Topic: Kraken Security Labs just 15 minutes to hack both of trezor's crypto hardware - page 3. (Read 703 times)

This was discussed before here:
https://bitcointalksearch.org/topic/hardware-wallet-hacked-5146284

Dave's view: Neither of the big 2 hardware wallet makers are that great against a determined foe. There are ways of mitigating the risk, but they are human dependent (long passphrase, keep it secure, etc.)

I am partial to the coldcard, but even then I know it is not perfect.

But, as stated before and by other posters in this thread 37 character passphrases are a joke.

100% personal opinion and nothing more: I trust NOTHING that comes from  SatoshiLabs / Slush and never will. I used to when I was "young and learning about bitcoin and crypto" but now that I know better. Nope. He / that team do just enough to get the job done and no problems are ever their fault.

-Dave

The Ledger team released details of probably the same attack in July of last year. Certainly the attack they performed has the same outcome - if someone has physical access to your device they can extract the seed. See Lucius' link above. I own a Trezor device, but have since reset it, don't store any coins on it, and haven't used it at all, since a few weeks after that release. I was concerned about the attack, and I was also concerned about Trezor's response, which was essentially "Meh, use a passphrase", and didn't state in any way how they were going to address the issue (and they still haven't).

So the attack is always possible regardless of whether or not you use a passphrase. An attacker using this method will always be able to extract your 24 word seed. The different is whether or not your coins are also secured by a passphrase. If they aren't, then once an attacker has your seed they can steal your coins. If they are, then once an attacker has your seed they can try to brute force your passphrase, and then steal your coins.

Quite the opposite. The Ledger release above shows the attack was possible using a single board with components costing less than $100, using only "basic electronics techniques". Not only is this attack potentially easily reproducible, but someone could also manufacture and sell those boards.

For a passphrase to be as secure as a 24 word seed phrase, which is the security level you have to reach if you want your wallet to be as secure as if this attack didn't exist, then it needs to be 37 random characters. Given that only a minority of users even use a passphrase, and of those who do, a very small minority of them will use a passphrase of 37 random characters, Trezor's response to this attack is wholly unsatisfactory. Since most passphrases in use are probably human generated, then like passwords, they will be short, not random, and bruteforcible.

In his official press release, Trezor said this is very likely a similar vulnerability Ledger Donjon Team discovered last year and I post about this in this topic Trezor&Keepkey - Unfixable Seed Extraction - A practical and reliable attack!.

As you can see, there is no fix for this problem in such a way that it can be repaired with the new firmware. The only sure solution is to use a passphrase - " Donjon Team suggest that this passphrase should be about 37 characters long to prevent dictionary and brute-force attacks."

Given that passphrase is not stored in a hardware wallet, it will protect you even in the event of a physical attack when the attacker extracts seed from a hardware wallet.

Where have you seen that?   Did you read the report of the exploit and watch the video? https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets
You need to fully disassemble the ledger and extract the chipset, the case sealing has to be broken.
In practice only an electronic engineer in a laboratory with the necessary equipment is able to conduct this attack. So I wouldn't be surprised if the leak came from a competitor in fact The exploit is highly technical and sophisticated.

Brute forcing a long and complicated password would take years. Your password should never consist of easy to guess dictionary words. I am not sure how reliable this source is https://www.betterbuys.com/estimating-password-cracking-times/.

But they say that a 10 character password would take 4 months to brute force.
An 11 character password 10 years, and a 12 character one would take 200 years.

I like the part where you can test the strength of passwords on site. Just don't enter passwords you use in real life. But an interesting feature to play with. 

It is used in combination with the recovery seed to access a single hidden wallet and can be any length you want. You can also create as many hidden wallets as you want with multiple different passphrases. Technically speaking, yes you could attempt to brute force a passphrase for a single hidden wallet with the recovery seed taken from the chip, but this would be extremely difficult unless it is a very basic passphrase. Any incorrect passphrase is still going to generate a wallet, but with no funds. Using a passphrase that could be easily brute forced would defeat the purpose of using a passphrase to begin with unless you are creating decoy wallets. A random 12 character alphanumeric passphrase would cost $128 billion on average to crack today. Passphrases will weaken over time, so choose strong ones, or transfer funds to another hidden wallet with stronger passphrase if existing is too weak.

Isn't the passphrase just an additional word added to the seed phrase? If so, surely they could just retrieve the 24 word seed phrase, and then brute force the 25th word via a dictionary attack?

Doesn't really seem to be that much additional security, or is there something I'm missing?

You are correct. This attack is not possible if you use a passphrase.

From Satoshi Labs:

From Kraken:

Wait, what?  From Trezor's response, this has been known about since October of last year (although they apparently just responded now).

Anyway, I'm ignorant as far as technical details go but this stood out to me:

So that tells me that it isn't always possible to hack the Trezor if someone has possession of it.  Someone please correct me if I've interpreted that incorrectly.

This is still very interesting to me, as I've often wondered how easy it would be for someone to get access to a hardware device's private keys.  Till now I had no clue, and I'd assumed that it would have been impossible--oops!  I've never used a Trezor, but now I'm curious as to what it would take to hack a Ledger or any of the other hardware wallets on the market.

Well these kind of attacks were always going to be possible. For example, anybody who has access to your hardware wallet could simply install a device that records your PIN and transmits it wirelessly, or install cameras in the room or pressure-sensitive film over the buttons to register your presses and record the PIN.

They're still going to be a step up over simply storing your private key or seed phrase on a paper wallet.

Kraken Security Labs has devised a way to extract seeds from both cryptocurrency hardware wallets offered from industry leader Trezor, the Trezor One and Trezor Model T.

The attack requires just 15 minutes of physical access to the device. This is the first time that the detailed steps for a current attack against these devices has been disclosed.

Twitter Post: https://twitter.com/krakenfx/status/1223253508956266496
Source: https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets
Trezor response to the attack: https://blog.trezor.io/our-response-to-the-read-protection-downgrade-attack-28d23f8949c6

---

Btw I'm a ledger user and never had trezor HW yet.

Note: Don't ever let anyone have touch/physical access any of your hardware wallets. Keep it safe always.