Privater Schlüssel

Home Foren Trezor Wallet Privater Schlüssel

Ansicht von 7 Antwort-Themen
  • Autor
    Beiträge
    • 5. November 2022 um 00:44 Uhr #1334333
      root_s2yse8vt
      Administrator
      Up
      0
      Down
      ::

      Hallo zusammen,

      ich besitze seit ca. 1 Jahr einen Trezor, bin also bereits Kunde

      Ich weiß sehr wohl, dass Trezor sagt, dass es die privaten Schlüssel/24 Seed Phrase NICHT speichert

      Darf ich freundlich fragen, woher ich weiß, dass Trezor, das Unternehmen, keinen Zugang zu den privaten Schlüsseln hat, die auf dem Trezor selbst gespeichert sind?

      Ich kann einfach keine klare Antwort/keinen Beweis dafür finden. Könnten Sie mir das bitte veranschaulichen?

    • 5. November 2022 um 00:44 Uhr #1334334
      -johoe
      Gast
      Up
      0
      Down
      ::

      You would need to read the source code that is publicly available and check that the firmware you installed matches the source code. You can build the source code yourself and check that it is equal to the binary you can download. If you’re really paranoid, install your own firmware and use it to read out the bootloader and check that it also matches the publicly available source code.

      Next step would be to understand the source code to see where the seed is generated and what data is actually transferred between Trezor and PC. Then you would see that the seed is never transferred; just signatures are transferred between Trezor and PC. So the software running on the PC will never know the seed and therefore not be able to send it to SatoshiLabs.

      Maybe it is simpler to just run wireshark to listen to all USB traffic while you set up a seed. Then verify that the seed is never transferred out of the Trezor. Of course, it’s not a proof as the Trezor may be waiting for an opportune time when you are no longer running wireshark to spill it’s secret. Or it could hide the secret in other data (e.g. it is theoretically possible to hide the private key in a normal signature for a bitcoin transaction and it’s only detectable by checking whether the signature is RFC6979 compliant).

    • 5. November 2022 um 00:44 Uhr #1334335
      cuoyi77372222
      Gast
      Up
      0
      Down
      ::

      The trezor device does not have any functions capable of sending the seed phrase or private keys outside of the device at all. The source code has been reviewed by countless people, and has officially been reviewed by third party companies that you can see the names of on the trezor website.

    • 5. November 2022 um 00:44 Uhr #1334336
      pbrevis
      Gast
      Up
      0
      Down
      ::

      If you have security concerns, why not add passphrase?

    • 5. November 2022 um 00:44 Uhr #1334337
      matejcik
      Gast
      Up
      0
      Down
      ::

      Another way to look at it is this:

      1. Suppose there _is_ a way for Trezor Company to steal your seed.
      2. Trezor displays your seed for you to back up. This is actually the real seed, you can independently verify that by restoring into a Ledger or into some software wallet.
      3. So in order for Trezor Company to have it, they would somehow need to transfer it between the Trezor device and their servers.
      4. But if the seed leaves the Trezor, it could be intercepted by malware.
      5. That makes malware authors very interested in going through the source code and looking for this feature, in case it’s actually there.
      6. Malware authors are also notoriously bad at the long game. Even if Trezor Company was sitting on the seed waiting to cash out, malware operators certainly wouldn’t.
      7. So if there ever is a malware attacking Trezors, it won’t be a couple isolated cases. It will be a positive _deluge_ of angry people. There will be news articles.

      This is not a „proof“, it’s all circumstantial. But Trezor has been around for something like seven years now? And it’s quite popular. You’re certainly not the first one to come up with this idea. If there _is_ something that is stealing seeds, and nobody noticed so far, not even the kind of people who can **gain a lot of money** by noticing this kind of stuff… well that would be very weird, at the very least.

    • 5. November 2022 um 00:44 Uhr #1334338
      99999999999999999989
      Gast
      Up
      0
      Down
      ::

      So you want them to prove that they do not have someone’s private key.

      How would that happen exactly?

      Can you prove to me that you do not have my private key? How can I get a clear answer/proof of it?

      It is impossible to prove a negative.

      If you want to go through the source code and see that the Trezor Suite never know what your private key is, feel free to do so. It is open source.

    • 5. November 2022 um 00:44 Uhr #1334339
      rocasv
      Gast
      Up
      0
      Down
      ::

      The source code is Pubic, You can check the code yourself, many developers here at Reddit and many other forums have checked the code constantly. Since there must be a way to send they keys… well, its never been a „breach“ on the source code.

      I think the device itself and Trezor is a solid company, doing what they do. I have some things I dont like about Trezor, but as far as the security coming from them, Im 100% confortable with.

    • 5. November 2022 um 00:44 Uhr #1334340
      Superuzer
      Gast
      Up
      0
      Down
      ::

      Does the seed generate upon activation of device, or is seed like programmed in when device is manufactured?

  • Autor
    Beiträge
Ansicht von 7 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.