Eingabe der Passphrase in der UI

Dieses Thema hat 5 Antworten sowie 1 Teilnehmer und wurde zuletzt vor vor 1 Jahr, 3 Monaten von Due-Seaweed7811 aktualisiert.

Ansicht von 5 Antwort-Themen

Autor

Beiträge
- 21. Oktober 2023 um 09:53 Uhr #3078987
  
  root_s2yse8vt
  Administrator
  
  Up
  0
  Down
  ::
  Ich habe mich immer gefragt, wie sicher es ist, die Passphrase jedes Mal einzugeben, wenn man auf seine Münzen in der Trezor Suite App oder der Web UI zugreifen möchte.
  
  Ich versuche nicht, Trezor schlecht zu machen oder so. Trezor ist meine erste Hardware-Wallet, und ich habe auch heute noch eine. Aber im Vergleich zu Ledger, wo man die Passphrase direkt in das Hardware-Gerät eingeben kann, finde ich es ein bisschen beängstigend, eine so wichtige Phrase in eine Software einzugeben.
  
  Gibt es nicht bösartige Malware, die auf Befehl eines Hackers den Speicher auslesen, Keylogs erstellen oder Daten ausspähen kann? Gibt es eine Lösung für dieses Problem?
- 21. Oktober 2023 um 09:53 Uhr #3078988
  
  matejcik
  Gast
  
  Up
  0
  Down
  ::
  > Isn’t there malicious malware out there that can memory scrape, keylog, or sniff on a hacker’s command?
  
  Well, yes, but actually no.
  
  The thing to understand is that to a malware author, your passphrase is completely and utterly useless. They can write it on their mirror in lipstick and stare at it lovingly every morning for all you care …. because to make any use of it at all, they _also need the seed phrase_…
  
  …which they’re never going to have, because it’s on Trezor and you’re never storing it digitally.
  
  So yes, sure, a keylogger can grab your passphrase in theory. In practice, nobody is going to bother because there’s nothing they can do with the captured data.
  
  The one situation where having a keylogger would be useful is a targeted attack: if your roommate already broke into your desk drawer and copied the seed (or if they’re gearing up to stealing the Trezor itself), they could use a keylogger to grab the passphrase too.
  
  Even in such situation, it’s still orders of magnitude safer to use a passphrase than not, because it is yet another obstacle in the attacker’s path.
  
  —
  
  And of course you can get a Model T and enter the passphrase on device.
- 21. Oktober 2023 um 09:53 Uhr #3078989
  
  SafeMoonJeff
  Gast
  
  Up
  0
  Down
  ::
  The „hacker“ can’t do shit with the passphrase without the private keys inside the device (which never leaves your device) , your seed (that you never type anywhere) or physical Trezor in hand (which he needs your PIN)
  
  Cheers
- 21. Oktober 2023 um 09:53 Uhr #3078990
  
  senlek
  Gast
  
  Up
  0
  Down
  ::
  On the right side panel of this page are Best Security Practices… one of which is „use a passphrase“. Some other hww manufacturers warn against using a passphrase since a novice can easily lose their coins if they mess it up. But Trezor does this, I think, because their devices are vulnerable to physical attack. i.e. if someone gets possession of your device, and has the know-how, they can extract the seed-phrase. If this same person had somehow managed to install a keylogger on your computer, then they would have your passphrase(s) if you typed them in Trezor Suite. Then coins are all gone.
  This scenario is not likely to happen; but I prefer to be paranoid. So I enter passphrases on my Trezor T only. This is tedious because I use long passphrases; but that’s something I’m willing to put up with.
- 21. Oktober 2023 um 09:53 Uhr #3078991
  
  Agha_Jamal
  Gast
  
  Up
  0
  Down
  ::
  Following
- 21. Oktober 2023 um 09:53 Uhr #3078992
  
  Due-Seaweed7811
  Gast
  
  Up
  0
  Down
  ::
  I just got a trezor a couple of days ago. I entered my pass on the app but had to look on the device to know where each digit were on the number pad..
  
  So you don’t actually enter anything on the app, or am I missing something?
Autor

Beiträge

Ansicht von 5 Antwort-Themen

Du musst angemeldet sein, um auf dieses Thema antworten zu können.