Wie wird der Trezor mit Luft versorgt?
- Dieses Thema hat 4 Antworten und 1 Teilnehmer, und wurde zuletzt aktualisiert vor 11 Monaten von
.
-
Beiträge
-
-
Vielleicht kann mir jemand, der den Code gelesen hat, sagen, wie genau der Trezor airgapped ist. Ich weiß, dass die Seed-Phrase das Gerät nie verlässt, aber welche Sicherheitsmaßnahmen sind implementiert, um das zu gewährleisten?
Der Speicherplatz, in dem die Seed-Phrase gespeichert ist, lässt nichts nach außen dringen, was nicht in Form einer signierten Transaktion vorliegt, oder?
-
>The memory location that the seed phrase is stored in does not allow anything to get out
That’s not how things work.
See, in a typical flash drive, the job of the controller chip is to make all that memory visible to the PC that you plug it into.
But if I solder a 64GB memory chip into my mouse, it won’t turn into a flash drive. It will still be just a mouse and the PC will not even know about the memory chip. (for that matter, the mouse itself won’t know either, even though technically speaking it _could_ talk to the memory).
Trezor does not present to the PC as a flash drive or anything similar. There is nothing the PC can reasonably do to read Trezor’s memory — for all the PC knows, there _isn’t_ any memory to access.
Instead, Trezor presents a predefined set of instructions. “Sign a transaction” is one of them. “Read seed” is not there however.
—
With that said, Trezor is _not_ airgapped. Hypothetically speaking, there could be a security issue, kind of along the lines of, if the PC sends a carefully crafted sequence of the instructions that _are_ allowed, it might cause Trezor to return something that it shouldn’t. Most of the security research happens in this space.
-
> Maybe someone who read the code can tell me how exactly is Trezor airgapped. I know the seed phrase never leaves the device, but what security measures are implemented to make sure of that?
Because the comms to the device are using a custom made protocol to pass messages back and forth. [Here’s the workflow](https://docs.trezor.io/trezor-firmware/common/message-workflows.html) in simple English (no code). There is no message `get_seed` message, only a `set_seed` message (in `LoadDevice`). That means the seed can be pushed to the device, but never pulled from the device.
So no way to REMOTELY access the seed. To that, consider that smarter people than I would have made fame and glory if they could publish a remote exploit on something like Trezor or Ledger. The two companies have been trying to hack each other for almost a decade. Ledger (Donjon) would have definitely called out Trezor if anything like that was possible.
-
-
The device that holds the secrets never touches the internet, or any network.
The device that does may be completely compromised by malware, but has no way to get access to the secrets.
The HW wallet receives the transaction data and SIGNS it using a private key. Only public keys and addresses travel in the messages exchanged.
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.
