Are my coins too safe? | Bitcointalksearch.org

Lillominato89

hero member

Activity: 882

Merit: 860

Quote from: Fittetrynet on December 04, 2022, 09:37:11 AM

Will I mess up and lock myself out of my wallet eventually?

This is what I did:

- Bought Trezor hardware device.
- Wrote down 24 word recovery seed on paper.
- Made a wallet with Electrum.

Is the 24 word recovery seed all I need to store securely? Or do I need the wallet file as well? And do I also need to save my receiving addresses?
I generate a new BTC address every time I send BTC to my wallet, do I have to securely store the address each and every time I receive BTC?

If anyone could clarify this I would appreciate it:)

nothing to worry about, to err is human, but the human learns from his mistakes. Keep your seed phrases or private key safe so they are not lost or accidentally thrown away. Your funds will be stored on the private key present inside your Trezor, Electrum is just a client where you can manage your bitcoins or shitcoins

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: yhiaali3 on December 19, 2022, 01:47:16 PM

Also, he can recover any coin using its private key using any other wallet in the event that the hard wallet, for example, is damaged, lost or stolen.

I don't have a Trezor hardware wallet, but if they are anything like Ledger, a user shouldn't even be able to see their private keys on the device or the native app. If you want to work with a specific private key, you would have to import your seed into the Ian Coleman BIP-39 site and get the data from there. But this is not recommended and significantly lowers the security of your seed.

yhiaali3

legendary

Activity: 1848

Merit: 1982

Payment Gateway Allows Recurring Payments

Quote from: Pmalek on December 19, 2022, 03:44:00 AM

To avoid any confusion, are you talking about the PIN code that unlocks the physical device or the password to the Trezor Suite software?

Thank you for the clarification, yes I meant the Trezor PIN code that we need when we want to connect the wallet.

Quote from: Pmalek on December 19, 2022, 03:44:00 AM

If you forget your Trezor PIN code, you can reset the device to factory settings, import your seed, and set up a new PIN. The seed + any connected passphrases are essential. Nothing else is.

Yes, your words are correct in the long run, meaning in the end he only need the SEED or the private key, because in case we forget the PIN or any other problem occurs, he can do a factory reset of the hard wallet and restore everything via the SEED as you mentioned.
Also, he can recover any coin using its private key using any other wallet in the event that the hard wallet, for example, is damaged, lost or stolen.

But what I meant is that he needs to save the Trezor PIN code for daily transactions, because when he wants to connect the wallet to any site, he needs to enter the password. The PIN is necessary for every wallet connection, so he must remember it always. This is what I meant.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: yhiaali3 on December 15, 2022, 11:54:44 AM

...you don't have to save any other files but of course you have to save your Trezor wallet login password to be able to access the hard wallet.

To avoid any confusion, are you talking about the PIN code that unlocks the physical device or the password to the Trezor Suite software? But whatever the case, these two pieces of data aren't essential and even if you forget them, you can still access and spend your crypto by setting everything up from the start.

If you forget your Trezor PIN code, you can reset the device to factory settings, import your seed, and set up a new PIN. The seed + any connected passphrases are essential. Nothing else is.

yhiaali3

legendary

Activity: 1848

Merit: 1982

Payment Gateway Allows Recurring Payments

Quote from: Fittetrynet on December 04, 2022, 09:37:11 AM

Is the 24 word recovery seed all I need to store securely? Or do I need the wallet file as well? And do I also need to save my receiving addresses?

The 24 word recovery seed is all I need to store it securely, you don't have to save any other files but of course you have to save your Trezor wallet login password to be able to access the hard wallet.

Quote from: Fittetrynet on December 04, 2022, 09:37:11 AM

I generate a new BTC address every time I send BTC to my wallet, do I have to securely store the address each and every time I receive BTC?

You don't have to store a new BTC address every time, every time you want to receive bitcoins to your wallet a new address will be randomly generated (to increase security and privacy) and you don't have to save any of them.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: hZti on December 12, 2022, 11:55:05 AM

Quote from: Hispo on December 09, 2022, 10:22:21 PM

I can agree with you.
With time I assume people will get educated enough to manage their keys and passphrases how they are suppose to do it, but I personally believe there are some years ahead before the average Bitcoin user realizes the advantages and also the responsibility required.

It is also worth to mention that not all the parents or people from previous generations fully understand the concept of private keys or passphrase, I have managed to explain what a private/public key is to my parents (after several attempts), the passphrase would be an extra explanation I will need to go through.

It is the same with banking and interest rates, etc.. The only difference is that we learn it from our parents and therefore it seems normal to us. For bitcoin this will need at least 40 years from now for the first bitcoin educated generation.

Isn't it forty years a bit long?
There are already people here in the forum and in other parts of the Bitcoin community who have children and are slowly starting to teach them about cryptocurrency.
Perhaps, in 40 years there will be many people who grew up knowing about Bitcoin thanks to their parents, but considering some people start investing as early as 20 years old, I would assume the first Bitcoin educated generation will be ready to go in 20-30 years.

hZti

hero member

Activity: 1050

Merit: 642

Magic

Quote from: Hispo on December 09, 2022, 10:22:21 PM

I can agree with you.
With time I assume people will get educated enough to manage their keys and passphrases how they are suppose to do it, but I personally believe there are some years ahead before the average Bitcoin user realizes the advantages and also the responsibility required.

It is also worth to mention that not all the parents or people from previous generations fully understand the concept of private keys or passphrase, I have managed to explain what a private/public key is to my parents (after several attempts), the passphrase would be an extra explanation I will need to go through.

It is the same with banking and interest rates, etc.. The only difference is that we learn it from our parents and therefore it seems normal to us. For bitcoin this will need at least 40 years from now for the first bitcoin educated generation.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: joniboini on December 08, 2022, 06:52:54 PM

Quote from: Hispo on December 07, 2022, 02:41:06 PM

-snip-

...

I can agree with you.
With time I assume people will get educated enough to manage their keys and passphrases how they are suppose to do it, but I personally believe there are some years ahead before the average Bitcoin user realizes the advantages and also the responsibility required.

It is also worth to mention that not all the parents or people from previous generations fully understand the concept of private keys or passphrase, I have managed to explain what a private/public key is to my parents (after several attempts), the passphrase would be an extra explanation I will need to go through.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: Hispo on December 07, 2022, 02:41:06 PM

Satoshilabs have been giving more widespread awareness to the passphrase feature, which could lead to some people who are not advanced yet with management of their wallet to commit a mistake.

I think anyone who wants to use something like this or prepare their inheritance should learn and be aware of this in the first place. Like it or not, it is their responsibility to learn and manage their wallets if they want to be in control. If they are not comfortable with it, then their only option is to trust a third party to make sure their family can access their crypto in the future, which is probably not the best choice.

With time, I think more and more people will get accustomed to it, just like people are familiar with 2FA or other layers of protection that currently exist. If you think about it, a password or 2FA can also be a problem for you if you forget or misplaced it, so the key is how to make sure you can access it in the future.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: Lucius on December 06, 2022, 05:38:55 AM

Quote from: Hispo on December 05, 2022, 03:34:36 PM

The only thing which I don't like about the passphrases is the fact that they can make way harder for family members to recover one's satoshis in case one passes away... It still can be settled, but I have read some stories on how the passphrase ends up being an "problem" for coin recovery, mostly due to lack of communication or attention.

That's why this option is always emphasized as the one that should be used only by advanced users, and if we're going to be honest, what percentage of users can we place in that category? It seems to me that it is less than 10%, and even if it is more than that, I still think that it is a minority. Losing a passphrase or not understanding that it exists at all is a real problem, but those who want someone to inherit their coins must find the best way to prevent such situations from happening.

I agree that is a fairly small percentage and it is an option which should be used by advanced users, but I have got the impression that since the Trezor's physical glitching attack was disclosed by Kraken, Satoshilabs have been giving more widespread awareness to the passphrase feature, which could lead to some people who are not advanced yet with management of their wallet to commit a mistake.

Even Trezor Suite gives explicit importance to Passphrases.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: Lucius on December 06, 2022, 05:38:55 AM

Some will say that this is something that does not represent too much of a problem, and I can somewhat agree with that, because the probability that someone will lose their HW and that it will be found by someone who knows how to carry out that attack is very small - but it still exists.

Yeah, it's certainly not something that should concern the general community of Trezor One users. But if we combine that with a potential data leak in the future that every company with centralized servers can become a target of, then the information of who owns Trezor One hardware wallets coupled with info about where they live can prove to be quite valuable to some. Particularly to those who have knowledge about how to abuse it.

Some people are going to say, you can always get subjected to a $5 wrench attack or get tortured to reveal the needed PINs and passwords. But keep in mind that not all groups might be willing to take it that far as to physically hurt or kill people. The consequences and punishments for stealing and breaking and entering are different than for hurting, breaking bones, and killing people.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Pmalek on December 05, 2022, 10:41:11 AM

~snip~
Unfortunately, this mitigation option is not available for the old Trezor One, making the device less secure in case of physical hacks.

Some will say that this is something that does not represent too much of a problem, and I can somewhat agree with that, because the probability that someone will lose their HW and that it will be found by someone who knows how to carry out that attack is very small - but it still exists.

Quote from: Hispo on December 05, 2022, 03:34:36 PM

The only thing which I don't like about the passphrases is the fact that they can make way harder for family members to recover one's satoshis in case one passes away... It still can be settled, but I have read some stories on how the passphrase ends up being an "problem" for coin recovery, mostly due to lack of communication or attention.

That's why this option is always emphasized as the one that should be used only by advanced users, and if we're going to be honest, what percentage of users can we place in that category? It seems to me that it is less than 10%, and even if it is more than that, I still think that it is a minority. Losing a passphrase or not understanding that it exists at all is a real problem, but those who want someone to inherit their coins must find the best way to prevent such situations from happening.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Fittetrynet on December 04, 2022, 09:37:11 AM

Will I mess up and lock myself out of my wallet eventually?

You can't lock yourself from anything if you are using non-custodial wallets like Trezor.
Just make sure not to enter your seed words on any website online and keep them safe and always offline.

Quote from: Fittetrynet on December 04, 2022, 09:37:11 AM

Is the 24 word recovery seed all I need to store securely? Or do I need the wallet file as well? And do I also need to save my receiving addresses?
I generate a new BTC address every time I send BTC to my wallet, do I have to securely store the address each and every time I receive BTC?

You need seed words, passphrases (if you used them), and in some cases it would be good to know derivation paths for wallet, if you used something that is not standard.
Generating new addresses is good when you need to receive Bitcoin, but you don't need to do it when you are sending coins every time.
There is no need to store addresses anywhere outside your wallet.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: hZti on December 05, 2022, 03:37:55 AM

Quote from: Hispo on December 04, 2022, 05:40:25 PM

-snip-

It is best to have the seed engraved in metal and stored in a different location.

I personally believe it would be secure enough just to engrave on metal and carefully hide the seed in the same house where the Trezor is, nothing too obvious like a drawer or a safe on the wall.

I suppose it depends on the personal preference of each of us.

Quote from: Lucius on December 05, 2022, 05:37:39 AM

Given that Trezor has an irreparable vulnerability that can be exploited in the event that someone comes into possession of your device, I advise everyone who uses this HW to protect their seed by setting a passphrase. This additional protection in the form of an additional word/password should be unique and sufficiently complicated in terms of the number and type of characters to be resistant to brute force hacking.

Read more :

Trezor&Keepkey - Unfixable Seed Extraction - A practical and reliable attack!

The only thing which I don't like about the passphrases is the fact that they can make way harder for family members to recover one's satoshis in case one passes away... It still can be settled, but I have read some stories on how the passphrase ends up being an "problem" for coin recovery, mostly due to lack of communication or attention.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: Lucius on December 05, 2022, 05:37:39 AM

Given that Trezor has an irreparable vulnerability that can be exploited in the event that someone comes into possession of your device, I advise everyone who uses this HW to protect their seed by setting a passphrase. This additional protection in the form of an additional word/password should be unique and sufficiently complicated in terms of the number and type of characters to be resistant to brute force hacking.

The passphrase protects the seed, but the unfixable extraction vulnerability doesn't just apply to the recovery phrase. It also applies to the PIN code that unlocks the device. A code can be saved on a microSD card that is required every time you want to unlock your hardware wallet. That provides extra protection for unlocking the Trezor T. Unfortunately, this mitigation option is not available for the old Trezor One, making the device less secure in case of physical hacks.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Given that Trezor has an irreparable vulnerability that can be exploited in the event that someone comes into possession of your device, I advise everyone who uses this HW to protect their seed by setting a passphrase. This additional protection in the form of an additional word/password should be unique and sufficiently complicated in terms of the number and type of characters to be resistant to brute force hacking.

Read more :

Trezor&Keepkey - Unfixable Seed Extraction - A practical and reliable attack!

hZti

hero member

Activity: 1050

Merit: 642

Magic

Quote from: Hispo on December 04, 2022, 05:40:25 PM

you can also engrave your seed onto metal, so your money/investment becomes fireproof and waterproof.

I was just going to say this also, since your coins are definitely not too safe if you keep you seed in the same house as the hardware wallet on a piece of paper. One flood, fire, etc. can take out your house and also your coins. It is best to have the seed engraved in metal and stored in a different location.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

Quote from: Rikafip on December 04, 2022, 11:33:09 AM

Quote from: Fittetrynet on December 04, 2022, 09:37:11 AM

Will I mess up and lock myself out of my wallet eventually?

To ensure that doesn't happen, I would suggest you to make more than one copy of your seed phrase and preferably store it at another some secure location (other than the one you are living in) in case you have it.

you can also engrave your seed onto metal, so your money/investment becomes fireproof and waterproof.
There are some products which makes this easy and there are some Do it your self tutorial around here where you can learnt hot to engrave your seed with tools easily available and with just a bit of money.

Take care of your seed and you should be ok, not matter what happens to your Trezor and your Pc

Pmalek

legendary

Activity: 2730

Merit: 7065

When you say you made an Electrum wallet, I hope that doesn't mean that your imported your Trezor seed into your Electrum wallet, does it? If you did that, you have basically taken all the security away that you would otherwise preserve if only your hardware wallet is used with your seed phrase. A Trezor can be connected and used successfully with Electrum without importing a seed.

You don't need the Electrum's wallet file because you can't sign and broadcast any transactions without your Trezor connected. The transactions need to be signed with the corresponding private keys and those are only found on the HW. Electrum's wallet file doesn't have them, hence it isn't that important. You can still encrypt the wallet file making it inaccessible unless the Trezor wallet is also connected and unlocked. That would prevent someone loading Electrum, opening your wallet file in the client, and being able to see how many coins are in that wallet and derivation path.

Quote from: Beparanf on December 04, 2022, 09:41:40 AM

It’s better if you will just save your wallet address so that you can limit the access of your wallet for safety purposes.

What does this mean, and what are you trying to say?

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: Fittetrynet on December 04, 2022, 09:37:11 AM

Will I mess up and lock myself out of my wallet eventually?

To ensure that doesn't happen, I would suggest you to make more than one copy of your seed phrase and preferably store it at another some secure location (other than the one you are living in) in case you have it.

Quote from: Fittetrynet on December 04, 2022, 09:37:11 AM

Is the 24 word recovery seed all I need to store securely? Or do I need the wallet file as well? And do I also need to save my receiving addresses?

Seed phrase is enough. And there's no need to connect Trezor each time you receive Bitcoin when its more convenient to simply save the address instead. Well, at least that's what I am doing with my hardware wallet as I don't wanna go through hassle of getting it out of my secure place, then plugging it in etc every time I have to receive some Bitcoin.

Another thing to think about is contingency plan in case something happens to you, so Bitcoin you have don't go to waste.

Topic: Are my coins too safe? (Read 302 times)