Home Foren Trezor Wallet Warum muss die Passphrase bestätigt werden?

Ansicht von 3 Antwort-Themen
  • Autor
    Beiträge
    • 24. Juni 2023 um 06:41 Uhr #2534786
      root_s2yse8vt
      Administrator
      Up
      0
      Down
      ::

      Wenn ich eine Transaktion über die Metamaske durchführe, muss ich die Passphrase zweimal eingeben:

      https://preview.redd.it/33jx6028802b1.png?width=357&format=png&auto=webp&v=enabled&s=16c756f84b3b982364351c5273e64231913686c3

      Und dann muss ich die Passphrase auf dem Gerät bestätigen.

      Wozu all diese Schritte, um sicherzustellen, dass Sie die Passphrase richtig eingegeben haben? Wenn Sie die Passphrase falsch eingeben, erhalten Sie nur eine leere Wallet und können Ihre Transaktion nicht durchführen, richtig? Oder habe ich etwas übersehen? Es scheint ein schnellerer Prozess zu sein.

    • 24. Juni 2023 um 06:41 Uhr #2534788
      matejcik
      Gast
      Up
      0
      Down
      ::

      There’s some subtleties to it but you are basically right.

      > And then I have to confirm the passphrase on the device.

      This is actually protection against malware. Consider a virus that does the following:

      1. you enter `HELLO WORLD` as your passphrase
      2. malware changes it to `xvWa4Yb8pGh4`
      3. this happens every time you open your wallet
      4. one day, when your crypto stash is big enough, malware stops doing it and shows a pop-up:
      “Hey, u/randombits_dev, turns out `HELLO WORLD` is not your passphrase! I know the right one, but I’m not telling you … unless you pay me 0.1 BTC. How about that, huh? Here’s the address.”

      For this reason, you _must_ check the passphrase on screen and confirm that it’s what you think it is. This step cannot be safely skipped, unless you have a Trezor T and enter the passphrase on device. (and in that case it’s not there, i think)

      So that leaves the “Confirm Passphrase” in the pop-up. I _think_ this is because the popup doesn’t know if you’re opening a “new” never used wallet, or a wallet that has some funds on it already? But yeah, given that Trezor is showing you the passphrase anyway, perhaps it would be possible to skip. I’m not sure what happens when you enter something and then click “cancel” on Trezor when seeing the passphrase. Maybe it would be difficult for the pop-up to go back to passphrase entry or something?

    • 24. Juni 2023 um 06:41 Uhr #2534789
      BahadirM
      Gast
      Up
      0
      Down
      ::

      I suppose you use a Trezor One? Not sure how that one works exactly, but on Trezor Model T, if you enter a passphrase for an empty wallet, it will make sure you typed the passphrase correctly. Because if you mistyped a single character, send money to your wallet and you don’t know which letter was wrong, that money is gone.

    • 24. Juni 2023 um 06:41 Uhr #2534790
      random_user7980
      Gast
      Up
      0
      Down
      ::

      Because the wallet wants you to unlock your hidden wallet, to be able to sign tx.

  • Autor
    Beiträge
Ansicht von 3 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.