I have a small question, when entering a passphrase from the keyboard or from the device itself, is the data encrypted somehow for transmission to Trezor Suite? Maybe if the device is infected and has access to control information from USB ports, they can intercept the passphrase this way?
Thanks for your reply!
@matejcik Could you help?
There is no encryption between entering in Suite and sending to Trezor.
The weak point is actually at the entry, where malware could steal all your keypresses (or mouse clicks in case of on-screen keyboard), or even read the passphrase out of Suite memory.
So if you have a Trezor T, it is much safer to always enter the passphrase on Trezor screen.
Keep in mind that passphrase alone is not very useful to an attacker. They still need to capture your seed.
(this could be relevant to a local attacker who can replace your USB cable, capture your passphrase, then steal the Trezor itself. we actually have a solution to this scenario on the roadmap.)
And in what form is the data transferred from Trezor to Suite?
It also somehow transfers data about the installed seed phrase on the device for authentication to the account.
And the passphrase can be retrieved from Suite’s memory? I’m talking about the web version, not the app.
That’s not how this works. The seed phrase is not a “password to an account”.
Remember that all transactions on the blockchain are public. What Trezor sends to Suite is a “selector”, an information about which parts of the blockchain you want to load. In case of Bitcoin, the information is an XPUB. In case of Ethereum, it is just the address.
This is essentially “public” information too: if malware steals it, it knows what addresses you have, and it can query the blockchains to see your transaction history. But it is view only. If you want to do anything, you still need to ask the Trezor to do it.
The passphrase exists in Suite memory, at least for the short time when you are typing it. Most likely somewhat longer. So if some malware manages to breach Suite memory space, it could go looking for the passphrase.
Two practical problems with doing it:
- Accessing memory of another process is a difficult obstacle for malware authors, and
- Finding a particular piece of data once you’re there is also difficult.
Neither is impossible though. It’s just difficult.
And when signing a transaction in Trezor itself, it just transfers the signed transaction to Suite, without any private data?
So a virus can’t steal anything confidential when connected to Suite?
And the passphrase only when entering the keyboard (keylogger, for example) or through the process memory, yes?
that’s right, that is the whole point of Trezor
It turns out to protect the passphrase from a hacker for an ordinary user becomes impossible, if the hacker can somehow get it out of the process memory and if he succeeds he will need physical access to the wallet with the entered seed phrase