Hi everyone, I recently got a Safe 5 and am experiencing something that I’m not sure is a bug or is expected behavior. When Trezor Suite is open on my Mac and I connect my Safe 5 + input my PIN, my Trezor goes through, seemingly, 3 separate unlock sequences (spinning circle), with the last one momentarily flashing, “Please enter your passphrase.” I tried wiping the device, re-installing firmware, and also connecting it to a different Mac with a fresh installation of Trezor Suite, but my Safe 5 keeps doing this. Is this expected behavior?
yup, totally expected.
the “enter your passphrase” prompt will disappear in the next firmware release.
the three separate spinners should ideally be merged into just one, but that’s… not as easy as it looks, basically. there are three independent processes happening, each with its own progress bar, and recognizing them as belonging together is somewhat of a problem
Thank you! Can you expand upon what those three independent processes are by any chance? I’m curious to know what’s going on under the hood, so to speak.
Also happy to hear that you’ll be removing the “enter your passphrase” prompt flash. IMO, it could actually be a safety issue if a physical attacker forces you to input your PIN in front of them and sees “enter your passphrase”, they might think you’re hiding something in a passphrase wallet when you’re not.
The first one is PIN verification, which is designed to take something over 1 second of real time.
One or both of the next two is seed passphrase derivation, that is, applying a passphrase to your seed to get the actual wallet keys.
(a passphrase is always applied; in case of Standard wallet, it’s an empty passphrase)
If you have Cardano enabled, there’s another separate seed derivation for Cardano, because it’s using a different derivation method so we need to run that too.
If not, then I’m not 100% sure, I’d have to check Suite behavior. One option is it’s doing the same derivation again for a different “session”.
The reason for the “enter your passphrase” screen is that for a very brief moment Trezor is waiting for Suite to send in the passphrase. Suite responds ~immediately with the empty passphrase, but the dialog still has time to render.
I mean, it could, but … the attacker would need to (a) know what a passphrase is, and at the same time (b) not know that literally every Trezor is configured out of the box to ask, even though no passphrase was ever used.