Explanation
Chartbuddy thanks talkimg.com
Topic: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion - page 1718. (Read 26716490 times)
September 08, 2023, 06:01:19 AM
September 08, 2023, 05:50:12 AM
Maybe, I have finally cracked the #Bitcoin code.
The November 28th Cycles Theory has held the key.
Using 4-year time cycles against my Theory, produces Bitcoins exact behavior in time since its inception.
Cycles are centered around the date of the first halving Nov 28th.
Bitcoin price action began at the first bottom October 8th, 2010. This is where cycle curves peak, every 4 years.
Tops and bottoms come +/- 21 days from Nov 28th at their appropriate times on the curve. Tops on the upswing, bottoms on the pinnacle.
After Bitcoin bottoms, price makes an early first cycle move (orange) and enters into a mid-cycle lull.
This is the longest part of the cycle, where Bitcoin spends time around the median price (half of previous ATH), until the curve bottoms.
The bottom of the curve launches the majority of the bull run (blue circle).
The thought that everyone is expecting 4-year cycles allows them to continue right on track. Things like price and exact timing maintain surprise.
These times cycles continue to hold true to this day. We have now almost certainly put in the early top (4) and are entering the mid-cycle lull.
These take place in June in the year following the bottom. The second cycle did this in 2 years after, in June 2016.
The bull run will launch on Nov 28th, 2024.
The next top will be +/- 21 days from Nov 28th, 2025.
The next bottom will be +/- 21 days from Nov 28th, 2026.
The next mid-cycle lull: June 2027.
https://twitter.com/CryptoCon_/status/1699797267895775624
The November 28th Cycles Theory has held the key.
Using 4-year time cycles against my Theory, produces Bitcoins exact behavior in time since its inception.
Cycles are centered around the date of the first halving Nov 28th.
Bitcoin price action began at the first bottom October 8th, 2010. This is where cycle curves peak, every 4 years.
Tops and bottoms come +/- 21 days from Nov 28th at their appropriate times on the curve. Tops on the upswing, bottoms on the pinnacle.
After Bitcoin bottoms, price makes an early first cycle move (orange) and enters into a mid-cycle lull.
This is the longest part of the cycle, where Bitcoin spends time around the median price (half of previous ATH), until the curve bottoms.
The bottom of the curve launches the majority of the bull run (blue circle).
The thought that everyone is expecting 4-year cycles allows them to continue right on track. Things like price and exact timing maintain surprise.
These times cycles continue to hold true to this day. We have now almost certainly put in the early top (4) and are entering the mid-cycle lull.
These take place in June in the year following the bottom. The second cycle did this in 2 years after, in June 2016.
The bull run will launch on Nov 28th, 2024.
The next top will be +/- 21 days from Nov 28th, 2025.
The next bottom will be +/- 21 days from Nov 28th, 2026.
The next mid-cycle lull: June 2027.
https://twitter.com/CryptoCon_/status/1699797267895775624
September 08, 2023, 05:32:50 AM
Many thanks [to Gachapin] (and to Lucius) for this information, I stand corrected! I remember I read this article a while back, but thought it was something that could be patched with a f/w update. According to the article, it isn't patchable, at least in the h/w versions affected, and I'm not sure whether or not it has been resolved in current versions. The vulnerability is in the STM32 chip they're using, so they need to change the chip, which isn't easy.
Taking this into account, one should definitely use a very strong passphrase (a.k.a. 25-th word) as well as a strong PIN. That's the way I've set up mine. This should give us enough time to take measures against theft.
Taking this into account, one should definitely use a very strong passphrase (a.k.a. 25-th word) as well as a strong PIN. That's the way I've set up mine. This should give us enough time to take measures against theft.
since that vulnerability i just erase my trezor ones after use.
so like this
take blank trezor
enter seed via trezor (ie on the trezor not the computer kb)
send tx or whatever
erase trezor
repeat
sorta a pain but if you lose the trezor its not a big deal.
September 08, 2023, 05:26:58 AM
~snip~
A 128 bits PIN should do the trick as well, as it is used to encrypt the seed on the chip.
(Please let me know if you think I'm wrong)
A 128 bits PIN should do the trick as well, as it is used to encrypt the seed on the chip.
(Please let me know if you think I'm wrong)
You are definitely right, considering that I am not a user of Trezor, I was not even aware that in 2021 they increased the maximum PIN length to even 50 digits, and they say that 39 digits is quite enough to protect the seed from hacking. It's actually a good thing for those who for some reason don't want to use a passphrase or maybe don't even know such an option exists - although it's an option they always recommend to advanced users.
We have a lot of cases where users wonder why they don't see anything on their balance even though they have the correct seed, and then it turns out that they actually added an extra password without which the seed creates a completely new set of addresses.
It might be a bit impractical to enter a PIN that's 39+ digits long, but for the average user it's probably easier than setting a passphrase.
September 08, 2023, 05:18:07 AM
I see you suckers are still here hoping for a miracle. It’s been a while now and the price still gets rejected at 30k or just a little over. I wonder when the big flush to 10k will come? I suggest you all dump your bitcorns because things are going to get a lot worse. Buy silver, it’s far superior, precious metals will make a big comeback in the coming years. Bitcoin will never see another all time high, it was fun while it lasted. Sell everything or lose everything. I’m trying to help you all and warn you. I don’t like seeing people end up broke. Please take heed, you are running out of time to sell in the $20,000’s.
Billy’s back in tha crib bitches.
weeee
weeee
September 08, 2023, 05:01:19 AM
September 08, 2023, 04:53:56 AM
[edited out]
I am really sorry if you are feeling I am not real person and create some confusion here because I am not here for anything wrong just for information, and you already provide good links which I will read and try to understand because few things are very important before jumping into any field but still I am really thankful for your kind information and other details. Just last thing which is a better way to keep my bitcoin safe because I check mostly exchanges needs personal information and I have no problem to provide them this all but is this safe to keep bitcoin on these exchanges or any other way is better, thanks.
I am not opposed to holding some value on exchanges (or with third parties. In some cases it might be practical while you are learning how to be your own bank), maybe up to a few thousand dollars, and surely for each person the threshold will be different in terms of at what point you are going to want to bring some (or all) of that value off of the exchanges.. and surely you should want to try to learn about some private ways to hold your coins.. so it gives you options to have your coins in private wallets in which no one can stop you from being able to spend them and other potential powers that you might have from having your own keys that may or may not be readily apparent or even something that everyone seeks for themselves, but on the other hand, there is always a threat of either rug pull or various kinds of locking up of your funds when 3rd parties hold your keys.
There are likely several different ways to hold your bitcoin, and Trezor is pretty good.. either the Trezor one (which is cheaper) or the more expensive Trezor Model T and you want to make sure you get it from an authorized source (or authorized reseller) and with trezor it seems better to use the extra word too and also maybe to have some decoy value that you keep on the regular section that does not have the extra word... and of course, it is up to you how you might organize the various accounts on the trezor and get used to it...
Passport and Coldcard are likely good too. but a bit more sophisticated as compared with the Trezor, and there are other members who like Electrum, Spectrum and Sparrow, but I have not really used them... and there are other wallets and forum threads on the topic, and there are some members who like paper wallets, but I am not really accustomed to them, either...
You can also use Bluewallet, but I am a bit weary of keeping too much value on your phone... and maybe Phoenix and Breez are good lightning network wallets, and maybe guys have other recommendations, and there are forum threads on a lot of these topics that could get in depth and just require you to figure out what kinds of tradeoffs that you might be wanting to make to ensure that you have your coins privately and that they are sufficiently safe from getting taken including being careful not to create systems that are so complicated that you end up locking yourself out of your own coins, since there are responsibilities in being your own bank that can sometimes not be exactly straight-forward in terms of learning or even realizing if you might be putting your coins in jeopardy.
Trezor is excellent. I can vouch for Model One (the original). T can maybe do more
...
afaik, for the Trezor to be absolutely safe in case of theft you would want a 128 bits entropy passphrase.
Alternatively you can use a PIN with 39 digits (Model T). Note: it will be more than 39 digits for the small Trezor as its PIN numbers include only numerals from 1-9 and not 0-9 like the Model T.
PSA: Trezor doesn't have the oft-mentioned seed extraction vulnerability. Use a strong PIN.
https://www.reddit.com/r/Bitcoin/comments/sdx4r6/psa_trezor_doesnt_have_the_oftmentioned_seed/
A nice table for entropy requirements:
The purpose of the Trezor PIN is to delay the thief and give you enough time to restore the seed to another device and transfer your coins to another wallet. A simple 8-digit PIN is more than adequate for this purpose. Even a 4-digit PIN will likely delay a thief for sufficient time, considering that a Trezor delays retries by a time window that increases by a factor of a power of 2 after each failed attempt.
...
I'm afraid, your explanation is outdated and gives a false sense of security.
The delay you mention won't really work anymore, since said Trezor's vulnerability was detected.
A thief with standard equipment can extract the encrypted seed from the Trezor's chip within minutes and can decrypt it with the usual brute force.
So with your 8 digits PIN your seed can be known within 15 minutes. Good luck detecting the theft and moving your funds before the thief starts that process.
So with Trezor please use a proper 128 bits PIN. If you don't, you should have a proper 128 bits passphrase.
Edit
just recognized Lucius beat me to it:
https://bitcointalk.org/index.php?topic=178336.650480
Many thanks (and to Lucius) for this information, I stand corrected! I remember I read this article a while back, but thought it was something that could be patched with a f/w update. According to the article, it isn't patchable, at least in the h/w versions affected, and I'm not sure whether or not it has been resolved in current versions. The vulnerability is in the STM32 chip they're using, so they need to change the chip, which isn't easy.
Taking this into account, one should definitely use a very strong passphrase (a.k.a. 25-th word) as well as a strong PIN. That's the way I've set up mine. This should give us enough time to take measures against theft.
In any case, a h/w wallet beats an unsecured paper wallet hands down, since a paper wallet is essentially an open wallet, ready to be snatched by anyone who finds it -- no brute force or hacking required.
Edit: I have already updated my original post with this information, and links to your posts, so that readers are aware of it.
afaik, the "problem" is that you have to decide between the use of a closed source secure element or an open source chip whose data can be extracted. I prefer the open source version, because you can counter the seed extraction with a strong PIN or a passphrase encryption.
Also I don't wanna trust secure element manufacturers.
There are some wallets that try to keep it open source while using secure elements like Bitbox, or wallets like Jade that use an outsourced blind oracle to add to PIN protection.
However even if 128 bits is the most secure, lower securities make it already expensive enough to brute force a passphrase or a PIN.
If an attacker needs to pay 10k$ to crack a wallet he must be very sure that it's worth it. So not bragging about your holdings is another easy security layer.
@AlcoHoDL, Trezor vulnerability is something that has been known for years, there was a lot of discussion about it in the technical discussion boards, but luckily every user can protect himself by setting a passphrase, and there is also another option, which is the use of an SD card.
When it comes to passphrase, the conclusion is that they should be at least 37 characters long :
For those who are interested in how to protect themselves additionally with the help of an SD card :
Trezor T (2.3.0) and Trezor One (1.9.0) firmware update
Also, one thing I forgot is that it is possible to set a so-called fake PIN that can be left as a bait, and if it is entered, all data from the hardware wallet will be deleted.
When it comes to passphrase, the conclusion is that they should be at least 37 characters long :
A physical access to a Trezor One, Trezor T, Keepkey, or B-wallet allows an attacker to extract the 12/24-words within a few minutes using a low-cost setup (~100$), with a very high reproducibility (we had 100% success). We finally proved it can be fully automated allowing anyone to use it in case someone would sell the Extraktor box (similar to old Playstation hacks). This attack can not be fixed. The only mitigation is to use a strong passphrase: we recommend 37 random characters to maintain the same level of security.
For those who are interested in how to protect themselves additionally with the help of an SD card :
Trezor T (2.3.0) and Trezor One (1.9.0) firmware update
Also, one thing I forgot is that it is possible to set a so-called fake PIN that can be left as a bait, and if it is entered, all data from the hardware wallet will be deleted.
Quote from: https://blog.trezor.io/increase-your-security-with-the-latest-trezor-updates-6ed984fb5c18
The Wipe Code
Another exciting new feature is the wipe code that acts as a “self-destruct PIN” that erases your Trezor if someone tries to unlock your device without your consent. If the wipe code is entered into any PIN entry dialog, then all private data will be immediately erased from your Trezor and the device will be reset to factory defaults. You can write the wipe code somewhere near your Trezor as a decoy PIN, so if someone tries to unlock the device without your consent, they will cause it to erase itself. You can also use the wipe code to reset your Trezor without using a host device. This update can be enabled on both Trezor models.
Another exciting new feature is the wipe code that acts as a “self-destruct PIN” that erases your Trezor if someone tries to unlock your device without your consent. If the wipe code is entered into any PIN entry dialog, then all private data will be immediately erased from your Trezor and the device will be reset to factory defaults. You can write the wipe code somewhere near your Trezor as a decoy PIN, so if someone tries to unlock the device without your consent, they will cause it to erase itself. You can also use the wipe code to reset your Trezor without using a host device. This update can be enabled on both Trezor models.
A 128 bits PIN should do the trick as well, as it is used to encrypt the seed on the chip.
(Please let me know if you think I'm wrong)
September 08, 2023, 04:40:06 AM
@AlcoHoDL, Trezor vulnerability is something that has been known for years, there was a lot of discussion about it in the technical discussion boards, but luckily every user can protect himself by setting a passphrase, and there is also another option, which is the use of an SD card.
When it comes to passphrase, the conclusion is that they should be at least 37 characters long :
For those who are interested in how to protect themselves additionally with the help of an SD card :
Trezor T (2.3.0) and Trezor One (1.9.0) firmware update
Also, one thing I forgot is that it is possible to set a so-called fake PIN that can be left as a bait, and if it is entered, all data from the hardware wallet will be deleted.
When it comes to passphrase, the conclusion is that they should be at least 37 characters long :
A physical access to a Trezor One, Trezor T, Keepkey, or B-wallet allows an attacker to extract the 12/24-words within a few minutes using a low-cost setup (~100$), with a very high reproducibility (we had 100% success). We finally proved it can be fully automated allowing anyone to use it in case someone would sell the Extraktor box (similar to old Playstation hacks). This attack can not be fixed. The only mitigation is to use a strong passphrase: we recommend 37 random characters to maintain the same level of security.
For those who are interested in how to protect themselves additionally with the help of an SD card :
Trezor T (2.3.0) and Trezor One (1.9.0) firmware update
Also, one thing I forgot is that it is possible to set a so-called fake PIN that can be left as a bait, and if it is entered, all data from the hardware wallet will be deleted.
Quote from: https://blog.trezor.io/increase-your-security-with-the-latest-trezor-updates-6ed984fb5c18
The Wipe Code
Another exciting new feature is the wipe code that acts as a “self-destruct PIN” that erases your Trezor if someone tries to unlock your device without your consent. If the wipe code is entered into any PIN entry dialog, then all private data will be immediately erased from your Trezor and the device will be reset to factory defaults. You can write the wipe code somewhere near your Trezor as a decoy PIN, so if someone tries to unlock the device without your consent, they will cause it to erase itself. You can also use the wipe code to reset your Trezor without using a host device. This update can be enabled on both Trezor models.
Another exciting new feature is the wipe code that acts as a “self-destruct PIN” that erases your Trezor if someone tries to unlock your device without your consent. If the wipe code is entered into any PIN entry dialog, then all private data will be immediately erased from your Trezor and the device will be reset to factory defaults. You can write the wipe code somewhere near your Trezor as a decoy PIN, so if someone tries to unlock the device without your consent, they will cause it to erase itself. You can also use the wipe code to reset your Trezor without using a host device. This update can be enabled on both Trezor models.
September 08, 2023, 04:01:22 AM
September 08, 2023, 03:01:18 AM
September 08, 2023, 02:01:18 AM
September 08, 2023, 01:01:22 AM
September 08, 2023, 12:52:45 AM
September 08, 2023, 12:13:25 AM
[edited out]
I am really sorry if you are feeling I am not real person and create some confusion here because I am not here for anything wrong just for information, and you already provide good links which I will read and try to understand because few things are very important before jumping into any field but still I am really thankful for your kind information and other details. Just last thing which is a better way to keep my bitcoin safe because I check mostly exchanges needs personal information and I have no problem to provide them this all but is this safe to keep bitcoin on these exchanges or any other way is better, thanks.
I am not opposed to holding some value on exchanges (or with third parties. In some cases it might be practical while you are learning how to be your own bank), maybe up to a few thousand dollars, and surely for each person the threshold will be different in terms of at what point you are going to want to bring some (or all) of that value off of the exchanges.. and surely you should want to try to learn about some private ways to hold your coins.. so it gives you options to have your coins in private wallets in which no one can stop you from being able to spend them and other potential powers that you might have from having your own keys that may or may not be readily apparent or even something that everyone seeks for themselves, but on the other hand, there is always a threat of either rug pull or various kinds of locking up of your funds when 3rd parties hold your keys.
There are likely several different ways to hold your bitcoin, and Trezor is pretty good.. either the Trezor one (which is cheaper) or the more expensive Trezor Model T and you want to make sure you get it from an authorized source (or authorized reseller) and with trezor it seems better to use the extra word too and also maybe to have some decoy value that you keep on the regular section that does not have the extra word... and of course, it is up to you how you might organize the various accounts on the trezor and get used to it...
Passport and Coldcard are likely good too. but a bit more sophisticated as compared with the Trezor, and there are other members who like Electrum, Spectrum and Sparrow, but I have not really used them... and there are other wallets and forum threads on the topic, and there are some members who like paper wallets, but I am not really accustomed to them, either...
You can also use Bluewallet, but I am a bit weary of keeping too much value on your phone... and maybe Phoenix and Breez are good lightning network wallets, and maybe guys have other recommendations, and there are forum threads on a lot of these topics that could get in depth and just require you to figure out what kinds of tradeoffs that you might be wanting to make to ensure that you have your coins privately and that they are sufficiently safe from getting taken including being careful not to create systems that are so complicated that you end up locking yourself out of your own coins, since there are responsibilities in being your own bank that can sometimes not be exactly straight-forward in terms of learning or even realizing if you might be putting your coins in jeopardy.
Trezor is excellent. I can vouch for Model One (the original). T can maybe do more
...
afaik, for the Trezor to be absolutely safe in case of theft you would want a 128 bits entropy passphrase.
Alternatively you can use a PIN with 39 digits (Model T). Note: it will be more than 39 digits for the small Trezor as its PIN numbers include only numerals from 1-9 and not 0-9 like the Model T.
PSA: Trezor doesn't have the oft-mentioned seed extraction vulnerability. Use a strong PIN.
https://www.reddit.com/r/Bitcoin/comments/sdx4r6/psa_trezor_doesnt_have_the_oftmentioned_seed/
A nice table for entropy requirements:
The purpose of the Trezor PIN is to delay the thief and give you enough time to restore the seed to another device and transfer your coins to another wallet. A simple 8-digit PIN is more than adequate for this purpose. Even a 4-digit PIN will likely delay a thief for sufficient time, considering that a Trezor delays retries by a time window that increases by a factor of a power of 2 after each failed attempt.
...
I'm afraid, your explanation is outdated and gives a false sense of security.
The delay you mention won't really work anymore, since said Trezor's vulnerability was detected.
A thief with standard equipment can extract the encrypted seed from the Trezor's chip within minutes and can decrypt it with the usual brute force.
So with your 8 digits PIN your seed can be known within 15 minutes. Good luck detecting the theft and moving your funds before the thief starts that process.
So with Trezor please use a proper 128 bits PIN. If you don't, you should have a proper 128 bits passphrase.
Edit
just recognized Lucius beat me to it:
https://bitcointalk.org/index.php?topic=178336.650480
Many thanks (and to Lucius) for this information, I stand corrected! I remember I read this article a while back, but thought it was something that could be patched with a f/w update. According to the article, it isn't patchable, at least in the h/w versions affected, and I'm not sure whether or not it has been resolved in current versions. The vulnerability is in the STM32 chip they're using, so they need to change the chip, which isn't easy.
Taking this into account, one should definitely use a very strong passphrase (a.k.a. 25-th word) as well as a strong PIN. That's the way I've set up mine. This should give us enough time to take measures against theft.
In any case, a h/w wallet beats an unsecured paper wallet hands down, since a paper wallet is essentially an open wallet, ready to be snatched by anyone who finds it -- no brute force or hacking required.
Edit: I have already updated my original post with this information, and links to your posts, so that readers are aware of it.
September 08, 2023, 12:01:18 AM
September 07, 2023, 11:51:05 PM
.....
I must be in the wrong thread... like a lost little puppy..
and having the questions:
What is crypto? Does it somehow relate to this here topic?
I must be in the wrong thread... like a lost little puppy..
and having the questions:
What is crypto? Does it somehow relate to this here topic?
FTFY
September 07, 2023, 11:32:42 PM
Does anyone here have funds held on Binance? If so, I would like to tell you that you do not. If you are able to get funds off Binance, do it. I’ve been urging people to distance from Binance ever since it was clear FTX failed using the Binance roadmap. Maybe Binance will survive, but having funds on that exchange right now is playing with fire.
Not just Binance, withdraw from any exchange asking for KYC.There are decent non-KYC options available for quick trades, anything else just keep on your own wallets.
Wallet management should be a #1 topic when entering crypto. Too many people have no idea who they give their coins to.
I must be in the wrong thread... like a lost little puppy..
and having the questions:
What is crypto? Does it somehow relate to this here topic?
September 07, 2023, 11:14:19 PM
Wallet management should be a #1 topic when entering crypto. Too many people have no idea who they give their coins to.
I strongly recommend avoiding wallets. I keep all my coins in cold storage addresses.
I only use a wallet (Mycelium or Coinami)to facilitate transfers. I never leave anything in a wallet for longer than it takes for the transactions to be confirmed by the network.
I absolutely never allow my coins to be in anyone else's possession... no online exchanges, etc. When I buy or receive coins, it's always straight into cold storage addresses I created on an internet incapable computer and printer. When I sell, it's face-to-face for cash on the spot.
may I ask where you get the entropy for your seed/private key from? Do you use dices ?
September 07, 2023, 11:01:19 PM
September 07, 2023, 11:00:43 PM
[edited out]
I am really sorry if you are feeling I am not real person and create some confusion here because I am not here for anything wrong just for information, and you already provide good links which I will read and try to understand because few things are very important before jumping into any field but still I am really thankful for your kind information and other details. Just last thing which is a better way to keep my bitcoin safe because I check mostly exchanges needs personal information and I have no problem to provide them this all but is this safe to keep bitcoin on these exchanges or any other way is better, thanks.
I am not opposed to holding some value on exchanges (or with third parties. In some cases it might be practical while you are learning how to be your own bank), maybe up to a few thousand dollars, and surely for each person the threshold will be different in terms of at what point you are going to want to bring some (or all) of that value off of the exchanges.. and surely you should want to try to learn about some private ways to hold your coins.. so it gives you options to have your coins in private wallets in which no one can stop you from being able to spend them and other potential powers that you might have from having your own keys that may or may not be readily apparent or even something that everyone seeks for themselves, but on the other hand, there is always a threat of either rug pull or various kinds of locking up of your funds when 3rd parties hold your keys.
There are likely several different ways to hold your bitcoin, and Trezor is pretty good.. either the Trezor one (which is cheaper) or the more expensive Trezor Model T and you want to make sure you get it from an authorized source (or authorized reseller) and with trezor it seems better to use the extra word too and also maybe to have some decoy value that you keep on the regular section that does not have the extra word... and of course, it is up to you how you might organize the various accounts on the trezor and get used to it...
Passport and Coldcard are likely good too. but a bit more sophisticated as compared with the Trezor, and there are other members who like Electrum, Spectrum and Sparrow, but I have not really used them... and there are other wallets and forum threads on the topic, and there are some members who like paper wallets, but I am not really accustomed to them, either...
You can also use Bluewallet, but I am a bit weary of keeping too much value on your phone... and maybe Phoenix and Breez are good lightning network wallets, and maybe guys have other recommendations, and there are forum threads on a lot of these topics that could get in depth and just require you to figure out what kinds of tradeoffs that you might be wanting to make to ensure that you have your coins privately and that they are sufficiently safe from getting taken including being careful not to create systems that are so complicated that you end up locking yourself out of your own coins, since there are responsibilities in being your own bank that can sometimes not be exactly straight-forward in terms of learning or even realizing if you might be putting your coins in jeopardy.
Trezor is excellent. I can vouch for Model One (the original). T can maybe do more
...
afaik, for the Trezor to be absolutely safe in case of theft you would want a 128 bits entropy passphrase.
Alternatively you can use a PIN with 39 digits (Model T). Note: it will be more than 39 digits for the small Trezor as its PIN numbers include only numerals from 1-9 and not 0-9 like the Model T.
PSA: Trezor doesn't have the oft-mentioned seed extraction vulnerability. Use a strong PIN.
https://www.reddit.com/r/Bitcoin/comments/sdx4r6/psa_trezor_doesnt_have_the_oftmentioned_seed/
A nice table for entropy requirements:
The purpose of the Trezor PIN is to delay the thief and give you enough time to restore the seed to another device and transfer your coins to another wallet. A simple 8-digit PIN is more than adequate for this purpose. Even a 4-digit PIN will likely delay a thief for sufficient time, considering that a Trezor delays retries by a time window that increases by a factor of a power of 2 after each failed attempt.
...
I'm afraid, your explanation is outdated and gives a false sense of security.
The delay you mention won't really work anymore, since said Trezor's vulnerability was detected.
A thief with standard equipment can extract the encrypted seed from the Trezor's chip within minutes and can decrypt it with the usual brute force.
So with your 8 digits PIN your seed can be known within 15 minutes. Good luck detecting the theft and moving your funds before the thief starts that process.
So with Trezor please use a proper 128 bits PIN. If you don't, you should have a proper 128 bits passphrase.
Edit
just recognized Lucius beat me to it:
https://bitcointalk.org/index.php?topic=178336.650480
Jump to: