or impossible to know the keys generated, because passphrase in addition to seed phrase makes a wallet to generate another keys and addresses entirely. In this case your wallet will even still be safe after theft. But, it is advisable to use strong extra words (passphrase) so that brute forcing it will be difficult or impossible. And you would have even recovered your wallet and transfer the cryptocurrencies on it to another wallet immediately after theft.

You will need to properly, securely and safely backup the seed phrase and passphrase offline, the back up should not be together, and have like two replica in different location will make its accessibility safer. Know that pin can protect the wallet, but not needed while importing the seed phrase on another wallet for recovery, unlike the passphrase which is very important.

The passphrase makes your wallet protection stronger, and must not be forgotten. It should be properly backup as well as seed phrase but differently.

[ranochigo]

There are two types of passphrase. An encryption for the seed or an extension for the seed. The former is recommended for Trezor as there is an unfixable vulnerability which allows for an extraction of the seed given physical access to the device. An encryption on top of it would make the attack practically useless.

The latter is entirely up to you. The seed extension is not covered by the checksum and you might have difficulty when restoring the seeds. Shouldn't be a problem if you were to make a backup safely.

[Chris Redfield]

OK,I really don't think I'll ever have problem with thief breaking into my home and trying to steal Trezor device.
Not only that nobody knows I have cryptocurrencies and even if they somehow do,I still have such a small amounts that it's not worth it.
I will keep device hidden of course so I don't worry too much that someone will find it and steal it.

My biggest concern is that someone may hack it while I'm connected to my PC while I'm in Trezor Suite desktop app.
Like,what if someone can hack it while I'm making transaction or if I catch spy malware or some virus or someone infiltrate my PC without my knowledge?

Also,now when I set up Trezor and wrote down seed words as well as PIN,do I have to worry about anything else or is that all I need to have excellent protection?

[ranochigo]

My biggest concern is that someone may hack it while I'm connected to my PC while I'm in Trezor Suite desktop app.
Like,what if someone can hack it while I'm making transaction or if I catch spy malware or some virus or someone infiltrate my PC without my knowledge?

No. The communication through USB won't allow for any malware to be able to obtain your secrets. The exploit works solely on the premise that the attacker is able to crack open your device and take the chip out to glitch it.

The main risk with malware is them tricking you into entering a different address and stealing your funds. It is mitigated by checking the screen on your Trezor to see if the address is correct.

Also,now when I set up Trezor and wrote down seed words as well as PIN,do I have to worry about anything else or is that all I need to have excellent protection?

That is all to restore all your funds.

[Charles-Tim]

There are two types of passphrase. An encryption for the seed or an extension for the seed. The former is recommended for Trezor as there is an unfixable vulnerability which allows for an extraction of the seed given physical access to the device. An encryption on top of it would make the attack practically useless.

Please, never mind this, I do not get your point here. The encrypted passphrase should be BIP38 right? Which is also even called password, correct me if wrong. But, the hierarchical deterministic wallet only follow the BIP39 passphrase standard which is generated through salting in which making seed phrase to generate another keys and addresses entirely, this are the passphrase which are extra words, and it is what is supported by Trezor. BIP38 is used for wallets like paper wallet, not hierarchical deterministic wallets.

My biggest concern is that someone may hack it while I'm connected to my PC while I'm in Trezor Suite desktop app.

You will need to operate your wallet in a safe environment, making your computer to be completely safe from malware.

Like,what if someone can hack it while I'm making transaction or if I catch spy malware or some virus or someone infiltrate my PC without my knowledge?

You need to know ways to protect your device, making it not have malware. You will need to learn this before making use of bitcoin at all. Learn how to use your device in a way you will stay away from alware, not that hard if you learn about it.

Also,now when I set up Trezor and wrote down seed words as well as PIN,do I have to worry about anything else or is that all I need to have excellent protection?

The most important is the seed phrase, you need the pin to access your wallet, but if you are import the seed phrase to another wallet, the pin is no more needed. But remember what I posted above, that if the passphrase is included, you will need it along during seed phrase importation.

In case you later decide to use passphrase. These will be helpful:

Important characteristics
The passphrase is not stored anywhere on the device. It is only used temporarily whenever you enter it.
A passphrase, as implemented in Trezor devices, can be any character or set of characters, a word, or a sentence up to 50 bytes long (~50 ASCII characters).
Passphrases are case-sensitive - lowercase and uppercase characters are distinguished and count as different.
A space (blank) is a valid character.
The passphrase and recovery seed belong together. Neither can be used without the other if you sent your coins to a passphrase protected wallet.

No. The communication through USB won't allow for any malware to be able to obtain your secrets. The exploit works solely on the premise that the attacker is able to crack open your device and take the chip out to glitch it.

You are right, but I have heard the possibility of change address in which recipient address will be change to attackers address during sending, but checking the address again to make sure it is the recipient address is recommended. Also, the best is to operate hardware wallet in a safe environment with a safe computer.

[ranochigo]

Please, never mind this, I do not get your point here. The encrypted passphrase should be BIP38 right? Which is also even called password, correct me if wrong. But, the hierarchical deterministic wallet only follow the BIP39 passphrase standard which is generated through salting in which making seed phrase to generate another keys and addresses entirely, this are the passphrase which make use of extra words, and it is what is supported by Trezor. BIP38 is used for wallets like paper wallet, not hierarchical deterministic wallets.

It doesn't have to. BIP38 is just another way to conveniently encrypt things but they do have a version byte identifier. Advantage of BIP38 is that the identifier allows you to see that it is a BIP38 encrypted key and probably an encrypted private key. The encryption used for BIP38 can be used anywhere and it is.

You will need to operate your wallet in a safe environment, making your computer to be completely safe from malware.

Not needed. If you have to do so, then there is probably no point for a hardware wallet.

[HCP]

Because of the unfixable security vulnerability in the Trezor ONE, most users would probably regard the passphrase as "required" (and a relatively long, complex one at that!) to maintain the "same level" of security as most hardware wallets provide.

As already noted, without the passphrase, your seed and therefore your private keys are trivially easy to get access to for anyone with physical access to your hardware wallet. A desktop wallet with a password would have more protection!

So, it depends on your personal risk profile/acceptance... if you're satisfied that the odds of the device being physically compromised are lower than forgetting your passphrase then it's not "required" per se.

At this time, there are no known exploits to be able to remotely hack the device.

[dkbit98]

I just set up my Trezor One and I see option to set additional protection with passpharse.
However I heard that while it may make things safer,it can also be devastating if I forget it,or lost it.
Some say it's not recommend to use it,other say it's great extra layer of protection.
I would like to know your opinion.

I would use Trezor and other hardware wallets only with passphrase option because it is not stored anywhere on device and it is much harder for anyone to steal your funds if you lose your wallet device.
It is very important to make good strong passphrase made from several words, write it correctly and back it up in separate location from your seed words.
You can have separate account in your Trezor wallet without passphrase as decoy for holding smaller amount of coins.

Also,I set up my Trezor and download Trezor Suite app for desktop.
I wrote seed words as well as PIN.
I would like to know is that all and am I now completely protected from any kind of threat like hacking or pishing attacks?

You are never 100% protected and phishing attacks are mostly done by human mistakes, not checking if website is correct or clicking link received in email.
Watch what you install on your computer and scan it for malware, viruses and keyloggers before you use this computer for any crypto wallets.
I would suggest that you download Trezor Suite from official website or github page and use that instead of their web version.

Anyone can be victim of phishing so you should pass some free Phishing Quizzes and learn more how to protect yourself.

[Charles-Tim]

Because of the unfixable security vulnerability in the Trezor ONE...

You are absolutely correct, but just want to add this for more clarification. The vulnerability in which someone that steal the hardware wallet can be able to extract out the seed phrase can also be done one Trezor Model T. I am pretty sure you know about this as well, but I included it for the OP not to make mistake by thinking otherwise about Trezor Model T.

[Chris Redfield]

Hey guys,one more question.
I use Ethermine and T-Rex for mining and I use Coinbase as wallet.
I had small amount of mined Ethereum in my Coinbase wallet that I transfer to Trezor One.
I had to pay transfer fee that was fairly high.
I would like to know,is there a possibility to use Ethermine and once I pass threshold of 0.05 ETH is there a way to transfer that mined Ethereum directly to Trezor without sending it to Coinbase to avoid fees?

[dkbit98]

I would like to know,is there a possibility to use Ethermine and once I pass threshold of 0.05 ETH is there a way to transfer that mined Ethereum directly to Trezor without sending it to Coinbase to avoid fees?

Only way is to change wallet address in your miner and replace it with one of your addresses from Trezor hardware wallet, that is if you want to hold coins and not sell them on exchange.
Exchanges are for trading and wallets are for holding coins.

[Chris Redfield]

I would like to know,is there a possibility to use Ethermine and once I pass threshold of 0.05 ETH is there a way to transfer that mined Ethereum directly to Trezor without sending it to Coinbase to avoid fees?

Only way is to change wallet address in your miner and replace it with one of your addresses from Trezor hardware wallet, that is if you want to hold coins and not sell them on exchange.
Exchanges are for trading and wallets are for holding coins.

So,all I need to do is edit bat. file in T-Rex and replace existing address with the one from the Trezor?
I thought so,but one day when I want to send coins back to Coinbase to sell them,will I have to pay fees for transfer from Trezor to Coinbase?
Also,I mined 0.03 ETH on Ethermine,I suppose if I change wallet address in T-Rex miner,I won't lose those 0.03 ETH that I'm currently mining?

[dkbit98]

So,all I need to do is edit bat. file in T-Rex and replace existing address with the one from the Trezor?

Probaly yes, but I never used that miner and I can't say anything more about it.

I thought so,but one day when I want to send coins back to Coinbase to sell them,will I have to pay fees for transfer from Trezor to Coinbase?

What kind of question is that?
You need to pay fees for sending coins from your own wallet, so make up your mind what you want to do, sell or hold coins.

Also,I mined 0.03 ETH on Ethermine,I suppose if I change wallet address in T-Rex miner,I won't lose those 0.03 ETH that I'm currently mining?

You are not going to lose anything if you do everything correctly, but you may lose everything if you make some mistake.

PS
Please stay on topic.

[Charles-Tim]

So,all I need to do is edit bat. file in T-Rex and replace existing address with the one from the Trezor?

Yes, if it is your paying address that you generated yourself and submitted.

I thought so,but one day when I want to send coins back to Coinbase to sell them,will I have to pay fees for transfer from Trezor to Coinbase?

It will be better to used an address on noncustododial wallet like Trezor for the paying address, transaction fee on such wallets are much more lower if compared to exchanges.

Also,I mined 0.03 ETH on Ethermine,I suppose if I change wallet address in T-Rex miner,I won't lose those 0.03 ETH that I'm currently mining?

I am not a miner, but I think you are paid to an address you gave? then nothing will happen to the fund.

[Chris Redfield]

Thank you very much guys,you helped me a lot.
Just a little update,I can't change wallet address in the Ethermine because I can only use one address for mining at the time so until I pass threshold on Ethermine,I'll had to use wallet address for Coinbase.
However,I manage to change wallet address for Trezor in T-Rex miner,and it worked,so everything is going great,but I'll have to pay one more fee for transfer from Coinbase to Trezor.

[o_e_l_e_o]

There are two types of passphrase. An encryption for the seed or an extension for the seed. The former is recommended for Trezor as there is an unfixable vulnerability which allows for an extraction of the seed given physical access to the device. An encryption on top of it would make the attack practically useless.

You can correct me if I'm wrong here, but I think you have this the wrong way round. As far as I am aware, there is no way to encrypt your seed phrase which is stored on your Trezor device with an additional passphrase. The seed phrase is only encrypted by the user's PIN. The passphrase that Trezor recommend using to mitigate against this attack in this article is indeed the seed extension passphrase:

If you are a Trezor user and fear physical attacks against the device, we recommend setting up a passphrase-protected wallet, in the best case with multiple passphrases for plausible deniability. Passphrases will completely mitigate this attack vector.

In the event that an attacker is successful in this attack, they would still be able to extract your encrypted seed phrase and then brute force your PIN in a few minutes in order to decrypt it. However, they would not be able to steal your coins because your coins are not in that base wallet, but in a hidden wallet behind a (hopefully) strong passphrase.

[Coin-Keeper]

Correction:  posts 10 and 17 on this thread state that even with a Trezor T the physical loss of the device means someone can almost instantly gain access to your stored SEED. Not true for an advanced user.  With a T you CAN completely encrypt the SEED and the PIN.  My T's are heavily encrypted and no one here could in any way confirm my SEED or PIN if I were to ship my devices directly to them!

Another comment regarding extended word/phrase for the SEED.  I don't care which HW device you are using the application of an extended word/phrase is KEY.  Why?  ANY HW wallet could someday fall prey to an advanced physical attack by advanced adversaries.  PLEASE pay attention here; the key is the extended phrase is NEVER stored on any HW device so a complete physical hack would always leave the attacker holding an empty bag.


I acknowledge the OP is talking about a Trezor ONE, which I have a pile of, but the posts mentioned above referred to the T.  I felt obligated to correct the blank statements that are not universally correct where the T is concerned!

[o_e_l_e_o]

With a T you CAN completely encrypt the SEED and the PIN.

Ahh yeah, I forgot about the SD slot on the Trezor T, which is what I assume you are referring to. Thanks for the correction. Still, Trezor recommend everyone use an additional passphrase as an extension to their seed phrase, which is the only way to be safe against this vulnerability if you are using a Trezor One.

ANY HW wallet could someday fall prey to an advanced physical attack by advanced adversaries.

Just as importantly, using multiple passphrased wallets is the only realistic way to have plausible deniability against a physical attack when using a hardware wallet.

[dkbit98]

Another comment regarding extended word/phrase for the SEED.  I don't care which HW device you are using the application of an extended word/phrase is KEY.  Why?  ANY HW wallet could someday fall prey to an advanced physical attack by advanced adversaries.  PLEASE pay attention here; the key is the extended phrase is NEVER stored on any HW device so a complete physical hack would always leave the attacker holding an empty bag.

Using passphrase is great but problem is that some hardware wallets like ledger is storing passphrases on device itself with attaching it to PIN code, so in theory it could possibly be extracted with some exploit, bug or malicious software.
It also complicates things a lot with secondary PIN and I don't think all procedure is user friendly especially for newbies.

I acknowledge the OP is talking about a Trezor ONE, which I have a pile of, but the posts mentioned above referred to the T.  I felt obligated to correct the blank statements that are not universally correct where the T is concerned!

Trezor Model T may be better than Trezor One but I don't think it's 3 times better, and that is what current price of 180 euros suggest, compared with 59 euros for model One.
Bigger screen and SD card is cool but I would not waste money on purchasing Trezor until they release new model with open source secure element.

[o_e_l_e_o]

Using passphrase is great but problem is that some hardware wallets like ledger is storing passphrases on device itself with attaching it to PIN code, so in theory it could possibly be extracted with some exploit, bug or malicious software.

This is optional. There are two options when using a passphrase with Ledger devices:

• Attach to secondary PIN. The passphrase is stored on the device, and when you enter the secondary PIN on start up it will open your passphrase protected wallet.
• Set temporary. Nothing is stored on the device, and you must enter the passphrase each time you want to use it.

I don't particularly like the "attach to secondary PIN" option for a few reasons. The first is as you've said - storing the passphrase on the device itself is a security risk and negates part of the reason for using a passphrase in the first place. Second, most people who use it are probably only using a single passphrase, when multiple different passphrased wallets are the best option in terms of security. Finally, a lot of people who use passphrases neglect to back them up properly by writing them down and storing them separately from their seed phrase. If you haven't backed up your passphrase then although you should never rely on your memory as a back up, there is a much higher chance of forgetting it if you never have to enter it compared to if you are entering it frequently.

Having said all that, I still think it is a nice option to have. In terms of plausible deniability - if you are using the "attach to secondary PIN" option, then there is a much higher chance that you are only using a single passphrase protected wallet than if you are using the "set temporary" option. If you use both, then you can give up both your main PIN and your secondary PIN, and an attacker is more likely to believe that you have no more hidden wallets behind other temporary passphrases.

[Coin-Keeper]

Another comment regarding extended word/phrase for the SEED.  I don't care which HW device you are using the application of an extended word/phrase is KEY.  Why?  ANY HW wallet could someday fall prey to an advanced physical attack by advanced adversaries.  PLEASE pay attention here; the key is the extended phrase is NEVER stored on any HW device so a complete physical hack would always leave the attacker holding an empty bag.

Using passphrase is great but problem is that some hardware wallets like ledger is storing passphrases on device itself with attaching it to PIN code, so in theory it could possibly be extracted with some exploit, bug or malicious software.
It also complicates things a lot with secondary PIN and I don't think all procedure is user friendly especially for newbies.

I acknowledge the OP is talking about a Trezor ONE, which I have a pile of, but the posts mentioned above referred to the T.  I felt obligated to correct the blank statements that are not universally correct where the T is concerned!

Trezor Model T may be better than Trezor One but I don't think it's 3 times better, and that is what current price of 180 euros suggest, compared with 59 euros for model One.
Bigger screen and SD card is cool but I would not waste money on purchasing Trezor until they release new model with open source secure element.

Regarding the passphrase issue it doesn't matter to me because my passphrases are 35-45 characters long, which is way beyond any notion of brute forcing them.

Responding to a comment on another post: I would personally NEVER permit my passphrase to be maintained on a HW as a PIN "tag along".  Fortunately for Trezor users, they realize how myopic that is and they don't permit that weakness.

Now on to the price difference of the two Trezor models you also make a point with merit, BUT in my opinion not for a long time hodler with even a modest "stash".  2 BTC is a decent six figure value wallet.  Lets stay with that amount for discussion.  If a user is going to store over 100K in assets (in a HW wallet) they should want the best they can get, especially if its ~ 150 dollars difference to attain that quest.  Encrypted SEED, encrypted PIN, and not having to enter PINs/Passphrases on the computer.  Just handle things on the T screen --- all good improvements.  Peanuts of a price difference for any hodler with more than a full coin.  My .02

[Oshosondy]

Still, Trezor recommend everyone use an additional passphrase as an extension to their seed phrase, which is the only way to be safe against this vulnerability if you are using a Trezor One.

Is it only on trezor one, what about trezor t? Can the seed phrase not be able to be known by hackers if trezor model t is stolen? I have ready about this before, I did not know the exact trezor type, but what I read about it was that because trezor is open source is the reason for the seed phrase extraction if stolen.

[o_e_l_e_o]

Is it only on trezor one, what about trezor t?

All Trezor models and any other hardware wallets based on Trezor such as the KeepKey are vulnerable to this exploit.

Can the seed phrase not be able to be known by hackers if trezor model t is stolen?

The Trezor T is still vulnerable to this attack. If you use a strong enough passphrase, then although your seed phrase can be extracted your coins cannot be stolen since they are further protected by your passphrase. If you use optional SD card encryption, then the attacker would only be able to extract your encrypted seed phrase and would have to brute force the decryption password, which is presumably impossible. (I'm not entirely sure what encryption method Trezor uses or the strength of the decryption key they generate, but I assume it is strong enough to withstand brute force attacks).

[ranochigo]

I have ready about this before, I did not know the exact trezor type, but what I read about it was that because trezor is open source is the reason for the seed phrase extraction if stolen.

While security by obscurity is something that most secure element manufacturers uses, it doesn't apply in this case. The vulnerability is an inherent weakness in the chip and IIRC, the chip itself is closed source.

SD card encryption only works if you're able to isolate them from one another. If the attacker can get both your SD card and your Trezor, then there'll be no point.

[Coin-Keeper]

SD card encryption only works if you're able to isolate them from one another. If the attacker can get both your SD card and your Trezor, then there'll be no point.

Agreed.

However; the microSD is so small that it can be concealed with almost zero effort.  The SALT/encryption file written to the microSD is small and can be over-written (wiped) in an instant.  Then when you need to the use the Trezor T you simply copy the saved SALT/encryption file back to the SD.  Two seconds!  Not for everyone but its simple if you get virtual drives or easy places to hide a SALT file.  Good idea to leave a decoy microSD card with the Trezor T and let the "bad guys" waste their time trying to use it.  Combined with the auto destruct PIN feature it sets them up for a total wipe within a few minutes or seconds.  Just saying!!

[Oshosondy]

While security by obscurity is something that most secure element manufacturers uses, it doesn't apply in this case. The vulnerability is an inherent weakness in the chip and IIRC, the chip itself is closed source.

I did not get you, Ledger nano is the hardware wallet I know making use of a chip and it is used as the wallet secure element, this chips are close source and a way the seed phrase can not be known through such attack, how is it related to trezor? I will be glad if you explain further.

[HCP]

I did not get you, Ledger nano is the hardware wallet I know making use of a chip and it is used as the wallet secure element, this chips are close source and a way the seed phrase can not be known through such attack, how is it related to trezor? I will be glad if you explain further.

It's not simply because the Trezor was open source... that "helps", because it is easier for attackers to be able to find the documentation for the hardware and software used in the Trezor and identify possible attack vectors. But that doesn't mean that the Ledger doesn't have flaws... it just might be more difficult to find them as the starting point is relatively unknown (ie. security through obscurity).

Note, the Trezor still uses a "chip"... they just don't use a "Secure Element" like the Ledger does. You can see the Trezor ONE microcontroller details (including a link to the manual for the chip) here: https://wiki.trezor.io/Microcontroller

[ranochigo]

Note, the Trezor still uses a "chip"... they just don't use a "Secure Element" like the Ledger does. You can see the Trezor ONE microcontroller details (including a link to the manual for the chip) here: https://wiki.trezor.io/Microcontroller

I've always been under the assumption that the chip was closed source. It was described in the article:

The chip itself is closed source as well as the low-level functions hidden in the flash.

[Pmalek]

I've always been under the assumption that the chip was closed source.

I thought that the new chip Trezor is building together with Tropic Square will be completely open-source. But pay attention to the last section of Introducing Tropic Square — Why transparency matters. I overlooked this the first time I read the announcement. Apparently, it's not going to be 100% open-source.

Here is a quote from the announcement:

Together, we are building a new company: Tropic Square, the creators of the next TRuly OPen Integrated Circuit. This new entity’s purpose is to deliver a chip as open-source as possible.

As open-source as possible means that certain critical parts of the code wont be made public. 

[HCP]

Here is a quote from the announcement:

Together, we are building a new company: Tropic Square, the creators of the next TRuly OPen Integrated Circuit. This new entity’s purpose is to deliver a chip as open-source as possible.

As open-source as possible means that certain critical parts of the code wont be made public. 

Not necessarily, imo... I read that as "we're going to do our best to make it completely open-source, but it is possible that it won't be 100% open source due to <reasons>™".

In any case, it'll be interesting to see what they end up delivering and how close to 100% open source they end up making it.

[Pmalek]

Not necessarily, imo... I read that as "we're going to do our best to make it completely open-source, but it is possible that it won't be 100% open source due to <reasons>™".

Even if it wasn't completely open-source, it wouldn't be a deal-breaker to me if I wanted to buy a Trezor device. If the reason for protecting the code is to minimize the possibility for further damage, I understand that. Ledger isn't fully open-source and that hasn't stopped knowledgeable crypto-users from purchasing their wallets. As long as the funds remain unobtainable by outside parties, the device does what it was programmed to do.   

[jerry0]

If im reading this correctly, the trezor then isn't that safe like the nano ledger s then because if a thief has your device and you don't have a passphrase, then they literally could extract your seed from your trezor?  If that is the case, how many users even put a passphrase on it?  Do they tell you in the instructions you must do this?


Compare this with the nano ledger s and i had no idea about you could put a passphrase until years later.  But its been mentioned even if someone has your nano ledger s... they need to enter your pin correctly and only get three tries before it resets etc.

[Coin-Keeper]

Except if you are honest and "full view" on this subject, Trezors have NEVER been hit in the wild with the weakness that keeps getting discussed here.  Of course a passphrase on T1/T2 or SD card with a T solves the issue completely.  On the other hand Ledger users have lost funds via "Ledger live apps" hits and similar.  Just read around and be honest in the final take here.  Read around and see which users are actually short of their coins and total the losses up and compare then.  Its almost always operator errors most especially using "hacked" live apps or firmware upgrades.  I could teach a monkey to upgrade the firmware on my Trezors once the trezorctrl software is installed and verified.  Positive verification with NO chance of crap firmware.

Above said; both HW devices are extremely good in the right hands.

[o_e_l_e_o]

If im reading this correctly, the trezor then isn't that safe like the nano ledger s then because if a thief has your device and you don't have a passphrase, then they literally could extract your seed from your trezor?

Correction: The passphrase doesn't prevent the seed phrase from being extracted. It can still be extracted regardless of whether or not you have one or more passphrases. What can't happen is the thief can't steal the coins protected by your passphrased wallets knowing only your seed phrase, unless your passphrases are weak and easily brute forced.

But its been mentioned even if someone has your nano ledger s... they need to enter your pin correctly and only get three tries before it resets etc.

Trezor also has a PIN lock out system on it - the issue with this attack is that the encrypted seed phrase can be extracted on to another device which allows the attacker to brute force the PIN using as many attempts as they like. As far as we know, there is no similar vulnerability on Ledger devices, but that does not mean one does not exist.

Everyone should be using multiple strong passphrases anyway, which would render this attack useless. As Coin-Keeper has pointed out, there are other far more likely ways for you to lose your coins when using a hardware wallet.

[HCP]

If that is the case, how many users even put a passphrase on it?  Do they tell you in the instructions you must do this?

They don't go out of their way to highlight this issue... and, from a commercial standpoint, it's fairly understandable why... I mean, it's not exactly a great look to say "hey, our device for securing your coins has a fundamental flaw, but you can mitigate it by using this passphrase feature".

Most of their documentation seems to indicate that the passphrase functionality is "optional"... and not recommended for new users etc:

It is possible to add a passphrase to your Trezor, which allows you to make your Trezor impervious to any physical attack. Even if someone stole your device, disassambled it, and broke the chip to extract your recovery seed, your coins would still be safe.
...
Using this feature effectively and safely requires an understanding of its mechanics - if you are not sure how the passphrase works, we do not recommend using it.

Additionally, you have to go into the advanced options in the wallet interface and explicitly enable the passphrase protection functionality on the device. It is not turned on by default.


Granted, the more likely way to lose coins is probably carelessness with the seed phrase (ie. phishing sites or poor security practices and storing data digitally etc.) but still... they do seem to be deliberately ignoring the problem rather than addressing it in a meaningful way... which is a touch disappointing.

[dkbit98]

Except if you are honest and "full view" on this subject, Trezors have NEVER been hit in the wild with the weakness that keeps getting discussed here.  Of course a passphrase on T1/T2 or SD card with a T solves the issue completely.  On the other hand Ledger users have lost funds via "Ledger live apps" hits and similar.

I would not say that SD card solves the issue completely and that is why they are working hard on creating their own open source secure element and new generation of Trezor hardware wallet, maybe named T2 (like that Terminator2 movie) to kill all other hardware wallets.

Talking about exploits and extraction of keys from Trezor One, I wonder how many people in the world and in this forum can actually do it in real life and not just in theory and in their head?
Maybe someone can sponsor one competition with Trezor and bitcointalk members if people think it's that easy like Kraken labs showed.

they do seem to be deliberately ignoring the problem rather than addressing it in a meaningful way... which is a touch disappointing.

They are not ignoring the problem, but why waste resources trying to fix your old device when you can decide to build totally new and better secured device.

[ranochigo]

Talking about exploits and extraction of keys from Trezor One, I wonder how many people in the world and in this forum can actually do it in real life and not just in theory and in their head?
Maybe someone can sponsor one competition with Trezor and bitcointalk members if people think it's that easy like Kraken labs showed.

From what I can tell in the process, you don't need special skills to hold a heatgun and extract the chip (heck, kraken even dropped the chip!). It's very different from the laser glitching demonstrated on the other secure element. People buying hardware wallets aren't that interested about the difficulty of extracting it but the possibility of doing so.

They are not ignoring the problem, but why waste resources trying to fix your old device when you can decide to build totally new and better secured device.

I agree with HCP. As a HW wallet manufacturer, whose sole purpose is to aim to protect the consumer's security to their fullest extent, it would probably be better for them to highlight this weakness instead of just ignoring it. It would be more irresponsible to downplay something like this by creating an article to say that consumers aren't attacked using these kinds of attack. Given that you're making a hardware wallet which encompasses the physical security, it would be better for them to highlight this. After all, they're still selling these aren't they?

[o_e_l_e_o]

Talking about exploits and extraction of keys from Trezor One, I wonder how many people in the world and in this forum can actually do it in real life and not just in theory and in their head?

That's missing the point. We were discussing in another thread about using airgapped computers for cold storage, and you brought up the possibility of various attacks against airgapped computers such as extracting data from blinking LEDs on the computer or the sound made by different fan speeds. I would argue there are probably fewer people who could figure out how to extract a private key by altering the speed of my computer's fan than there are who could replicate this attack on a Trezor device. Either way, both of these attacks are possible, and are worth knowing about and letting the user decide for themselves if they feel they are a significant attack vector for them and want to choose to mitigate against them.

They are not ignoring the problem, but why waste resources trying to fix your old device when you can decide to build totally new and better secured device.

They cannot actually fix the problem without discontinuing the devices in question, but it costs them nothing to put a paragraph in their newbie set up guide saying that using a passphrase is mandatory if you are concerned about physical attacks.


Edit:

-snip-

Yeah, I would agree with all that 100%.

[dkbit98]

They cannot actually fix the problem without discontinuing the devices in question, but it costs them nothing to put a paragraph in their newbie set up guide saying that using a passphrase is mandatory if you are concerned about physical attacks.

They recommend passphrase all the time but they can't and should not make that mandatory because it adds more complexity for average users, and more risks of losing funds if you lose passphrase.
I do however agree they should add more information on their website and add passphrase recommendations and instructions in box when you purchase Trezor.
Trezor One is first and oldest hardware wallet in the world and maybe they will stop making it at some point in future, but I think they should still keep maintaining the code (not like ledger did with hw1 and blue).