Opinion about Trezor One
Opinion about Trezor One (hardware)
Context
Trezor is probably the oldest provider of hardware wallets and the Trezor One is their oldest product and it’s still getting updates. If you’ve been to Bitcoin conferences, you probably ran into people from Trezor which certainly builds trust, too. They try to push what’s possible with openness with their Tropic Square which while long in the making still is being worked on. It will be a truly open “secure element” or SE in short - a tamper proof chip - to not rely on the closed and often flawed chips that others use under NDAs that forbid them to talk about the very security features they promise the world would keep keys safe.
With Trezor’s fundamental opposition to closed architecture in hardware wallets, the Trezor One does not use an SE which quickly became the biggest differentiating factor with their main competitor Ledger which did employ SEs in their products with the consequence of these products completely depending on closed source.
For a long time, Trezor recommended to use a BIP-39 passphrase with their products to achieve the same level of security as hardware wallets that have an SE but without being closed source like those.
Apparently they’ve been playing catch-up with Ledger for too long and just recently released their third generation product, the “Trezor Safe 3” which does indeed feature one of those pesky SEs. But … there is good and bad ways to use these SEs and many competitors figured out how to provide an open source product while still using a closed source SE in ways that the security does not depend on the closed source.
The Good
Trezor One is completely open source
It’s been almost always reproducible
The founders Pavol and Marek are OGs
They have pushed for Bitcoin’s open source culture far beyond their own products
They provide Bitcoin-only firmware which reduces the attack surface
With many clones using their software, there are many eyes on the code - and Trezor encourages this
The Bad
If your threat scenario is people with moderately expensive equipment and expertise extracting your keys from your device while at the same time not being able to use a strong passphrase, this product is not for you.
The device does not always show the fingerprint of the firmware one is updating it to. To my understanding it does not show it if you did not first tell it to not check the signature of the firmware first.
The Ugly
They still cater to altcoins. While their Twitter timeline avoids mentioning them, they do list thousands of tokens. It might be only ETH and ERC20 though, so maybe it’s not as bad as it sounds.
The use of a passphrase is opt-in, making it harder than necessary to have decoy wallets. Only if the use of a passphrase is activated will the device ask for one so the device will tell a hacker or bully if there is secondary accounts or not.
Summary
The Trezor One is a solid choice for a hardware wallet but probably due to the provider catering to millions of users and not only to hundreds of nerds like myself, some questionable decisions were taken that put them in a spot of being able to rug-pull those millions of users. Unless you update your firmware using trezorctl, the provider could give you a compromised firmware without any way for you to detect this while at the same time them knowing you can’t detect it. This is why my overall sentiment is negative but I still recommend this product for nerds that understand they have to use trezorctl.
#WalletScrutiny #nostrOpinion
Join the conversation!
Published at
2024-03-19 15:14:02Event JSON
{
"id": "4ba176cda018dc8459f1f039a4a189023ed2c841d4851eebb504741a423fc37a",
"pubkey": "46fcbe3065eaf1ae7811465924e48923363ff3f526bd6f73d7c184b16bd8ce4d",
"created_at": 1710861242,
"kind": 30023,
"tags": [
[
"d",
"hardware/trezorOne"
],
[
"sentiment",
"-1"
],
[
"summary",
"An opinion made about hardware/trezorOne generated using nostr-opinion-plugin."
],
[
"published_at",
"1710861247317"
],
[
"title",
"Opinion about Trezor One"
],
[
"image",
"https://walletscrutiny.com/images/social/hardware/trezorOne.png"
],
[
"t",
"WalletScrutiny"
],
[
"t",
"nostrOpinion"
]
],
"content": "Opinion about Trezor One (hardware)\n\u003c!--HEADER END--\u003e\n# Context\n\nTrezor is probably the oldest provider of hardware wallets and the **Trezor One** is their oldest product and it's still getting updates. If you've been to Bitcoin conferences, you probably ran into people from Trezor which certainly builds trust, too. They try to push what's possible with openness with their [Tropic Square](https://tropicsquare.com/) which while long in the making still is being worked on. It will be a truly open \"secure element\" or SE in short - a tamper proof chip - to not rely on the closed and often flawed chips that others use under NDAs that forbid them to talk about the very security features they promise the world would keep keys safe.\n\nWith Trezor's fundamental opposition to closed architecture in hardware wallets, the **Trezor One** does not use an SE which quickly became the biggest differentiating factor with their main competitor Ledger which did employ SEs in their products with the consequence of these products completely depending on closed source.\n\nFor a long time, Trezor recommended to use a [BIP-39 passphrase](https://trezor.io/learn/a/what-is-bip39) with their products to achieve the same level of security as hardware wallets that have an SE but without being closed source like those.\n\nApparently they've been playing catch-up with Ledger for too long and just recently released their third generation product, the \"Trezor Safe 3\" which does indeed feature one of those pesky SEs. But ... there is good and bad ways to use these SEs and many competitors figured out how to provide an open source product while still using a closed source SE in ways that the security does not depend on the closed source.\n\n# The Good\n* **Trezor One** is completely open source\n* It's been almost always reproducible\n* The founders Pavol and Marek are OGs\n* They have pushed for Bitcoin's open source culture far beyond their own products\n* They provide Bitcoin-only firmware which reduces the attack surface\n* With many clones using their software, there are many eyes on the code - and Trezor encourages this\n# The Bad\n* If your threat scenario is people with moderately expensive equipment and expertise extracting your keys from your device while at the same time not being able to use a **strong passphrase**, this product is not for you.\n* The device does not always show the fingerprint of the firmware one is updating it to. To my understanding it does **not** show it if you did not first tell it to **not** check the signature of the firmware first.\n# The Ugly\n* They still cater to altcoins. While their Twitter timeline avoids mentioning them, they do list thousands of tokens. It might be only ETH and ERC20 though, so maybe it's not as bad as it sounds.\n* The use of a **passphrase** is opt-in, making it harder than necessary to have decoy wallets. Only if the use of a passphrase is activated will the device ask for one so the device will tell a hacker or bully if there is secondary accounts or not.\n# Summary\nThe **Trezor One** is a solid choice for a hardware wallet but probably due to the provider catering to millions of users and not only to hundreds of nerds like myself, some questionable decisions were taken that put them in a spot of being able to rug-pull those millions of users. Unless you update your firmware using `trezorctl`, the provider could give you a compromised firmware without any way for you to detect this while at the same time them knowing you can't detect it. This is why my overall sentiment is **negative** but I still recommend this product for nerds that understand they have to use `trezorctl`.\n\u003c!--FOOTER START--\u003e\n\n\n\n#WalletScrutiny #nostrOpinion \n\n[Join the conversation!](https://walletscrutiny.com//hardware/trezorOne/)",
"sig": "7fd7f4ce585b477465e3d330a8b40d93b4d1116cc44356fcee45781dba9d7959f2cde46a01c560bcb8977cd7d50e10648a13fc1476994deb5a11cdb2df8630ed"
}
