AFA losing access to your trezor, it doesn't matter, if you lose access to any wallet move your coins immediately!
You seem to be suggesting that it does not matter if the Trezor has a secure element or not?
If you lose physical possession of your trezor, then the coins should be moved?
I always considered the standard wallet (the one without a passphrase) to be a canary in the coalmine, if it were to get jeopardized first.
You want to gamble with your coins?
I don't think that's a very bright idea.
I don't care what anyone says if you lose possession no matter how "protected" you think your seed is you would be playing with fire not to move them.
Many folks might not even know if they lost possession or not. They cannot find their Trezor, but they also cannot remember for sure where they last put their Trezor.
I know about a person in real life who had such a situation happen.
I am not exactly disagreeing with you, and by the way, we even had a forum member describe a situation of losing his Ledger (not that that piece of crap Ledger is exactly as good as Trezor), but I am suggesting that it might be difficult to know if your security has been breached, including making sure that your Trezor is in the place that you last left it. Also, I am saying that your level of panic may well be at different levels (on the margin) regarding if your Trezor has a secure element or not. Sure maybe the same result comes about in the end, yet the same result might not happen on the margin (or the threshold situations), so you can say for yourself whether you treat them exactly the same or not.
I have my doubts, and that was the purpose of my question to you in regards to whether you were suggesting to treat the secure element Trezor the same as the non-secure element Trezor, and since we are having a little chat, do you believe that having more complicated pin codes with the non-secure element Trezor is materially helpful in regards to some materially sophisticated hacker to be able to extract your Trezor's seed words after gaining physical access to it?
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
....
no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.
Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !
I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in
this Kraken Blog article. The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too.
Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.
haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself...
We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.
https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-walletsAgain, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.
If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says:
Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps? or prevents hack-ability, as you seem to want to proclaim.
