Satoshi Nakamoto Blog
Image default
Uncategorized

How To Secure Your Trezor Wallet With Passphrase


A group called wallet.fail gave a presentation on how to hack cryptocurrency hardware wallets at the 35th Chaos Communication Congress. While all attack vectors required physical access, worryingly, the group demonstrated scraping the seed and PIN from Trezor RAM. So is there any way to truly protect your lovely bitcoin ?

Lines Of Attack
The group found ways of hacking hardware wallets via four different methods; supply chain attack , firmware vulnerability, side-chain attack, and chip-level vulnerability. All techniques required access to the actual device, so if your wallet has never left your possession…then you could still be at risk from a supply chain attack.
Holographic security stickers apparently mean nothing, as they are easy to remove and replicate. But let’s assume your device is tamper-free.
Still Not Safe
The Ledger Blue outputs a slight RF signal when entering the PIN. Connect a USB cable and you have an antenna to transmit this across the room. You then become vulnerable to the $5 Wrench Attack.

Even worse news for Trezor users. An attacker getting hold of the device (e.g. with a $5 wrench) can scrape your seed and PIN from RAM, unless you activated passphrase protection.
Trezor Passphrase Protection
(Disclaimer: Trezor recommends using the passphrase for advanced users only)
If you forget the passphrase, the funds protected by it are lost forever.)
Each passphrase creates a new unique wallet, acting as a 25th seed word. It can be any sequence of up to 50 ASCII characters – which means both numbers and letters can be used.
You must manually enable passphrase in the Advanced settings of the Trezor Wallet browser interface after each recovery process. To access the original wallet (without passphrase protection), leave the passphrase space empty.
By keeping a spoof wallet with negligible funds, you can even protect against $5 wrenches. Don’t be tempted to disable PIN protection too though, as a passphrase could be susceptible to a keylogger attack. D’oh!
A full description of how to enable Passphrase Encryption is explained in this YoutTube video.

 
 
Do you use a passphrase? What other security best-practices do you recommend? Share below !

Images courtesy of  Randall Munroe xkcd.com . Used under the terms of the Creative Commons Attribution license, Shutterstock
The post Hardware Hacking: How To Secure Your Trezor Wallet With Passphrase appeared first on Bitcoinist.com .



Source link

Related posts

Top Google Education News, Tips, and Resources from #ISTE19

satoshi

How to Add a Website to Your Chromebook Shelf

satoshi

Trump says Mueller report proves ‘the Russia Hoax is dead!’

satoshi

Fox News’ Tucker Carlson Praises Alexandria Ocasio-Cortez, Bernie Sanders For Work On Loan Shark Prevention Act

satoshi

Donald Trump Makes Veiled Attack on John McCain at NRA Speech, Minutes After Joe Biden Comforts Meghan McCain

satoshi

Denis Mukwege, Nadia Murad Win 2018 Nobel Peace Prize For Efforts To End Sexual Violence

satoshi