Fragen eines Neulings
- Dieses Thema hat 4 Antworten und 1 Teilnehmer, und wurde zuletzt aktualisiert vor 1 Jahr, 8 Monaten von
.
-
Beiträge
-
-
1) Wenn ein Dieb meine Seed-Phrase UND meine Passphrase bräuchte, um auf versteckte Geldbörsen zuzugreifen, gibt es dann einen Grund, die Seed-Phrase nicht digital zu speichern?
2) Gibt es eine Aufforderung zur Eingabe einer PIN, wenn man versucht, Geld aus der Trezor-Geldbörse zu senden? Ich habe Geld in die Wallet eingezahlt, aber noch nicht versucht, es aus der Wallet zu senden.
-
>1) if a thief would need my seed phrase AND passphrase to access hidden wallet funds, is there any reason not to store the seed phrase digitally?
I mean, are you actively trying to make it _easier_ for the thief?
The seed phrase is supposed to be secure from malware. With Trezor One, for example, you’re entering your passphrase on your PC. The same malware that captures your passphrase will also see your seed phrase.
Even if you don’t enter passphrase in PC, now it’s just one thing a potential hacker needs to know, instead of two.
Security works in layers. One of the layers is “you would need to physically go into someone’s house and steal the seed backup”. By storing it digitally, you’re throwing away that layer of security. Why even bother with a hardware wallet then?
not to mention that the FIDO U2F functionality doesn’t use passphrase.
>2) Is there a prompt for a pin when you attempt to send money from your trezor wallet? I put money into the wallet but haven’t tried sending it out of the wallet yet.
Not per transaction. You need to enter PIN to unlock the Trezor. Then you can make as many transactions as you like, until you either manually lock the Trezor, wait 10 minutes, or unplug it.
-
Digitally? This is the quickest way to get your shit stolen ever..
You should never store anything related to seeds and passphrases digitally… where have you been? Why you think seed storage devices are an actual thing…
You know how many people think their shit is safe in some password manager.. then it gets hacked as thief had access to your computer via a screen viewer and next thing you know you have jack
-
This analogy that I prepared may help to better understand why both passphrase and the seeds are important
Imagine your coins are buried somewhere in the endless Great Sahara desert (=blockchain). GPS coordinates (seed words) are stored in the navigator of a Land Rover SUV (Trezor) hidden somewhere outside the desert. If a thief finds your SUV (don’t park it in a shady alley!) and if you leave the ignition key (Trezor PIN) on the vehicle (Don’t!) he can easily go to the GPS location of your coins which is stored in the vehicle. If you don’t remember where you parked your vehicle or if it’s burned in a forest fire (since you hide it in a big forest, right?), you can still go to the GPS location in the desert (seed words!) with “another vehicle”, given that you keep the coordinates in a safe place. (Dont take a photo of it! Be sure to have a non-digital, physical copy of it)
A very skilled thief can hot wire your SUV without a key too, using very expensive special tools, with expert level of experience and enough dedication (in case of Trezor). He can then go to GPS coordinates and unearth your coins which are located just below the surface. However, if we wish, we can have an additional security measure at this point. We can also define the “depth of the coins buried” by using a so called “passphrase”. By selecting a long enough “passphrase”, we can bury the coins at some defined depth (it can be a few hundred or few thousand kilometers below the surface!) and make it impossible for a thief to know how deep they are buried.
Just like the GPS coordinates (seed words), you should not lose this passphrase, otherwise you will not know how deep you buried your coins and will not be able to recover them either!
Do not accept anybody’s help “to drive” you to the coordinates, or accompany you during travel or during digging. Do not give the ignition key, passphrase, coordinates or your SUV to anybody else! Do not tell anybody that you have buried coins somewhere and you do not have an SUV either!
-
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.
