Author

Topic: Trezor auto-wipe after incorrect PIN entries (Read 280 times)

hero member
Activity: 761
Merit: 606
December 02, 2017, 04:04:20 PM
#1
I run into threads all the time where there seems to be some confusion about how a Trezor auto-wipes itself to protect users.  There was a big "circus" going on before firmware 1.5.2 was released to improve the handling/concealment of critical information within the memory chip of the device.  That of course provided a MAJOR improvement in the device security but only for when someone had physical possession of your device.  What got lost in all that "noise" was another security improvement that was already be tested in the beta release 1.5.1, which was never public (only beta test members).  The feature is auto-wipe after an 18 hour string of attempts to break in.   I am going to paste in quotes directly from satoshi labs where this is highlighted:

-----

Storage wipe after 16 unsuccessful PIN attempts

The PIN entry in TREZOR is protected by an exponentially increasing delay after each unsuccessful attempt. With the new firmware, we have added another security measure. After 16 wrong attempts, the device will completely wipe its memory. While 16 might seem like a large number, with the exponentially increasing delay, it will take an attacker about 18 hours until he manages to try the PIN fifteen times.

------

I use an 8 or 9 digit PIN so I feel very comfortable that you can take your 16 attempts and will almost certainly never get lucky.  Also, you'll take 18 hours to conduct this experiment and IF you unplug or power down the Trezor the time starts all over again from where you are in the process.  In other words its time delay resume when you power up not start over.  i.e. if the device shows a 7 hour wait before entering a PIN and you unplug after 6 hours, you will start over at 7 when you plug back in!  The incorrect attempt is logged inside the chip and it cannot be reset except via the CORRECT PIN being entered (or a general device wipe).  I just wanted to help clear this up and avoid confusion or mis-quotes of what the Trezor device now does for protecting a lost device.
Jump to: