How can I be certain that the “Seed” recommended by the wallet hasn’t been generated elsewhere? How can I ensure that developers don’t possess a copy of it? And how can I have confidence that the “Seed” generated on the Trezor is genuinely unique?
If generated properly, it’s statistically impossible for two people to generate the same seed. There are simply too many options.
This is the big question.
Trezor code is open-source, so if you can establish that (a) the published source code does the right thing, i.e., generates the seed randomly with the correct amount of entropy, and (b) that the source code is what is actually running on your Trezor device, then you can be certain.
To establish that, you need to create a root of trust:
- either you trust your own technical skill to verify both of the above by yourself
- or you get someone you trust to review the code for you (good friend, commercial service?)
- or you trust “the community”, that many people regularly look into this highly critical component, and if there was a problem, somebody would already be trying to get rich & famous by talking about it
- (or you trust Ledger Donjon that if their competition made such a dumb mistake, they would absolutely splatter that all over the media)
- or you can simply trust Trezor Company to not be totally stupid, because it turns out that stealing money from your customers isn’t really a viable long-term business strategy, and we’ve been around for a couple years now