What keeps trezor to keep the private key?

Iranus

hero member

Activity: 1792

Merit: 534

Leading Crypto Sports Betting & Casino Platform

Quote from: ranochigo on May 27, 2017, 03:16:51 AM

Nothing.

They can easily push an update to capture your private key and send it to your server. This requires you to manually accept it. The main thing that is keeping them from stealing it isn't it being opensourced. You cannot blindly trust them. You have to manually review and verify it yourself or there is still a risk. As long as you can verify the code, you are pretty much safe.

Actually you can pretty much blindly trust them (without personally checking the code). All you have to do is wait for a week or so after they release an update, then search TREZOR related threads and boards to find if anyone has decided the update is malicious or faulty. If you're not competent at reading through it yourself, there's no point trying too hard with little outcome.

fanita

full member

Activity: 230

Merit: 100

They always use verifiable software and hardware.
With this proving that they are using secure software.

ranochigo

legendary

Activity: 2982

Merit: 4193

Quote from: glub0x on May 27, 2017, 05:44:47 AM

ok interesting reading

how does an electrum wallet protect from anything?

Electrum wallet doesnt do anything except to get transaction information and to broadcast transaction. It doesn't help in your security, with that being the main point of hardware wallets to reduce dependent on a device that you use frequently.

It does have a nice and easily understandable UI though.

glub0x

legendary

Activity: 892

Merit: 1013

ok interesting reading

how does an electrum wallet protect from anything?

cryptoheadd

hero member

Activity: 1022

Merit: 501

Quote from: ranochigo on May 27, 2017, 03:16:51 AM

Nothing.

They can easily push an update to capture your private key and send it to your server. This requires you to manually accept it. The main thing that is keeping them from stealing it isn't it being opensourced. You cannot blindly trust them. You have to manually review and verify it yourself or there is still a risk. As long as you can verify the code, you are pretty much safe.

This pretty much explains it.
I'd recommend using Trezor with Electrum wallet. (That's what I do.)

ranochigo

legendary

Activity: 2982

Merit: 4193

Nothing.

They can easily push an update to capture your private key and send it to your server. This requires you to manually accept it. The main thing that is keeping them from stealing it isn't it being opensourced. You cannot blindly trust them. You have to manually review and verify it yourself or there is still a risk. As long as you can verify the code, you are pretty much safe.

ViceOfBTC21

sr. member

Activity: 438

Merit: 266

They use open-source software that can be verified and verifiable hardware. It's proven that they software and hardware is safe. They also embedded random RNG in Trezor.

glub0x

legendary

Activity: 892

Merit: 1013

So i am very happy with those trezor for everyday spending (no big stash).
Thanks to them i almost double my use of btc over the year. It is much more easy than my multiple small paper wallet.
But my father came up with a question i couldn't answer even though it looks obvious: " what guarantee me that they do not have my private key?"

Topic: What keeps trezor to keep the private key? (Read 1427 times)