Securing Bitcoins with TREZOR

TREZOR is a hard wallet for securely storing crypto assets such as Bitcoin, Ethereum, and Litecoin. Protection mechanisms like a mnemonic recovery seed, PIN, and encryption passphrase safeguard your assets (private keys) by requiring your physical interaction in order to make transactions.

For those crypto noobies, I think it’s easiest to describe the TREZOR functionality by walking through a set-up example. Let’s imagine you’re a Coinbase user with 5 bitcoins. You purchased a TREZOR and desire to move a portion of your funds to the tightly secured platform. 

To start, I just want to say that Coinbase is incredible. They have a clean interface, offer a very secure option for online “banking” and make it super simple to get into Bitcoin, Ethereum, and Litecoin. The main downside is that they possess your private keys, something which may make you uncomfortable, especially with the constant news of hackers stealing funds. Funny enough, if you manage your wallet locally on your computer, you’re arguably more prone to attack from malware than if you were to manage your assets in an online bank. TREZOR is solving this problem by relocating your private keys to a micro computer device secured behind layers of significant encryption and authentication.

The first step in setting up your TREZOR is to plug the device into your computer’s USB port and launch https://trezor.io/start. Remember, the TREZOR is an external hardware wallet. In order to interact with it, you’ll need to connect it to something – a computer, a phone, a tablet, etc. Since it has no battery, it gets its power from USB. The TREZOR wallet website is purely a software interface used to interact with the hard wallet. You could just as easily use an alternative BIP39 compatible wallet like Mycellium or Electrum, or the TREZOR bridge software, or interact with it completely offline with Python. By placing this software interface external to the device, you’re adding a layer of security by making the software ignorant of your private keys. This is the intent!

Another way to say this is TREZOR interacts with your private keys, TREZOR wallet interacts with the blockchain.

Upon setup, you’ll be asked to create a recovery seed and PIN.

Recovery Seed

The recovery seed is a BIP39 mnemonic 24-word code which will help you recover your TREZOR contents (private keys, Bitcoin balance, and transaction history) into a new device if you lose your TREZOR. Let’s break this down.

A mnemonic code is superior for human interaction compared to the handling of raw binary or hexadecimal representations of a wallet seed. The sentence could be written on paper or spoken over the telephone. The mnemonic encodes entropy in multiples of 32 bits. With SHA256, we’ll have 256 bits of entropy, 8 bits of checksum, generating a mnemonic sentence of 24 words. These words correspond to an encoded number from 0-2047 that serves as an index into a word list. Since this mnemonic recovery seed is using 24 words, we can safely say that we have 256 bits of entropy since we have 2048^24 possible combinations, which is ~2.96 * 10^79!!! Guessing this passphrase would be just a difficult as guessing one of your actual private key addresses.

When TREZOR instructs you to write this down, make sure you do and keep it safe from prying eyes. Never save it on your computer, always write it down on paper or cryptosteel for ultimate protection.

PIN

The PIN is a 4-10 digit number that is used to protect the TREZOR against unauthorized use. You must enter your PIN in order to interact with the TREZOR which holds your private keys. The PIN pad is randomly displayed with every use, preventing keyloggers from recording your entries. Never write down your share your PIN with anyone.

Once done, you should be sitting on the home page of your TREZOR wallet. 

Cool, so how do I get money in?

If you already have coins you wish to transfer, it’s as easy as going to “Receive” and either scanning the QR code with your current mobile wallet or manually entering in the public address where the funds should be sent.

If you don’t own any coin yet, you’ll need to purchase some from an exchange. 

How do I send money?

This is where you see the beauty of TREZOR.  

  1. Connect TREZOR to your computer and open your software of choice (TREZOR Wallet in this case)
  2. Click on “Send”
  3. Enter the Address where you want to send funds, enter the amount and press send.
  4. The software will ask for your PIN. A randomized number pad is displayed to eliminate the risk of keyloggers.
  5. Upon successful entry, the TREZOR signs the public key that your wallet possesses with the private key that the TREZOR device possesses.
  6. Transaction is complete

Here’s a basic illustration:

Anything else you should know about?

TREZOR offers an additional authentication layer, known as the encryption passphrase. This is essentially a 25th word to your passphrase that you never write down. In the event your 24-word passphrase is compromised, there is still another word that would be needed to decrypt your keys.

TREZOR offers other security capabilities, such as password management. This is similar to LastPass or OnePass, but I haven’t tried it yet.

Make sure to read the FAQ and User Guide for much more detail on TREZOR.

Summary

If you are investing in crypto currencies and want the best security option for protecting your assets, check out TREZOR. My personal recommendation is to keep liquid crypto in an online/mobile wallet, but move any substantial funds to this hard wallet for ultimate security.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s