Author

Topic: Trezor Critical Bug in 2.0 (Dev Help Needed) (Read 642 times)

full member
Activity: 135
Merit: 107
Ok, so I ran a few tests by generating new wallets separately with Electrum 2.0 and 2.3, containing the ^ symbol in its password and the xPubs were the same.  Just to be thorough, I tried a password with ~, ` and _ in it and those xPubs came up different.  That made things easier for me.  My wallet has been recovered. Smiley
full member
Activity: 135
Merit: 107
I've been having difficulty retrieving a particular Trezor wallet with a complex password that may have been created on Electrum 2.0.  Looking over the
Can someone tell me how this manifested itself?  My password had the carat symbol ^ which is also a circumflex accent in UTF-8 (U+005E).  How did this modify my password?  If I don't have 2.0 running, how would I need to modify my password to get the same master key?

Electrum can't create a password for Trezor, it can only verify it.  The only way to add encryption to a Trezor is with the mytrezor.com plugin.  If you had created an Electrum wallet with your Trezor before encrypting it with mytrezor.com, then returning to Electrum will not work.  

The solution is to create a new Electrum wallet for your newly encrypted Trezor (with Electrum at the latest revision).  The wallet creation steps will first ask you for your Trezor PIN, then for your Trezor encryption passphrase, and finally Electrum will create a wallet, and you will have access to your coins already stored in your Trezor.

If you have forgotten your Trezor encryption passphrase, there is nothing mytrezor.com or Electrum can do for you - it will be impossible for you to access your coins (risk that you have acknowledged when you decided to encrypt your Trezor with the browser plugin).



You misunderstand.  This wallet was originally created in Electrum with a passphrase.  What I'm concerned about is that it may have been created without being normalized.
full member
Activity: 135
Merit: 107
If you created the password in version 2.0 just reinstall version 2.0 to recover your funds.

I did but was unable to retrieve my wallet. I want to make some passes with btcrecover but need to make sure I understand how 2.0 may have affected my password. Perhaps btcrecover doesn't normalize?
legendary
Activity: 1246
Merit: 1024
If you created the password in version 2.0 just reinstall version 2.0 to recover your funds.
full member
Activity: 135
Merit: 107
I've been having difficulty retrieving a particular Trezor wallet with a complex password that may have been created on Electrum 2.0.  Looking over the release notes, I saw this in the 2.0.1 release:

Quote
* Fix critical bug in Trezor address derivation: passphrases were not
   NFKD normalized. Trezor users who created a wallet protected by a
   passphrase containing utf-8 characters with diacritics are
   affected. These users will have to open their wallet with version
   2.0 and to move their funds to a new wallet.

Can someone tell me how this manifested itself?  My password had the carat symbol ^ which is also a circumflex accent in UTF-8 (U+005E).  How did this modify my password?  If I don't have 2.0 running, how would I need to modify my password to get the same master key?
Jump to: