I have a question about how secure when seed words are first generated. I have found article say that generating seed is about mixing true random number from computer that trezor has plugged in and true random number from trezor’s STM32 microcontrollers. So, if my computer is compromised or has a malware or virus. Are my seed words still safe or not? Will someone see my seed words?
Appreciate for your help in advance!
The point of mixing is that the words are secure (a) if your computer is compromised, and also (b) if the microcontroller is faulty/compromised. We use two sources of randomness, and it’s sufficient if only one of them is OK.
Even if both (a) your computer is infected with malware and independently (b) the microcontroller has a problem, there is not enough information for the malware author, or the microcontroller attacker, to gain enough information to recover your seed.
Only if both your computer and the hardware is compromised by the same subject, then you might be in danger. But that is state actor level stuff, it could happen if you personally are targeted – and if that is the case, Trezor alone is not enough to protect you.