Topic: If Trezor's servers go down, what would happen to wallets w/ 25th password? (Read 281 times)

Two things on this quote:

1.  Your comment about demanding the location of the seed backup is likely correct.  That is why I specifically keep my SEED in my bank safe deposit box, where only my physical presence can gain access to it.  Once inside the bank the authorities are everywhere around me.  Of course the f*** U, you can't get my SEED unless you can break into my bank deposit vault, might find me floating face down in a river.  This is a call I would have to make at that time.

2. The destruct PIN is for theft security on my end.  I keep my Trezor in a case with a scribbled reminder note that the PIN is my home address.  I make it look like I am afraid to forget my PIN and keep the note, which clearly would not go mobile with me, in the case.  My bet, is that IF someone ever found my Trezor (not going to happen almost surely) they would enter my home address.  Very few users know how to enable destruct PIN so I further bet that a thief wouldn't even consider this possibility.  By the way, my microSD SALT file (used for encryption) is nowhere near the Trezor.  As a reference for those that don't know; the destruct PIN works even without the microSD present during the PIN entering attempt.  Normally if you enter any PIN (other than the special destruct PIN) without the microSD present the Trezor just sits there and the entry attempt does nothing.  The actual PIN and the SEED are encrypted and the HW device cannot recognize any entry without the needed SALT file.  The trezorctl code places the destruct PIN outside of that constraint.


Lastly, there is another "play" that might be safer than a password protected wallet for mobile Trezor uses.  How about considering walking around with the password feature turned OFF?  If you were to keep a small but reasonable amount in a "password less" generic wallet, it would appear that you are a typical user NOT even aware what a password extended word wallet is.  Then an attacker could compel you to provide your PIN and they would see the default wallet and that there is NO password option even active.  It only takes a few seconds to enable the password feature when you need it.  BTW - I don't need to know your PIN to see if the Trezor has the password feature enabled so you cannot hide behind the PIN to conceal the use of the password feature.  Turn it off or know the attacker will see it even without knowing your PIN unless they are complete rookies, doubt it!

For an extreme case, one probably wants to preapre themselves for the worst. Therefore, I think a good idea is to keep multiple separate PINs that would look like this:
 - 1 PIN containing a few hundred bucks worth of BTC (initial decoy)
 - 1 PIN containing a few more hundred bucks worth of BTC (secondary decoy)
 - 1 PIN containing a few thousand bucks worth of BTC and multiple shitcoins worth a few hundred each (the main deceiver)

In the worst case, say you are asked for your PIN code and you enter the first. If the thief does not believe you, they will keep demanding for more. If even the second pin is not enough for the thief, the third one could be a very good decoy to deceive him. The main decoy's purpose is to look as similar to the behavior of an active crypto user as possible. Here's how I'd do it:

The Initial Decoy:
 - Has $500 worth of BTC
 - Has a few received txs and 0 spent

The Secondary Decoy:
 - Has $700 worth of BTC
 - Has a few received txs and 0 spent
 - First transaction happened after the first deposit to the Initial Decoy

The Main Deceiver:
 - Has $2000 worth of BTC
 - Has a few alts (LTC, DOGE, etc.. some with cheap fees) worth a total of $100-500
 - Has many received txs over the course of a few months but also at least a few spent every now and then
 - First transaction happened months before the first deposit to the Initial Decoy
 - Last transaction happened at least a few months before the Secondary Decoy

Perhaps the first two decoys could be coins that are stored on the Trezor's separate PINs and the Main Deceiver could be a completely different seed so that in case the thief demands the location of your seed, you can pull out the last card. If even after this the thief still doesn't believe you, then I guess there isn't much left you can do. This is an extreme prepping for an extreme situation that could easily turn very unpredictable.

Yeah, the self destruct PIN is primarily for the scenario of theft, as far as I see it. In an extreme case, where a physical attacker doesn't believe that you do not have another passphrased wallet which you are not revealing, regardless of how many you have already revealed, and regardless of whether or not you have revealed all your wallets, then by self destructing your Trezor they will merely switch to demanding the location of your seed phrase back up or back up hardware device.

As I mentioned above I primarily use my self destruct PIN for a theft of my Trezor, which is almost impossible, but just in case.  In the other parts of my post I thought some instances could present themselves where a user could employ the self destruct PIN.  Maybe something like a local LE or similar leaning on you.  Not every situation is going to be a $5 wrench attack.

I could envision a situation where I determine that something really BAD is going to happen and I am carrying my Trezor.  I could quickly pop it up and enter my destruct PIN.

There is NO danger in having the OPTION to enter the PIN in a pinch.  If you don't have the feature enabled ahead of time you limit your options.  Hopefully users can make their own adult determination if its in their interest to immediately wipe the Trezor.

Further:  an Advanced $5 wrench attacker is NEVER going to believe you have only one dummy wallet.  Even if they hit you a few times and you provide another wallet with 5-10 BTC they still will assume there is a third wallet, and a fourth, etc.....   BUT a wiped Trezor clearly indicates there is nothing that can be done without going to another location to reload it...   These are horrible thoughts and I am praying never to need to make that call.

If you find yourself in a situation where someone is threatening your life or the life of your family members, do you really want to wipe your device clean in front of them and go: "fuck you, now you have nothing. Btw, please don't hurt my family, I love them".

Plausible deniability is still the better choice. Keep a few grands that you can access with a separate PIN and hand them over. Just enough for the thieves to get something and not go berserk on you, your family, or your property, but also not the majority of your holdings. 

I would also suggest you consider setting a self-destruct PIN on your Trezor.  At least you would have an option to consider if you were forced to reveal your PIN.  Setting a unique PIN that if entered will WIPE all wallet and/or SEED info - completely - would be your call at that time.  Obviously that will take things to an all new level, but at least you have an option in that exact instance.  In my case IF I use my self-destruct PIN the ONLY way to get my SEED is to go to my safe deposit box.  Period, no exceptions!  I really have my destruct PIN set as a trap for a stolen Trezor.  The PIN would be an obvious one to attempt if someone knew me.

Mmm, hmm. 

Yes, I have the seed written in a couple of places (secured) as well as memorized.

Yes, I use passphrases.

And, yes, I have another hardware wallet w/ passphrase.

I don't disagree that relying solely on your memory is a terrible idea when it comes to backing up seed phrases or wallets, but not for this reason. If you ever find yourself in a situation where someone is extracting information from you, then they can just as easily force you to tell them the PIN for your hardware wallet, or the decryption key for your wallet.dat files, or the location of you back ups, or your exchange account password, or whatever it is they desire.

The only protection if you find yourself in a such a scenario is plausible deniability, usually in the form of multiple passphrases or hidden encrypted volumes.

I hope you don’t rely solely on your memory when it comes to backup, it’s a very unreliable way to store sensitive information. In addition, this information can be extracted from you if you come under the influence of drugs or alcohol, so it may be better not to memorize such things. Simply make 2 or more backups, and store them if possible in different locations, and for extra security add an extra word (passphrase).

Mmmm, I see your (and HCP's) point.  I have some homework to do, too bad that I had my current seed nicely memorized, but, yes, security first.  Thank you both for the tip.

HCP is right though. You should have done this with an entirely dummy wallet and dummy seed phrase, not just a new account on your main seed. Although your main account is still protected by its passphrase, by entering your 12 word seed phrase in to Wasabi you have exposed it to the internet and so it can no longer be considered safe. You have effectively reduced the security of your main account to whatever the security of the passphrase on that account is. Only you will know how secure or otherwise this is, but most people tend to use easily memorable and therefore easily guessed passphrases with far less than 128 bits of entropy (such as common words or phrases, names, addresses, etc.), and not truly random and secure passphrases such as &Lb_"z\wA^Dc]d8hL5+[.

If it were me, I would be moving everything on my Trezor to a new and secure seed phrase.

I created a dummy account in Trezor (after setting up Trezor Suite) a bech32 ("bc1qxxx") address with a passphrase, and put a tiny amount of BTC into it.  Then:

1)  In Wasabi I clicked "Recover Wallet"
2)  Entered into Wasabi's "Password" the Trezor passphrase
3)  Entered into Wasabi the 12 seed words

Trezor wallet recovered, BTC balance there in the bech32 address (same one as in Trezor), and transferred it just fine

EDIT: I did not recover (in Wasabi) my main Trezor passphrase-protected account, which as you mention, defeats the purpose of the hardware wallet.  I just wanted to find a way to recover a passphrase-protected account just in case of loss, theft, or loss of function of my Trezor.

How exactly did you go about "backing up the passphrase-protected Trezor wallet into Wasabai"?

If you entered your 12/24 words and passphrase directly into Wasabi... you need to move all your coins from your Trezor, then reset your Trezor and create a completely new 12/24 word seeds/passphrase combo and move you coins to that new wallet ASAP, as you have effectively removed all the safeguards of the Trezor by exposing the seed.

You should NEVER put your 12/24 words into anything other than your Trezor (or another hardware wallet)... unless you are attempting to recovery funds due to the device being stolen/lost/broken and you can't wait until you can get another hardware wallet to restore your wallet to.

Yes, in essence, that's what I did, but I first had to install Trezor Suite to be able to get Trezor and Wasabi to work together nicely (w/ bech32 addresses).

It did indeed work just fine.

I haven't done it myself, but it should work just fine.

If you look at the Wasabi docs here - https://docs.wasabiwallet.io/FAQ/FAQ-UseWasabi.html#what-is-the-password-used-for - it says that the password you set on your Wasabi wallet is used as a passphrase as described in BIP39, which is exactly how Trezor uses the passphrase.

Also here - https://docs.wasabiwallet.io/using-wasabi/WalletRecovery.html#mnemonic-recovery-words-and-password - it says you can recover a wallet generated from any BIP39 software, again by inputting your seed phrase and then by inputting your passphrase as the password.

Why not create a dummy wallet on your Trezor and test it yourself?

...

Thank you all for your responses.  Many of your responses are "beyond my scope", so let me run an idea past you all that I got from my nearby thread on Wasabi wallets.  

I now have on my Trezor: (BIP 39) "Word1", "Word2", ... "Word 12", "passphrase"  <--- OK, I'm good there.

I also have Wasabi, and perhaps I could do the below should I want to recover my Trezor wallet (if their servers go away, whatever):

Recover onto Wasabi using same 12 words (seed) as in my Trezor, then use same Trezor "passphrase" as my Wasabi password.

Does that work?  That would be one very nice application for Wasabi.  That also solves the disappearance issue of Trezor servers without me having to get LINUX, Electrum, Ian Coleman, etc. that I know very little about.

Thank you again for your assistance.



EDIT: Install Trezor Suite to allow Trezor to work with bech32 addresses.  I did so (install and create a bech32), backed up the passphrase-protected Trezor wallet into Wasabi, and then made a transaction.  It worked just fine.  A great tool for just in case...

Same reason why people urge others to run a local instance of their wallet instead of having to connect to something that can be changed at a whim without any of the user's authorization.
There is[1]. It isn't necessary for the user to use SatoshiLabs' servers, they can run their own and be perfectly fine.

[1] https://wiki.trezor.io/User_manual:Running_a_local_instance_of_Trezor_Wallet_backend_(Blockbook)

I think that Trezor satoshilabs developers first created BIP39 standard back in 2013 and most hardware and software wallets are supporting it today.
Trezor servers are not connected with your passphrase in any way so you don't have to worry about that, you can even generate your seed words and passphrase offline, and if servers go down you can just use any other wallet.
I would however be very careful and not use any online and hot wallets for recovering and importing backup phrase and passphrase.


Coldcard hardware wallet have no servers so you must use your own Bitcoin full node or use some other wallets with servers like Electrum.

Blockchain.com and BitPay won't support it, but these are two of the worst wallets in existence and there a plethora of reasons you should not use them, with lack of passphrase support being the least of your worries.

However, both Wasabi and Ledger will support seed phrases with additional passphrases (also known as the "25th word"), as will a number of other wallets such as Electrum. There are even open source tools such as https://iancoleman.io/bip39/ which will allow you to import both a seed phrase and an additional passphrase (don't do this on an online computer!)

The passphrase/25th word/seed extension/etc. is a very standard part of seed generation, and is detailed in BIP39 itself:
Both Trezor and Ledger can be used without requiring you to use their own servers or software, by pairing them with Electrum or similar.

If I understood you correctly, the question is actually whether Trezor wallet can be recovered if in addition to the seed, there is also what you call an extra word (passphrase). Of course this is possible if the alternative crypto wallet supports the extra word option, and this is the case with Electrum. Of course there is no point in doing that, because you can simply connect your Trezor to Electrum and get access to your BTC wallet at any time.


As far as I know, the seed generated by Trezor can be easily entered into the Ledger and vice versa - and in my opinion this is the only safe solution in which I would not consider such a seed compromised. Entering HW seed in online wallet would really be a stupid move, especially if someone were a victim of phishing at the same time.

https://wiki.trezor.io/Apps:Electrum

If you need to connect to any server for wallet seed creation then your hardware wallet can send your wallet seed to any third part or not trust its security.
wallet seed is BIP protocol you can extract the private keys using https://github.com/iancoleman/bip39 and export it to any wallet. electrum or others.

Trezor's servers go down and there is no way to send coins people can use any other software.

Trezor can completely connect with your own node, which means we can be completely independent of any servers [1]. when connected to wasabi, Trezor will also connect to the wasabi server, so are the others. cmiiw

[1]. https://wiki.trezor.io/User_manual:Running_a_local_instance_of_Trezor_Wallet_backend_(Blockbook)

Most of them will work without.

Many of the HW wallet, or wallets in general uses BIP39 to generate their seed phrase. The method for them to generate the seed passphrase is completely transparent and it is not difficult to obtain the private keys from that directly. Even if they use a different standard like Electrum, you'll probably be able to figure out how it's done by looking at the codes, the extract the private keys yourself.

...

Something I have wondered about for a while, but never got around to asking, is what would happen to wallets with a "13th Word"?

For example, I do not see how BTC could be recovered from a Trezor with the extra word via blockchain.com, Wasabi, BitPay or Ledger wallets (the only ones I am familiar with).  I have not downloaded or used Electrum or any other wallets.

For that matter, are there ANY hardware wallets that do not have to be used only with specific servers?  If not, that seems like an extra risk...