Home Foren Trezor Wallet Kann Trezor die Echtheit der Hardware mit seiner Software überprüfen? Antwort auf: Kann Trezor die Echtheit der Hardware mit seiner Software überprüfen?

#180299
matejcik
Gast
Up
0
Down

there's a (very geeky) way around this:

using the command-line `trezorctl` tool, you can both (a) see the entropy that is sent from your PC, and (b) tell Trezor to display the entropy it's using internally.

You can combine these two pieces of data in a script and generate a seed on your PC. Then you can verify that it's the same seed that Trezor gave you. If it is, and if it generates the right addresses (as verified with iancoleman website), then you're sure that the entropy sent from your PC is being used.

So even if the entropy from the built-in RNG was bad, the attacker doesn't know the PC part and so still can't get at your seed.

Do this process several times in a row to be sure, then wipe one last time and set up a new seed for real.

To answer the original question: there is no hardware authenticity check. Trezors are built from off-the-shelf parts, so “authentic hardware” means very little when anyone can throw together the same parts in the same way.

With regard to a subverted RNG in particular, a cleverly designed evil RNG basically can't be detected by any software check.