Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 4. (Read 965789 times)

They talk about it more often on their Telegram channel. Apparently, it is going to become publicly available in the third quarter of this year and the closed beta is still running. The changelog is available here.

Are there any updates regarding the Trezor suite? I haven't seen any Reddit post, tweet, or blog post about it since the beta was released, and I can't find any proper changelog to see the progress even though, it looks like the development is active on GitHub 

I wonder if the idea I am going to present has ever been discussed with any sense of going forward:

Trezor does not have a serial number.  It does present a device # when connected to a site such as trezor.io or any other site/node and of course the mpk's are needed to display the balances and addresses.  That device # doesn't compromise security, BUT it could easily compromise privacy.  I operate several "hidden" wallets from each Trezor as I am certain that many of us here do.  Example; you connect a decoy/small wallet to a web wallet and use it or verify a balance or whatever.  The device # is presented, and the wallet software uses the mpk's presented.  I know all websites will say they don't log such things but I say why take any chances at all if it could be prevented by a simple software coding.  On the Trezor T there is space on the SD card if a user employs that option.

As a privacy improvement option; what if the code were changed so that the Trezor T presented a "spoofed" device # every time you connected it?  Example. When I use my daily wallet and things related directly to my name I could care less about recording the device # during a transaction.  But later if I want to view a more substantial wallet where storage is my concern, in that case I would strongly prefer that the device # provided be anonymous (un-related to previous transactions).  With this modification of code there would be NO way to ever connect the SAME device # to different mpk's thereby betraying your privacy.  Make sense?

There would be plenty of space on the SD card so memory/chip size wouldn't be a factor.  Again, this would be an option in trezorctl and not something forced upon every user.  I would most certainly use this feature without question.

BTW - I am not saying trezor.io is neglecting to forget our devices when we click on that option.  As a security buff I am saying that at some point in the future 3 letter agencies could employ enough pressure that they may have to retain information.  Electrum  nodes etc... are all under the same possibility of influence.  Surely this would be super simple code to write, and given the extra space on an SD card there is more than ample room to install it.

Any GitHub coders that would be willing to carry this idea over, feel free.  I love Trezors

I would not say that anything is 100% secure, including Trezor wallet as we saw with recent reports from their competition.
Human factor is biggest issue here and flaws in software code.
However Trezor is open source and much more safer than regular desktop wallets.
Always use only official website and NEVER enter any seed words or private keys on any website to avoid phishing.

https://wiki.trezor.io/Security:Threats
https://wiki.trezor.io/User_manual:Security_best_practices

If you set up a passphrase, and you adhere to basic security practices outlined above, it can be said that the Trezor wallet is "100% secure".

BitCryptex,

Thank you.  I was hoping that the SEED was encrypted.

I am looking to order my first trezor!

is it 100% secure? If yes, how can I verify it? Kinda curious as I am going to hold all the coins on trezor.

If you still haven't set up trezorctl then I would recommend following this guide. Also, if you are going to do it on Windows, using WSL will be the fastest way.


This feature encrypts your device's data (including the seed). If you enter a wrong or correct PIN without an SD card, the device will return an error and ask you to insert it. Once the correct SD card is inserted, you have 16 attempts to enter the correct PIN. You can easily copy the "secret" to multiple SD cards. It is stored in "trezor/device_id/salt" and can be accessed using any file explorer.


Yes, vice-versa works completely fine as well. Electrum and other third-party software do not care if you have the SD card protection enabled (because they see the device as locked) or if you used trezorctl to create a 18 word seed.

I hope this thread is the place for these questions.  At 266 pages this thread is too long to read entirely but I checked the last half a dozen pages.

1.  Trezor T SD protection question:  if a user enables SD protection using trezorctl does that directly impact encryption of the SEED on the hardware wallet?  I know SD Protect encrypts the PIN and you must have both your PIN and the SD inserted to unlock the Trezor.  My concerns are to clearly understand my locked Trezor T with my SD card hidden elsewhere  ------- would a high end physical hack at a laboratory see my SEED or an encrypted remnant of sorts?  I use super long BIP passphrases to mitigate anyway, but I want to understand EXACTLY how SD Protect impacts the stored SEED on my device.

2. If I have a few Trezors that are setup using software wallets (not trezorctl) e.g. Electrum/trezor.io, is it safe to connect using trezorctl and just configure a few options not available on simple web wallets?  Everything is backed up multiple times so there is no danger of losing coins, just trying to save time if I can.  Blowing away and starting over is doable just asking.

Yeah, there is a checkbox during checkout which signs up people for their newsletter and other spam. I am quite sure that lately, they have been sending a lot of e-mails with links to their articles.

Then they must have a different database of emails to spam people's mailboxes with 

Trezor has just shared a 10% discount code “DATAPRIVACY” that you can use in their shop. It is limited to 4500 people and 48 hours. Also, they mentioned that they get rid of any sensitive data (including e-mail addresses) from the e-shop after 90 days.

Trezor is celebrating the 6th birthday of Trezor One. Starting at midnight 21st July (00:00 CEST) until 23rd July (09:00 CEST) - for every Trezor T bought, a free Trezor One will be given.

Probably none. I thought that Electrum 3.3.8 was old enough to be fully supported by your Trezor's outdated firmware. Since the signing process has been refactored in the recent Trezor software updates, I assumed that you might fail to sign the transaction using the latest version of Electrum.

I think the potential problems with signing transactions are related to this: https://blog.trezor.io/latest-firmware-updates-correct-possible-segwit-transaction-vulnerability-266df0d2860

https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd

Thanks! I ignored it and it worked just fine. Not sure why you suggested downgrading to 3.3.8 though? Since that message is showing in both versions, what difference would it make?

While both of these updates didn't wipe my device directly, they failed to install using both my computer and my laptop resulting in broken firmware which forced me to wipe my device and install the firmware again using my Android phone. In both cases, as stated by the error log on the device, something was interrupting the USB connection so it wasn't updates' fault. It might work fine for you, but the following idea may be better.


It is definitely not going to be wiped if you ignore that message, but you might not be able to sign the transaction. Why don't you use the previous version of Electrum (3.3.8) just to be safe? You don't have to uninstall the current one. Simply download the portable executable.

I don't have access to my seed right now, and I need to make a transaction. Do you guys know if it's safe to ignore this message and continue, or can the device get wiped if I do so?



I looked at the changelogs (https://wiki.trezor.io/Firmware_changelog) and checked the blog posts for the last two updates, and apparently, updating shouldn't wipe the device. Any thoughts?

In the begginners board, someone reported a fake trezor website asking for the seed phrase.
Link to the Report thread: https://bitcointalksearch.org/topic/another-fake-trezor-wallet-website-asking-for-your-seed-phrase-5260083
Fake link: Do not click
Domain details: There are already 24 other similar domains according to DNStwister: https://dnstwister.report/search?ed=7472657a6f722e696f
I would also recommend for anybody reading this to report the fake link using this link: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Sorry, but you can't do that in both Trezor Suite and Trezor Wallet. The following screenshot is a fragment of the 'Receiving' tab from Trezor Suite.



'Total Received' is a completely useless stat, especially for people who consolidate their UTXOs. Current balance would be more useful.