Topic: Do you recommend passpharse for Trezor One? - page 2. (Read 408 times)

Using passphrase is great but problem is that some hardware wallets like ledger is storing passphrases on device itself with attaching it to PIN code, so in theory it could possibly be extracted with some exploit, bug or malicious software.
It also complicates things a lot with secondary PIN and I don't think all procedure is user friendly especially for newbies.

Trezor Model T may be better than Trezor One but I don't think it's 3 times better, and that is what current price of 180 euros suggest, compared with 59 euros for model One.
Bigger screen and SD card is cool but I would not waste money on purchasing Trezor until they release new model with open source secure element.

Ahh yeah, I forgot about the SD slot on the Trezor T, which is what I assume you are referring to. Thanks for the correction. Still, Trezor recommend everyone use an additional passphrase as an extension to their seed phrase, which is the only way to be safe against this vulnerability if you are using a Trezor One.

Just as importantly, using multiple passphrased wallets is the only realistic way to have plausible deniability against a physical attack when using a hardware wallet.

Correction:  posts 10 and 17 on this thread state that even with a Trezor T the physical loss of the device means someone can almost instantly gain access to your stored SEED. Not true for an advanced user.  With a T you CAN completely encrypt the SEED and the PIN.  My T's are heavily encrypted and no one here could in any way confirm my SEED or PIN if I were to ship my devices directly to them!

Another comment regarding extended word/phrase for the SEED.  I don't care which HW device you are using the application of an extended word/phrase is KEY.  Why?  ANY HW wallet could someday fall prey to an advanced physical attack by advanced adversaries.  PLEASE pay attention here; the key is the extended phrase is NEVER stored on any HW device so a complete physical hack would always leave the attacker holding an empty bag.


I acknowledge the OP is talking about a Trezor ONE, which I have a pile of, but the posts mentioned above referred to the T.  I felt obligated to correct the blank statements that are not universally correct where the T is concerned!

You can correct me if I'm wrong here, but I think you have this the wrong way round. As far as I am aware, there is no way to encrypt your seed phrase which is stored on your Trezor device with an additional passphrase. The seed phrase is only encrypted by the user's PIN. The passphrase that Trezor recommend using to mitigate against this attack in this article is indeed the seed extension passphrase:


In the event that an attacker is successful in this attack, they would still be able to extract your encrypted seed phrase and then brute force your PIN in a few minutes in order to decrypt it. However, they would not be able to steal your coins because your coins are not in that base wallet, but in a hidden wallet behind a (hopefully) strong passphrase.

Thank you very much guys,you helped me a lot.
Just a little update,I can't change wallet address in the Ethermine because I can only use one address for mining at the time so until I pass threshold on Ethermine,I'll had to use wallet address for Coinbase.
However,I manage to change wallet address for Trezor in T-Rex miner,and it worked,so everything is going great,but I'll have to pay one more fee for transfer from Coinbase to Trezor.

Yes, if it is your paying address that you generated yourself and submitted.

It will be better to used an address on noncustododial wallet like Trezor for the paying address, transaction fee on such wallets are much more lower if compared to exchanges.


I am not a miner, but I think you are paid to an address you gave? then nothing will happen to the fund.

Probaly yes, but I never used that miner and I can't say anything more about it.


What kind of question is that?
You need to pay fees for sending coins from your own wallet, so make up your mind what you want to do, sell or hold coins.


You are not going to lose anything if you do everything correctly, but you may lose everything if you make some mistake.

PS
Please stay on topic.

So,all I need to do is edit bat. file in T-Rex and replace existing address with the one from the Trezor?
I thought so,but one day when I want to send coins back to Coinbase to sell them,will I have to pay fees for transfer from Trezor to Coinbase?
Also,I mined 0.03 ETH on Ethermine,I suppose if I change wallet address in T-Rex miner,I won't lose those 0.03 ETH that I'm currently mining?

Only way is to change wallet address in your miner and replace it with one of your addresses from Trezor hardware wallet, that is if you want to hold coins and not sell them on exchange.
Exchanges are for trading and wallets are for holding coins.

Hey guys,one more question.
I use Ethermine and T-Rex for mining and I use Coinbase as wallet.
I had small amount of mined Ethereum in my Coinbase wallet that I transfer to Trezor One.
I had to pay transfer fee that was fairly high.
I would like to know,is there a possibility to use Ethermine and once I pass threshold of 0.05 ETH is there a way to transfer that mined Ethereum directly to Trezor without sending it to Coinbase to avoid fees?

You are absolutely correct, but just want to add this for more clarification. The vulnerability in which someone that steal the hardware wallet can be able to extract out the seed phrase can also be done one Trezor Model T. I am pretty sure you know about this as well, but I included it for the OP not to make mistake by thinking otherwise about Trezor Model T.

I would use Trezor and other hardware wallets only with passphrase option because it is not stored anywhere on device and it is much harder for anyone to steal your funds if you lose your wallet device.
It is very important to make good strong passphrase made from several words, write it correctly and back it up in separate location from your seed words.
You can have separate account in your Trezor wallet without passphrase as decoy for holding smaller amount of coins.


You are never 100% protected and phishing attacks are mostly done by human mistakes, not checking if website is correct or clicking link received in email.
Watch what you install on your computer and scan it for malware, viruses and keyloggers before you use this computer for any crypto wallets.
I would suggest that you download Trezor Suite from official website or github page and use that instead of their web version.

Anyone can be victim of phishing so you should pass some free Phishing Quizzes and learn more how to protect yourself.

Because of the unfixable security vulnerability in the Trezor ONE, most users would probably regard the passphrase as "required" (and a relatively long, complex one at that!) to maintain the "same level" of security as most hardware wallets provide.

As already noted, without the passphrase, your seed and therefore your private keys are trivially easy to get access to for anyone with physical access to your hardware wallet. A desktop wallet with a password would have more protection!

So, it depends on your personal risk profile/acceptance... if you're satisfied that the odds of the device being physically compromised are lower than forgetting your passphrase then it's not "required" per se.

At this time, there are no known exploits to be able to remotely hack the device.

It doesn't have to. BIP38 is just another way to conveniently encrypt things but they do have a version byte identifier. Advantage of BIP38 is that the identifier allows you to see that it is a BIP38 encrypted key and probably an encrypted private key. The encryption used for BIP38 can be used anywhere and it is.

Not needed. If you have to do so, then there is probably no point for a hardware wallet.

Please, never mind this, I do not get your point here. The encrypted passphrase should be BIP38 right? Which is also even called password, correct me if wrong. But, the hierarchical deterministic wallet only follow the BIP39 passphrase standard which is generated through salting in which making seed phrase to generate another keys and addresses entirely, this are the passphrase which are extra words, and it is what is supported by Trezor. BIP38 is used for wallets like paper wallet, not hierarchical deterministic wallets.

You will need to operate your wallet in a safe environment, making your computer to be completely safe from malware.

You need to know ways to protect your device, making it not have malware. You will need to learn this before making use of bitcoin at all. Learn how to use your device in a way you will stay away from alware, not that hard if you learn about it.

The most important is the seed phrase, you need the pin to access your wallet, but if you are import the seed phrase to another wallet, the pin is no more needed. But remember what I posted above, that if the passphrase is included, you will need it along during seed phrase importation.

In case you later decide to use passphrase. These will be helpful:

You are right, but I have heard the possibility of change address in which recipient address will be change to attackers address during sending, but checking the address again to make sure it is the recipient address is recommended. Also, the best is to operate hardware wallet in a safe environment with a safe computer.

No. The communication through USB won't allow for any malware to be able to obtain your secrets. The exploit works solely on the premise that the attacker is able to crack open your device and take the chip out to glitch it.

The main risk with malware is them tricking you into entering a different address and stealing your funds. It is mitigated by checking the screen on your Trezor to see if the address is correct.
That is all to restore all your funds.

OK,I really don't think I'll ever have problem with thief breaking into my home and trying to steal Trezor device.
Not only that nobody knows I have cryptocurrencies and even if they somehow do,I still have such a small amounts that it's not worth it.
I will keep device hidden of course so I don't worry too much that someone will find it and steal it.

My biggest concern is that someone may hack it while I'm connected to my PC while I'm in Trezor Suite desktop app.
Like,what if someone can hack it while I'm making transaction or if I catch spy malware or some virus or someone infiltrate my PC without my knowledge?

Also,now when I set up Trezor and wrote down seed words as well as PIN,do I have to worry about anything else or is that all I need to have excellent protection?

There are two types of passphrase. An encryption for the seed or an extension for the seed. The former is recommended for Trezor as there is an unfixable vulnerability which allows for an extraction of the seed given physical access to the device. An encryption on top of it would make the attack practically useless.

The latter is entirely up to you. The seed extension is not covered by the checksum and you might have difficulty when restoring the seeds. Shouldn't be a problem if you were to make a backup safely.

Trezor is a reputed wallet, it is completely open source which makes it to be one of the wallet that is recommendable. But, there is one thing that was proved about Trezor, it is about if the wallet is stolen, there are ways to attack the wallet and reveal the complete seed phrase in minutes. This can be used to steal all the bitcoin and other cryptocurrencies that is controlled by keys generated by the seed phrase. Although, if the wallet is not stolen and is safe with you, nothing will happen.

But, in case it is stolen, and the thief try to extract out the seed phrase, the passphrase can help, it will make it difficult or impossible to know the keys generated, because passphrase in addition to seed phrase makes a wallet to generate another keys and addresses entirely. In this case your wallet will even still be safe after theft. But, it is advisable to use strong extra words (passphrase) so that brute forcing it will be difficult or impossible. And you would have even recovered your wallet and transfer the cryptocurrencies on it to another wallet immediately after theft.

You will need to properly, securely and safely backup the seed phrase and passphrase offline, the back up should not be together, and have like two replica in different location will make its accessibility safer. Know that pin can protect the wallet, but not needed while importing the seed phrase on another wallet for recovery, unlike the passphrase which is very important.

The passphrase makes your wallet protection stronger, and must not be forgotten. It should be properly backup as well as seed phrase but differently.

Hello everybody,

I just set up my Trezor One and I see option to set additional protection with passpharse.
However I heard that while it may make things safer,it can also be devastating if I forget it,or lost it.
Some say it's not recommend to use it,other say it's great extra layer of protection.
I would like to know your opinion.

Also,I set up my Trezor and download Trezor Suite app for desktop.
I wrote seed words as well as PIN.
I would like to know is that all and am I now completely protected from any kind of threat like hacking or pishing attacks?