Trezor (1.6.0) review.
Hey guys!
As promised, here's the small review of the Trezor hardware wallet.
Like everyone probably knows, the claim is that offline hardware wallets are ultimately more secure than any software wallet, and also ultimately less cumbersome than paper wallets or usb keys filled with wallet.dat
-files.
Having used my Trezor for about a month now I can say it is pretty much all that and more, but like every seemingly awesome technology, there's always a "BUT" we need to address.
Nope, first things first. I'll be telling a little bit about its usage, and how to set it up.
Connecting to the computer for the first time:
The short advice on the box a Trezor was packed in (and glued in tight, impossible to get the device out without destroying the box) said, first I needed to browse to https://trezor.io/start/
I was greeted with two pieces of advice; how to use the pin code, and to understand the recovery seed phrase. The phrase was something I would have to write down, as it will be my only hope of getting back my wallet and its contents if I were to lose or break the little device.
The recovery seed is a 24 word long phrase (Mnemonic code) which is generated using some intrinsicly hard math defined within the BIP39 standard.
Moving on to the first login...
Before I could connect to my Trezor, as a Linux user I had to make a change to the udev rules, because security first, Linux is configured to not allow any unidentified devices to be used. I had to create a rule in /etc/udev/rules.d/50-trezor.rules
to authorize the connection first. If you use Linux and wonder how, paste the following to a console and press enter:
echo "SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0666", GROUP="dialout", SYMLINK+="trezor%n" KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0666", GROUP="dialout"" > /etc/udev/rules.d/50-trezor.rules
To be sure I also installed the trezor bridge software that was offered for download on Trezor wallet page
After all that I plugged my Trezor in. The first thing the device wanted to do was to be updated to 1.6.0 firmware. To my surprise the process went through without a hitch. I had been anticipating loads of trouble from the get go.
The recovery seed part was a bit arduous, but had to be done. The seed card has a warning that says:
"Never make a digital copy of your recovery seed and never upload it to online services."
Which is kind of scary, but I guess holding a piece of cardboard in your drawer is safer. Nope. I made a digital copy, encrypted it and made some copies of it on different mediums, and burned the original paper seed list. I am not going to take any chances.
What bugged me most about the pin code is, that there is no Zero (0) in it. I almost couldn't think of anything without a zero. Eventually I did, but as a mnemonic of my own, the zero would have been easier to incorporate. Anyway, I went with 1, 2, 3, 4, 5
. I've always wanted to say:
"1, 2, 3, 4, 5? That's amazing! I've got the same combination on my (crypto) luggage!"
Just kidding.
You also get to name your device. I gave mine the name "Hippu" as that is the pet-name Vera gave me when we were courting. ("Hippu" is short for "kultahippu" which means "gold nugget" in English, so "nugget" it is.)
Anyway, in my opinion using the wallet is a bit cumbersome to a newcomer. You may notice that there are "accounts" and then there are "addresses". You can't choose from which addresses your payments leave so you must be more careful with moving your cryptos, especially those that aren't untraceable, like Bitcoin or Ether. If you want to keep your bitcoins (or other cryptos) relatively private you should create different accounts for different types of cash flows. (Means a lot of work keeping everything private.)
Transactions screen overseeing Trezor Bitcoin accounts (one at the moment)
(Trezor supports multiple cryptocurrencies: Bitcoin, Bitcoin Cash, Bitcoin Gold, Dash, Zcash, Litecoin, Ethereum and Ethereum Classic. Additionally it supports ERC20 tokens on the Ethereum blockchain.)
MyEtherWallet addresses are just that, addresses. There are no accounts. So everything you do with one address is ultimately known for all. So there's essentially no added privacy in using Ethereum. I have separated my accounts into smaller pieces, but even that will eventually be sorted out and addresses connected to me, if I ever publish even one of those addresses and not use some mixer magic to move my ethers (or tokens) around.
Starting up MyEtherWallet
The payment screen in MyEtherWallet
I suppose Zcash and Dash are relatively private, but on Trezor, they apparently arent (at least for Zcash, I presume the same applies to Dash).
Like I said, there's the "BUT".
...another problem is whether my money is secure from some external party killing the SatoshiLabs, or MyEtherWallet sites.
The way I see it, apart from the command line python software py-trezor (which in my opinion seriously lacks documentation but supports two extra coins; Monacoin and DigiByte), there is absolutely no offline software for using the device. I have to resort to the Trezor.io web pages to access each and every coin, except Ethereum and the ERC20 tokens. For these I need to use the My Ether Wallet software which is surprisingly open source, and can apparently be cloned entirely via github.
So frankly we aren't entirely SOL if the Trezor web pages decide to go under for one reason or another, but it isn't going to be easy if that happens.
Anyway...
As of writing the Trezor comes in two colours, black and white. If you want one, you can order yours straight from the Trezor pages. There was also the Trezor model T that was on pre-order last Fall, but it hasn't gone into full production yet so we can't get it even if we wanted to. Yet. Perhaps there's something new around the corner, but I think I can manage with my current Trezor for the time being.
Hope you liked this weird rambling review. :)
[Previous post: One photo every day: Trezor (230/365)]
If you liked the post, consider buying me a beer:
I like the review, as a user linux would have the same questions (and also have several digital backups encrypted in several media included in an email: P), but if I'm honest I do not trust the hardware wallets, due to the fact that if the company dies can cause you many problems, personally I use the official wallets, and I have the wallets backed in paper and encrypted in various media
Good point.
But they are not as easy to use. I guess it all boils down to accessibility.
Let's say Bitcoin becomes obsolete over night and you have your 400k in an encrypted walllet.dat file in a safety box somewhere, and no Bitcoin client capable of using wallet.dat files on your computer. You'll be in a hurry trying to first get to the backup, then wait for Bitcoin to rebuild the blockchain from scratch which can take anywhere from 4 days to 2 weeks depending on things. (Been there done that.)
By the time you're done, the price has dipped below 20 bucks and you're left with nothing.
But you are right, if the web page is down, it's pretty much the same issue. (Although like I said, the python commandline client does work without the web page.)
Yes lamentably to greater security less usability
Of course if you have a .dat saved but you do not have the node updated for an emergency,
you are in a disadvantaged position which you should avoid .
Yep, I updated the BTC client days ago, in a laptop that I have as a wallet "offline" and it was about ~ 150GB, and it took about 3 weeks to update
I have a real case of a friend who had 7 million PandaCoin saved and the node was outdated, when I finished the update the price had dropped by 90%
So, the moral, you should always have an updated node for emergencies
Yes, the commandline python gives some reassurance that you will have a way to access the wallet, but I do not trust third-party solutions I have seen many companies simply close their doors and the clients run out of support
Well at least for this case of saving your cryptos, the cryptos usually stored for years and one never knows what would happen
:P
It's a good thing Trezor (and the python software) is fully open-source, so if the 3rd party option (Satoshilabs) goes under, we still have the source code for both the device and the software, and can thus recover our coins.
(Sorry for replying so late, I hadn't noticed your comment earlier.)
Good point if the developer community it is strong enough to support the software and update it gives something more confidence, to be able to change the solution If necessary
lol np
;)
@gamer00,
I mostly like "BUT" section! Yeah one of the excellent review! I hope to buy one and I am a Windows user! Hope I could find a tute to do that configurations as well.
Cheers~
Hey, Trezor menu is pretty neat, I like it more than Ledger.
I've done the same yesterday with my Nano and put the leftover of my crypto there. It's only left to wait a year or two and see what is going to happen :d
Thanks for sharing your rambling opinion :D Hippu, I had already heard opinions about the Ledger and the Keepkey, both also very good device, I suppose in the end all the wallets are good in their own way but they all have their "BUT".
I like your review. It is actually less ambiguous and more easy to follow. I also want to say that the access to the trezor becomes impossible if for any reason trezor webpage is under DDOS. I can see some key cryptos are missing, such as ripples, cardano, iota. I was thinking hardware wallets are all in all.
How did you write that? What code did you use?
Having used the Trezor and the Ledger Nano S, I felt the Trezor is a better experience. It currently doesn't all the coins that the nano does, but I felt the UX is much better, and not needing to add/remove apps to look at the different coins.
I do like the annotation of the transactions, and the displaying of info on the Trezor screen to confirm as a mitigation for javascript attacks that change the wallet addresses when sending.
Got to say there is a lot to it!
There's more... I just forgot to talk about it. I need to do a second post I guess.
I also ordered Trezor after your last review. But didn't get it yet.
Why is shipment so long, it takes almost forever :(
I paid extra for their 2-day delivery.
I haven't thought about it. Damn. You too smart, my friend... Too smart!
never heard of this device before. but with your description would sureky get one for my self. am hoping it wont be too complex
I've been thinking of an offline wallet all the while, I think I know what I need now. "TREZOR"