Do you recommend passpharse for Trezor One?

[o_e_l_e_o]

Using passphrase is great but problem is that some hardware wallets like ledger is storing passphrases on device itself with attaching it to PIN code, so in theory it could possibly be extracted with some exploit, bug or malicious software.

This is optional. There are two options when using a passphrase with Ledger devices:

• Attach to secondary PIN. The passphrase is stored on the device, and when you enter the secondary PIN on start up it will open your passphrase protected wallet.
• Set temporary. Nothing is stored on the device, and you must enter the passphrase each time you want to use it.

I don't particularly like the "attach to secondary PIN" option for a few reasons. The first is as you've said - storing the passphrase on the device itself is a security risk and negates part of the reason for using a passphrase in the first place. Second, most people who use it are probably only using a single passphrase, when multiple different passphrased wallets are the best option in terms of security. Finally, a lot of people who use passphrases neglect to back them up properly by writing them down and storing them separately from their seed phrase. If you haven't backed up your passphrase then although you should never rely on your memory as a back up, there is a much higher chance of forgetting it if you never have to enter it compared to if you are entering it frequently.

Having said all that, I still think it is a nice option to have. In terms of plausible deniability - if you are using the "attach to secondary PIN" option, then there is a much higher chance that you are only using a single passphrase protected wallet than if you are using the "set temporary" option. If you use both, then you can give up both your main PIN and your secondary PIN, and an attacker is more likely to believe that you have no more hidden wallets behind other temporary passphrases.

[1713896867]

1713896867

[1713896867]

1713896867

[1713896867]

1713896867

[Coin-Keeper]

Another comment regarding extended word/phrase for the SEED.  I don't care which HW device you are using the application of an extended word/phrase is KEY.  Why?  ANY HW wallet could someday fall prey to an advanced physical attack by advanced adversaries.  PLEASE pay attention here; the key is the extended phrase is NEVER stored on any HW device so a complete physical hack would always leave the attacker holding an empty bag.

Using passphrase is great but problem is that some hardware wallets like ledger is storing passphrases on device itself with attaching it to PIN code, so in theory it could possibly be extracted with some exploit, bug or malicious software.
It also complicates things a lot with secondary PIN and I don't think all procedure is user friendly especially for newbies.

I acknowledge the OP is talking about a Trezor ONE, which I have a pile of, but the posts mentioned above referred to the T.  I felt obligated to correct the blank statements that are not universally correct where the T is concerned!

Trezor Model T may be better than Trezor One but I don't think it's 3 times better, and that is what current price of 180 euros suggest, compared with 59 euros for model One.
Bigger screen and SD card is cool but I would not waste money on purchasing Trezor until they release new model with open source secure element.

Regarding the passphrase issue it doesn't matter to me because my passphrases are 35-45 characters long, which is way beyond any notion of brute forcing them.

Responding to a comment on another post: I would personally NEVER permit my passphrase to be maintained on a HW as a PIN "tag along".  Fortunately for Trezor users, they realize how myopic that is and they don't permit that weakness.

Now on to the price difference of the two Trezor models you also make a point with merit, BUT in my opinion not for a long time hodler with even a modest "stash".  2 BTC is a decent six figure value wallet.  Lets stay with that amount for discussion.  If a user is going to store over 100K in assets (in a HW wallet) they should want the best they can get, especially if its ~ 150 dollars difference to attain that quest.  Encrypted SEED, encrypted PIN, and not having to enter PINs/Passphrases on the computer.  Just handle things on the T screen --- all good improvements.  Peanuts of a price difference for any hodler with more than a full coin.  My .02

[Oshosondy]

Still, Trezor recommend everyone use an additional passphrase as an extension to their seed phrase, which is the only way to be safe against this vulnerability if you are using a Trezor One.

Is it only on trezor one, what about trezor t? Can the seed phrase not be able to be known by hackers if trezor model t is stolen? I have ready about this before, I did not know the exact trezor type, but what I read about it was that because trezor is open source is the reason for the seed phrase extraction if stolen.

[o_e_l_e_o]

Is it only on trezor one, what about trezor t?

All Trezor models and any other hardware wallets based on Trezor such as the KeepKey are vulnerable to this exploit.

Can the seed phrase not be able to be known by hackers if trezor model t is stolen?

The Trezor T is still vulnerable to this attack. If you use a strong enough passphrase, then although your seed phrase can be extracted your coins cannot be stolen since they are further protected by your passphrase. If you use optional SD card encryption, then the attacker would only be able to extract your encrypted seed phrase and would have to brute force the decryption password, which is presumably impossible. (I'm not entirely sure what encryption method Trezor uses or the strength of the decryption key they generate, but I assume it is strong enough to withstand brute force attacks).

[ranochigo]

I have ready about this before, I did not know the exact trezor type, but what I read about it was that because trezor is open source is the reason for the seed phrase extraction if stolen.

While security by obscurity is something that most secure element manufacturers uses, it doesn't apply in this case. The vulnerability is an inherent weakness in the chip and IIRC, the chip itself is closed source.

SD card encryption only works if you're able to isolate them from one another. If the attacker can get both your SD card and your Trezor, then there'll be no point.

[Coin-Keeper]

SD card encryption only works if you're able to isolate them from one another. If the attacker can get both your SD card and your Trezor, then there'll be no point.

Agreed.

However; the microSD is so small that it can be concealed with almost zero effort.  The SALT/encryption file written to the microSD is small and can be over-written (wiped) in an instant.  Then when you need to the use the Trezor T you simply copy the saved SALT/encryption file back to the SD.  Two seconds!  Not for everyone but its simple if you get virtual drives or easy places to hide a SALT file.  Good idea to leave a decoy microSD card with the Trezor T and let the "bad guys" waste their time trying to use it.  Combined with the auto destruct PIN feature it sets them up for a total wipe within a few minutes or seconds.  Just saying!!

[Oshosondy]

While security by obscurity is something that most secure element manufacturers uses, it doesn't apply in this case. The vulnerability is an inherent weakness in the chip and IIRC, the chip itself is closed source.

I did not get you, Ledger nano is the hardware wallet I know making use of a chip and it is used as the wallet secure element, this chips are close source and a way the seed phrase can not be known through such attack, how is it related to trezor? I will be glad if you explain further.

[HCP]

I did not get you, Ledger nano is the hardware wallet I know making use of a chip and it is used as the wallet secure element, this chips are close source and a way the seed phrase can not be known through such attack, how is it related to trezor? I will be glad if you explain further.

It's not simply because the Trezor was open source... that "helps", because it is easier for attackers to be able to find the documentation for the hardware and software used in the Trezor and identify possible attack vectors. But that doesn't mean that the Ledger doesn't have flaws... it just might be more difficult to find them as the starting point is relatively unknown (ie. security through obscurity).

Note, the Trezor still uses a "chip"... they just don't use a "Secure Element" like the Ledger does. You can see the Trezor ONE microcontroller details (including a link to the manual for the chip) here: https://wiki.trezor.io/Microcontroller

[ranochigo]

Note, the Trezor still uses a "chip"... they just don't use a "Secure Element" like the Ledger does. You can see the Trezor ONE microcontroller details (including a link to the manual for the chip) here: https://wiki.trezor.io/Microcontroller

I've always been under the assumption that the chip was closed source. It was described in the article:

The chip itself is closed source as well as the low-level functions hidden in the flash.

[Pmalek]

I've always been under the assumption that the chip was closed source.

I thought that the new chip Trezor is building together with Tropic Square will be completely open-source. But pay attention to the last section of Introducing Tropic Square — Why transparency matters. I overlooked this the first time I read the announcement. Apparently, it's not going to be 100% open-source.

Here is a quote from the announcement:

Together, we are building a new company: Tropic Square, the creators of the next TRuly OPen Integrated Circuit. This new entity’s purpose is to deliver a chip as open-source as possible.

As open-source as possible means that certain critical parts of the code wont be made public. 

[HCP]

Here is a quote from the announcement:

Together, we are building a new company: Tropic Square, the creators of the next TRuly OPen Integrated Circuit. This new entity’s purpose is to deliver a chip as open-source as possible.

As open-source as possible means that certain critical parts of the code wont be made public. 

Not necessarily, imo... I read that as "we're going to do our best to make it completely open-source, but it is possible that it won't be 100% open source due to <reasons>™".

In any case, it'll be interesting to see what they end up delivering and how close to 100% open source they end up making it.

[Pmalek]

Not necessarily, imo... I read that as "we're going to do our best to make it completely open-source, but it is possible that it won't be 100% open source due to <reasons>™".

Even if it wasn't completely open-source, it wouldn't be a deal-breaker to me if I wanted to buy a Trezor device. If the reason for protecting the code is to minimize the possibility for further damage, I understand that. Ledger isn't fully open-source and that hasn't stopped knowledgeable crypto-users from purchasing their wallets. As long as the funds remain unobtainable by outside parties, the device does what it was programmed to do.   

[jerry0]

If im reading this correctly, the trezor then isn't that safe like the nano ledger s then because if a thief has your device and you don't have a passphrase, then they literally could extract your seed from your trezor?  If that is the case, how many users even put a passphrase on it?  Do they tell you in the instructions you must do this?


Compare this with the nano ledger s and i had no idea about you could put a passphrase until years later.  But its been mentioned even if someone has your nano ledger s... they need to enter your pin correctly and only get three tries before it resets etc.

[Coin-Keeper]

Except if you are honest and "full view" on this subject, Trezors have NEVER been hit in the wild with the weakness that keeps getting discussed here.  Of course a passphrase on T1/T2 or SD card with a T solves the issue completely.  On the other hand Ledger users have lost funds via "Ledger live apps" hits and similar.  Just read around and be honest in the final take here.  Read around and see which users are actually short of their coins and total the losses up and compare then.  Its almost always operator errors most especially using "hacked" live apps or firmware upgrades.  I could teach a monkey to upgrade the firmware on my Trezors once the trezorctrl software is installed and verified.  Positive verification with NO chance of crap firmware.

Above said; both HW devices are extremely good in the right hands.

[o_e_l_e_o]

If im reading this correctly, the trezor then isn't that safe like the nano ledger s then because if a thief has your device and you don't have a passphrase, then they literally could extract your seed from your trezor?

Correction: The passphrase doesn't prevent the seed phrase from being extracted. It can still be extracted regardless of whether or not you have one or more passphrases. What can't happen is the thief can't steal the coins protected by your passphrased wallets knowing only your seed phrase, unless your passphrases are weak and easily brute forced.

But its been mentioned even if someone has your nano ledger s... they need to enter your pin correctly and only get three tries before it resets etc.

Trezor also has a PIN lock out system on it - the issue with this attack is that the encrypted seed phrase can be extracted on to another device which allows the attacker to brute force the PIN using as many attempts as they like. As far as we know, there is no similar vulnerability on Ledger devices, but that does not mean one does not exist.

Everyone should be using multiple strong passphrases anyway, which would render this attack useless. As Coin-Keeper has pointed out, there are other far more likely ways for you to lose your coins when using a hardware wallet.

[HCP]

If that is the case, how many users even put a passphrase on it?  Do they tell you in the instructions you must do this?

They don't go out of their way to highlight this issue... and, from a commercial standpoint, it's fairly understandable why... I mean, it's not exactly a great look to say "hey, our device for securing your coins has a fundamental flaw, but you can mitigate it by using this passphrase feature".

Most of their documentation seems to indicate that the passphrase functionality is "optional"... and not recommended for new users etc:

It is possible to add a passphrase to your Trezor, which allows you to make your Trezor impervious to any physical attack. Even if someone stole your device, disassambled it, and broke the chip to extract your recovery seed, your coins would still be safe.
...
Using this feature effectively and safely requires an understanding of its mechanics - if you are not sure how the passphrase works, we do not recommend using it.

Additionally, you have to go into the advanced options in the wallet interface and explicitly enable the passphrase protection functionality on the device. It is not turned on by default.


Granted, the more likely way to lose coins is probably carelessness with the seed phrase (ie. phishing sites or poor security practices and storing data digitally etc.) but still... they do seem to be deliberately ignoring the problem rather than addressing it in a meaningful way... which is a touch disappointing.

[dkbit98]

Except if you are honest and "full view" on this subject, Trezors have NEVER been hit in the wild with the weakness that keeps getting discussed here.  Of course a passphrase on T1/T2 or SD card with a T solves the issue completely.  On the other hand Ledger users have lost funds via "Ledger live apps" hits and similar.

I would not say that SD card solves the issue completely and that is why they are working hard on creating their own open source secure element and new generation of Trezor hardware wallet, maybe named T2 (like that Terminator2 movie) to kill all other hardware wallets.

Talking about exploits and extraction of keys from Trezor One, I wonder how many people in the world and in this forum can actually do it in real life and not just in theory and in their head?
Maybe someone can sponsor one competition with Trezor and bitcointalk members if people think it's that easy like Kraken labs showed.

they do seem to be deliberately ignoring the problem rather than addressing it in a meaningful way... which is a touch disappointing.

They are not ignoring the problem, but why waste resources trying to fix your old device when you can decide to build totally new and better secured device.

[ranochigo]

Talking about exploits and extraction of keys from Trezor One, I wonder how many people in the world and in this forum can actually do it in real life and not just in theory and in their head?
Maybe someone can sponsor one competition with Trezor and bitcointalk members if people think it's that easy like Kraken labs showed.

From what I can tell in the process, you don't need special skills to hold a heatgun and extract the chip (heck, kraken even dropped the chip!). It's very different from the laser glitching demonstrated on the other secure element. People buying hardware wallets aren't that interested about the difficulty of extracting it but the possibility of doing so.

They are not ignoring the problem, but why waste resources trying to fix your old device when you can decide to build totally new and better secured device.

I agree with HCP. As a HW wallet manufacturer, whose sole purpose is to aim to protect the consumer's security to their fullest extent, it would probably be better for them to highlight this weakness instead of just ignoring it. It would be more irresponsible to downplay something like this by creating an article to say that consumers aren't attacked using these kinds of attack. Given that you're making a hardware wallet which encompasses the physical security, it would be better for them to highlight this. After all, they're still selling these aren't they?

[o_e_l_e_o]

Talking about exploits and extraction of keys from Trezor One, I wonder how many people in the world and in this forum can actually do it in real life and not just in theory and in their head?

That's missing the point. We were discussing in another thread about using airgapped computers for cold storage, and you brought up the possibility of various attacks against airgapped computers such as extracting data from blinking LEDs on the computer or the sound made by different fan speeds. I would argue there are probably fewer people who could figure out how to extract a private key by altering the speed of my computer's fan than there are who could replicate this attack on a Trezor device. Either way, both of these attacks are possible, and are worth knowing about and letting the user decide for themselves if they feel they are a significant attack vector for them and want to choose to mitigate against them.

They are not ignoring the problem, but why waste resources trying to fix your old device when you can decide to build totally new and better secured device.

They cannot actually fix the problem without discontinuing the devices in question, but it costs them nothing to put a paragraph in their newbie set up guide saying that using a passphrase is mandatory if you are concerned about physical attacks.


Edit:

-snip-

Yeah, I would agree with all that 100%.

[dkbit98]

They cannot actually fix the problem without discontinuing the devices in question, but it costs them nothing to put a paragraph in their newbie set up guide saying that using a passphrase is mandatory if you are concerned about physical attacks.

They recommend passphrase all the time but they can't and should not make that mandatory because it adds more complexity for average users, and more risks of losing funds if you lose passphrase.
I do however agree they should add more information on their website and add passphrase recommendations and instructions in box when you purchase Trezor.
Trezor One is first and oldest hardware wallet in the world and maybe they will stop making it at some point in future, but I think they should still keep maintaining the code (not like ledger did with hw1 and blue).