What if the Trezor server got compromised?

[slush]

In my opinion, you have to be a complete idiot to trust your money to any electronic device, provided by any 3rd party, for any reason whatsoever right now.

Paper wallets all the way.

So you spend your paper wallet by computing ECDSA signatures in your head ;-).

Everything around TREZOR is opensource and auditable. Private key never leaves the device. All random numbers are generated from mixed entropy from HRNG and computer's randomness. Builds are deterministic. Firmware update need to be confirmed by user and firmware fingerprint is validated by bootloader. There's no WIFI/bluetooth on board (you can buy two trezors and open one of them to check yourself).

We've put ~two years of designing and developing this stuff with top security in our mind. I really don't think that people will find some vulnerability after few minutes of thinking, which we did not considered already :-).

[1714177938]

1714177938

[1714177938]

1714177938

[1714177938]

1714177938

[1714177938]

1714177938

[picolo]

you should understand how trezor works

trezor private keys are stored in trezor ,and they never go out from it

so trezor server does not matter to hack your bitcoins

If it did, trezor would be useless as a paper wallet would be safer.

[qxzn]

This is why we need Maidsafe. Servers are deprecated and only create trouble.

I run a Trezor off a bitcoin node that runs in my house.  The Trezor talks to an electrum 2.0 beta client and the electrum 2.0 beta client talks to an electrum server which talks to the bitcoin node.  The electrum server and the bitcoin node are physically in my home office.

It all works.  It's very fast. It's easy to use. The Trezor is presently connected via USB to a Windows 7 workstation and the Electrum server and  bitcoin node are running on a small Linux machine that I had lying around.

Have you written up how you set this up? It would be nice to see some docs about how to do this.

The biggest part of the problem was becoming familiar with compiling software and installing it on the operating systems that were involved:  Ubuntu 14.04 and Windows 7.  Initially, I just focused on Ubuntu.  I started out running it in a VMware virtual machine (free version) that ran under Window 7, but this was interfering with the performance of other things I use the machine for, so I spend $300 and put together an Atom based Intel NUC system with 120 GB SSD and 8 GB of RAM.  I installed Ubuntu 14.04 LTS on this machine.  Initially I was using a spare keyboard and mouse and VGA display, but after I got the system running OK and set up SSH I have managed the system headless using PUTTY from my Windows 7 machine.

I went to the Electrum web site and then to Github and found the instructions for installing Electrum Server, which involve building it from source. This was pretty straightforward, just involved tracing down some dependencies.  I am no Linux expert, so a certain amount of Googling was needed to interpret error messages and figure out how to do things, such as increasing the number of open files.  The first part of the directions was to build a bitcoin node from source on this machine.  After I got this working, and installed on the system and it seemed to be working OK, I moved on to the electrum server and got it to work with electrum clients on one of my other machines (the release version, not the Trezor version. At this point I was running a couple of PUTTY terminal windows.  The last thing to do on this box was to rig it so that bitcoind and Electrum server started up automatically at boot. The machine runs unattended and draws almost no power (less than 15 watts) and sits behind a  UPS, so it does not glitch with my frequent power interruptions.  The Electrum Server is not very robust and if the system is shut down without waiting for the Electrum server to finish processing, the database can be corrupted and this can take hours to recover, so don't do this.

The next step was to get an Electrum 2.0 client running.  I did this first under an Ubuntu virtual machine on my Windows system. The directions are at the Electrum git-hub site. Again, some tracing down dependencies and loading them with apt-get.  At this point the next step was to get the Trezor running.  This requires installation of appropriate routines to allow Python programs to access the Trezor via the USB. This is the Python Trezor code, also available from Github. It includes a "hello world" test program to verify that a Python program can talk to the Trezor.  I ran into one obscure problem getting this to work. I had to find the utility to see what was going on on the (virtual) USB, bypassing the "Cython" wrapper that connected Python to the C code that talked to the USB. I thought something was seriously broken, but then I discovered that everything worked fine so long as I was running as root.  Once I set up the USB protections so the account used for the my normal login was permitted to access the Trezor (both read and write) then everything was fine.  At this point it was just a matter of starting with no wallets in the .electrum directory and Electrum 2.0 prompted me for the rest and my Trezor based wallet showed up.

I ran this way for a month.  Eventually, I got bored and curious and figured out how to get Electrum 2.0 to run under Windows 7.  This involved installing Python, Python-Qt and a development environment for C code.  This was another learning experience on my part, but it was all possible by downloading free software.  I got waylaid for a few hours until I realized that the free C compiler I had used was only 32 bits, and so I had to redownload and reinstall the appropriate versions of Python and Python-Qt.

For someone with more skill that I had, all of this would be an easy process.  The longest time required was the time for the initial download and block sync of bitcoind and the downloading of the electrum server database and initial sync of the electrum server.   If all you want to do is use Trezor via Electrum, none of this server work is needed, but then you will have to trust the electrum servers, which means you had better not be paranoid.

I deliberately picked a low end Intel Nuc (1.4 GHz single core) for a server machine  to see if it would be fast enough. It takes less than 10 percent of CPU time for bitcoind to keep up with the network, even where 1 MB blocks are back to back.  I can't say as much for the Electrum Server.  The CPU seems to be saturated and uses about 30-40 percent of the CPU on this slow machine for large blocks.  This seems unnecessary, as I understand it, but I don't know enough about Python to know how to profile the software and speed it up.  (I'm sure that this can be done, because running an Electrum Server doesn't involve verifying transactions in the block chain, which is the time consuming part of bitcoin processing.  The server is just doing database processing which ought to be lightening fast with 8 GB of RAM and an SSD.)

I would not recommend doing this if you aren't already an expert or (as in my case) you "enjoy" learning experiences. :-)

https://github.com/spesmilo/electrum-server
https://github.com/spesmilo/electrum
https://github.com//trezor/python-trezor

Thanks.

[zanzibar]

I own a couple Trezor's and had some questions I hope can be answered.  I store a lot of BTC on my Trezor, so it's important that it's very secure. 

1. I realize that private keys never leave the Trezor, however I assume a copy of my wallet is stored on Trezor servers, since I can recover my wallet if I lose my Trezor?
2. How is the recovery seed created on the Trezor, is the recovery seed programmed into the Trezor before it's shipped or is it completely random?
3. Is there some protection against 3rd party wallets (Electrum 2.0) that may be compromised.  I assume many wallets will support Trezor in the future.
4. When I connect my Trezor for the first time, setup my wallet and seed, transfer BTC to wallet, what exact information is stored with Satoshi Labs servers?

Thank you.

[odolvlobo]

1. I realize that private keys never leave the Trezor, however I assume a copy of my wallet is stored on Trezor servers, since I can recover my wallet if I lose my Trezor?
2. How is the recovery seed created on the Trezor, is the recovery seed programmed into the Trezor before it's shipped or is it completely random?
3. Is there some protection against 3rd party wallets (Electrum 2.0) that may be compromised.  I assume many wallets will support Trezor in the future.
4. When I connect my Trezor for the first time, setup my wallet and seed, transfer BTC to wallet, what exact information is stored with Satoshi Labs servers?

1. The wallet exists only on the Trezor. It can be recreated using the recovery seed so there is no need to make a copy.
2. The recovery seed is generated using internal hardware combined with random data from the computer when you set it up. You can also create your own custom seed.
3. The primary danger is a compromised app on the computer swapping an intended receiving address with its own address without you noticing.
4. I don't know, but that can be determined by looking at the code.

[zanzibar]

1. I realize that private keys never leave the Trezor, however I assume a copy of my wallet is stored on Trezor servers, since I can recover my wallet if I lose my Trezor?
2. How is the recovery seed created on the Trezor, is the recovery seed programmed into the Trezor before it's shipped or is it completely random?
3. Is there some protection against 3rd party wallets (Electrum 2.0) that may be compromised.  I assume many wallets will support Trezor in the future.
4. When I connect my Trezor for the first time, setup my wallet and seed, transfer BTC to wallet, what exact information is stored with Satoshi Labs servers?

1. The wallet exists only on the Trezor. It can be recreated using the recovery seed so there is no need to make a copy.
2. The recovery seed is generated using internal hardware combined with random data from the computer when you set it up. You can also create your own custom seed.
3. The primary danger is a compromised app on the computer swapping an intended receiving address with its own address without you noticing.
4. I don't know, but that can be determined by looking at the code.

Thank you for the answers.  I'm still a little confused how any wallet can be recovered with the seed without there being a copy of it anywhere.  Since the recovery process is completed using mytrezor and can be done from any machine, there has to be something pertaining to the wallet stored on Satoshi Labs servers. 

[odolvlobo]

1. I realize that private keys never leave the Trezor, however I assume a copy of my wallet is stored on Trezor servers, since I can recover my wallet if I lose my Trezor?
2. How is the recovery seed created on the Trezor, is the recovery seed programmed into the Trezor before it's shipped or is it completely random?
3. Is there some protection against 3rd party wallets (Electrum 2.0) that may be compromised.  I assume many wallets will support Trezor in the future.
4. When I connect my Trezor for the first time, setup my wallet and seed, transfer BTC to wallet, what exact information is stored with Satoshi Labs servers?

1. The wallet exists only on the Trezor. It can be recreated using the recovery seed so there is no need to make a copy.
2. The recovery seed is generated using internal hardware combined with random data from the computer when you set it up. You can also create your own custom seed.
3. The primary danger is a compromised app on the computer swapping an intended receiving address with its own address without you noticing.
4. I don't know, but that can be determined by looking at the code.

Thank you for the answers.  I'm still a little confused how any wallet can be recovered with the seed without there being a copy of it anywhere.  Since the recovery process is completed using mytrezor and can be done from any machine, there has to be something pertaining to the wallet stored on Satoshi Labs servers. 

All of the private keys in the wallet are derived from the recovery seed. Recovering a wallet consists of deriving those keys again from the recovery seed. The name of this system is "hierarchical deterministic wallet" or "HD wallet". The process is also known as BIP 32 and is described in detail here: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

[TheSilentBang]

nothing will happen if the server is compromised just check their faq for some information about that



I wonder if you export the private key from the trezor?

[zanzibar]

1. I realize that private keys never leave the Trezor, however I assume a copy of my wallet is stored on Trezor servers, since I can recover my wallet if I lose my Trezor?
2. How is the recovery seed created on the Trezor, is the recovery seed programmed into the Trezor before it's shipped or is it completely random?
3. Is there some protection against 3rd party wallets (Electrum 2.0) that may be compromised.  I assume many wallets will support Trezor in the future.
4. When I connect my Trezor for the first time, setup my wallet and seed, transfer BTC to wallet, what exact information is stored with Satoshi Labs servers?

1. The wallet exists only on the Trezor. It can be recreated using the recovery seed so there is no need to make a copy.
2. The recovery seed is generated using internal hardware combined with random data from the computer when you set it up. You can also create your own custom seed.
3. The primary danger is a compromised app on the computer swapping an intended receiving address with its own address without you noticing.
4. I don't know, but that can be determined by looking at the code.

Thank you for the answers.  I'm still a little confused how any wallet can be recovered with the seed without there being a copy of it anywhere.  Since the recovery process is completed using mytrezor and can be done from any machine, there has to be something pertaining to the wallet stored on Satoshi Labs servers. 

All of the private keys in the wallet are derived from the recovery seed. Recovering a wallet consists of deriving those keys again from the recovery seed. The name of this system is "hierarchical deterministic wallet" or "HD wallet". The process is also known as BIP 32 and is described in detail here: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

I see, that makes sense, so the private keys are created based on the recovery key.  Thank you.