You don't actually need a secure element with the Trazor Model T. I would never trust a so-called secure element.
Use a high entropy pass phrase with the Trezor and your secure. Even if they hack your HW. They can't steal your Bitcoin. Back up and store your seed phrase and passphrase separately.
You're welcome..🤔🙂
So not possible to hack passphrase from a signing device?
That's correct. If it's a high entropy passphrase. My pass phrase is around 300 bits of entropy. Excluding the hard coded hashing function. Which makes the entropy even greater.
Trezor does not store the passphrase in the HW. So it can't be hacked. But If you lose the passphrase at 256-300 bits of entropy you're screwed..😐🙂
Good to know. Everyone should use a passphrase in my opinion. Back up your passphrase in separate location from seed. This would make it quite difficult to hack seed from a device then also gain access to passphrase in separate location.
300 bits of entropy for a passphrase is massive. That's equivalent to 28 bip39 words! And this is on top of the maximum of 256 bits provided by the seed phrase. That's a lot to type in.
Yea seems excessive
Here's where the magic happens. I use keepass, and let it create a high entropy passphrase for me. Then I let keepass type the passphrase in for me.
Everyone says don't inter your seed phrase online, and I agree. I only enter my passphrase online. And keepass has a number of settings to circumvent key loggers.
But let's face it. If by some miracle someone spoofed my passphrase. They still need my seed phrase. The likelihood of getting both is slimming and none, and slim has left the building..💻💎🧡🤠🗽
This is true with just about any HWW that allows you to add a BIP39 passphrase, but the challenge is that people tend to interpret the device’s access control mechanisms as infallible b/c they’re marketed that way, and then not use a passphrase. It’s a nuance of the traditional HWW security model that is a big problem.
Unpopular opinion: don’t store your backup seed phrase separately from your device. This creates a poor-man’s 1-of-2 multisig, where access to either gives you the coin.
If you want 1-of-2 multisig, then set up genuine 1-of-2 multisig with two different seeds on two different signing devices in two different locations.
I don't care if it's unpopular. It's correct, and the most secure way back up your Trezor Wallet. It has nothing to do with multisig. That's a separate issue..🤔
