Trezor (1.6.0) review.

in trezor •  7 years ago  (edited)

Hey guys!

Three Trezor HD wallets
Leo chose the white one.

As promised, here's the small review of the Trezor hardware wallet.

Like everyone probably knows, the claim is that offline hardware wallets are ultimately more secure than any software wallet, and also ultimately less cumbersome than paper wallets or usb keys filled with wallet.dat -files.

Having used my Trezor for about a month now I can say it is pretty much all that and more, but like every seemingly awesome technology, there's always a "BUT" we need to address.

Nope, first things first. I'll be telling a little bit about its usage, and how to set it up.

Connecting to the computer for the first time:

The short advice on the box a Trezor was packed in (and glued in tight, impossible to get the device out without destroying the box) said, first I needed to browse to https://trezor.io/start/

I was greeted with two pieces of advice; how to use the pin code, and to understand the recovery seed phrase. The phrase was something I would have to write down, as it will be my only hope of getting back my wallet and its contents if I were to lose or break the little device.

Screenshot_20180211_235302 - Trezor Wallet.png

The recovery seed is a 24 word long phrase (Mnemonic code) which is generated using some intrinsicly hard math defined within the BIP39 standard.

Moving on to the first login...

Before I could connect to my Trezor, as a Linux user I had to make a change to the udev rules, because security first, Linux is configured to not allow any unidentified devices to be used. I had to create a rule in /etc/udev/rules.d/50-trezor.rules to authorize the connection first. If you use Linux and wonder how, paste the following to a console and press enter:

echo "SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0666", GROUP="dialout", SYMLINK+="trezor%n" KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0666", GROUP="dialout"" > /etc/udev/rules.d/50-trezor.rules

To be sure I also installed the trezor bridge software that was offered for download on Trezor wallet page

After all that I plugged my Trezor in. The first thing the device wanted to do was to be updated to 1.6.0 firmware. To my surprise the process went through without a hitch. I had been anticipating loads of trouble from the get go.

The recovery seed part was a bit arduous, but had to be done. The seed card has a warning that says:

"Never make a digital copy of your recovery seed and never upload it to online services."

Screenshot_20180211_235302 - Trezor Wallet 3.png

Which is kind of scary, but I guess holding a piece of cardboard in your drawer is safer. Nope. I made a digital copy, encrypted it and made some copies of it on different mediums, and burned the original paper seed list. I am not going to take any chances.

What bugged me most about the pin code is, that there is no Zero (0) in it. I almost couldn't think of anything without a zero. Eventually I did, but as a mnemonic of my own, the zero would have been easier to incorporate. Anyway, I went with 1, 2, 3, 4, 5. I've always wanted to say:

"1, 2, 3, 4, 5? That's amazing! I've got the same combination on my (crypto) luggage!"

Just kidding.

You also get to name your device. I gave mine the name "Hippu" as that is the pet-name Vera gave me when we were courting. ("Hippu" is short for "kultahippu" which means "gold nugget" in English, so "nugget" it is.)

Anyway, in my opinion using the wallet is a bit cumbersome to a newcomer. You may notice that there are "accounts" and then there are "addresses". You can't choose from which addresses your payments leave so you must be more careful with moving your cryptos, especially those that aren't untraceable, like Bitcoin or Ether. If you want to keep your bitcoins (or other cryptos) relatively private you should create different accounts for different types of cash flows. (Means a lot of work keeping everything private.)

Screenshot_20180211_235302 - Trezor Wallet 4 (editoitu).png
Transactions screen overseeing Trezor Bitcoin accounts (one at the moment)

(Trezor supports multiple cryptocurrencies: Bitcoin, Bitcoin Cash, Bitcoin Gold, Dash, Zcash, Litecoin, Ethereum and Ethereum Classic. Additionally it supports ERC20 tokens on the Ethereum blockchain.)

MyEtherWallet addresses are just that, addresses. There are no accounts. So everything you do with one address is ultimately known for all. So there's essentially no added privacy in using Ethereum. I have separated my accounts into smaller pieces, but even that will eventually be sorted out and addresses connected to me, if I ever publish even one of those addresses and not use some mixer magic to move my ethers (or tokens) around.

Screenshot_20180211_235302 - Trezor Wallet 5.png
Starting up MyEtherWallet

Screenshot_20180211_235302 - Trezor Wallet 6 (editoitu).png
The payment screen in MyEtherWallet

I suppose Zcash and Dash are relatively private, but on Trezor, they apparently arent (at least for Zcash, I presume the same applies to Dash).

Like I said, there's the "BUT".

...another problem is whether my money is secure from some external party killing the SatoshiLabs, or MyEtherWallet sites.

The way I see it, apart from the command line python software py-trezor (which in my opinion seriously lacks documentation but supports two extra coins; Monacoin and DigiByte), there is absolutely no offline software for using the device. I have to resort to the Trezor.io web pages to access each and every coin, except Ethereum and the ERC20 tokens. For these I need to use the My Ether Wallet software which is surprisingly open source, and can apparently be cloned entirely via github.

So frankly we aren't entirely SOL if the Trezor web pages decide to go under for one reason or another, but it isn't going to be easy if that happens.

Anyway...

As of writing the Trezor comes in two colours, black and white. If you want one, you can order yours straight from the Trezor pages. There was also the Trezor model T that was on pre-order last Fall, but it hasn't gone into full production yet so we can't get it even if we wanted to. Yet. Perhaps there's something new around the corner, but I think I can manage with my current Trezor for the time being.

Hope you liked this weird rambling review. :)


[Previous post: One photo every day: Trezor (230/365)]


If you liked the post, consider buying me a beer:

Buy me a beer


Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

I like the review, as a user linux would have the same questions (and also have several digital backups encrypted in several media included in an email: P), but if I'm honest I do not trust the hardware wallets, due to the fact that if the company dies can cause you many problems, personally I use the official wallets, and I have the wallets backed in paper and encrypted in various media

Good point.

But they are not as easy to use. I guess it all boils down to accessibility.
Let's say Bitcoin becomes obsolete over night and you have your 400k in an encrypted walllet.dat file in a safety box somewhere, and no Bitcoin client capable of using wallet.dat files on your computer. You'll be in a hurry trying to first get to the backup, then wait for Bitcoin to rebuild the blockchain from scratch which can take anywhere from 4 days to 2 weeks depending on things. (Been there done that.)

By the time you're done, the price has dipped below 20 bucks and you're left with nothing.

But you are right, if the web page is down, it's pretty much the same issue. (Although like I said, the python commandline client does work without the web page.)

But they are not as easy to use.

Yes lamentably to greater security less usability

I guess it all boils down to accessibility. Let's say Bitcoin becomes obsolete over night and you have your 400k in an encrypted walllet.dat file in a safety box somewhere, and no Bitcoin client capable of using wallet.dat files on your computer.

Of course if you have a .dat saved but you do not have the node updated for an emergency,
you are in a disadvantaged position which you should avoid .

You'll be in a hurry trying to first get to the backup, then wait for Bitcoin to rebuild the blockchain from scratch which can take anywhere from 4 days to 2 weeks depending on things. (Been there done that.),

Yep, I updated the BTC client days ago, in a laptop that I have as a wallet "offline" and it was about ~ 150GB, and it took about 3 weeks to update

By the time you're done, the price has dipped below 20 bucks and you're left with nothing.

I have a real case of a friend who had 7 million PandaCoin saved and the node was outdated, when I finished the update the price had dropped by 90%

So, the moral, you should always have an updated node for emergencies

But you are right, if the web page is down, it's pretty much the same issue. (Although like I said, the python commandline client does work without the web page.)

Yes, the commandline python gives some reassurance that you will have a way to access the wallet, but I do not trust third-party solutions I have seen many companies simply close their doors and the clients run out of support

Well at least for this case of saving your cryptos, the cryptos usually stored for years and one never knows what would happen

:P

Yes, the commandline python gives some reassurance that you will have a way to access the wallet, but I do not trust third-party solutions I have seen many companies simply close their doors and the clients run out of support

It's a good thing Trezor (and the python software) is fully open-source, so if the 3rd party option (Satoshilabs) goes under, we still have the source code for both the device and the software, and can thus recover our coins.

(Sorry for replying so late, I hadn't noticed your comment earlier.)

Good point if the developer community it is strong enough to support the software and update it gives something more confidence, to be able to change the solution If necessary

(Sorry for replying so late, I hadn't noticed your comment earlier.)

lol np
;)

@gamer00,
I mostly like "BUT" section! Yeah one of the excellent review! I hope to buy one and I am a Windows user! Hope I could find a tute to do that configurations as well.

Cheers~

Hey, Trezor menu is pretty neat, I like it more than Ledger.
I've done the same yesterday with my Nano and put the leftover of my crypto there. It's only left to wait a year or two and see what is going to happen :d

I like your review. It is actually less ambiguous and more easy to follow. I also want to say that the access to the trezor becomes impossible if for any reason trezor webpage is under DDOS. I can see some key cryptos are missing, such as ripples, cardano, iota. I was thinking hardware wallets are all in all.


How did you write that? What code did you use?

Loading...

Having used the Trezor and the Ledger Nano S, I felt the Trezor is a better experience. It currently doesn't all the coins that the nano does, but I felt the UX is much better, and not needing to add/remove apps to look at the different coins.

I do like the annotation of the transactions, and the displaying of info on the Trezor screen to confirm as a mitigation for javascript attacks that change the wallet addresses when sending.

Got to say there is a lot to it!

There's more... I just forgot to talk about it. I need to do a second post I guess.

Thanks for sharing your rambling opinion :D Hippu, I had already heard opinions about the Ledger and the Keepkey, both also very good device, I suppose in the end all the wallets are good in their own way but they all have their "BUT".

I also ordered Trezor after your last review. But didn't get it yet.
Why is shipment so long, it takes almost forever :(

I paid extra for their 2-day delivery.

I haven't thought about it. Damn. You too smart, my friend... Too smart!

never heard of this device before. but with your description would sureky get one for my self. am hoping it wont be too complex

I've been thinking of an offline wallet all the while, I think I know what I need now. "TREZOR"

Wow! This is very good review which I have read again and again to understand all the intricacy! A lot of work for you!

Thanks a lot for your wonderful article on this gadget which always gives me a big awe!

I actually forgot some very important bits, so I think I'll need to do a second part to this soon.

Trezor is best

I want one but a don have enough money. thanks for sharing this useful information @gamer00.

Very nice review, well put together. Thank you.

Thanks for a great explaination about trezor Good work
Keep it up
god Bless you

it's great to hear about trezor. i never hear about this device thank you for sharing this valuable information with us keep sharing like this
@gamer00

Ohoo,really amazing information for us,keep sharing boss,
Stay blessed

Hello @gamer00, this review is very nice .you told us each and every little things regarding installing which is amazing .thanks for sharing with us..

thank you for this info mr @gamer00 For the first time I know this

a good post, I really like what you share. good luck brother. Steady...!!!

Thank you very much for this review and I am planning to buy one such wallet.

Thank you and Have a great day.

Wow..nice post..thanks for sharing..

I do have a trezor as well. I think it's very important to own a hard wallet if you want to invest long term in cryptos.
Now I'm not sure what hard storage is better.

  ·  7 years ago Reveal Comment

What if you get downvoted? Must you ask for sbd to resteem? If you dont have any other contribution, just walk pass.

I am sure you noticed i also do resteems for free if you took the time to read my comment.

And this resteem in particular is done at random, when i see an interesting post and i resteem it just like i did this one

Some day if i come across your post, and i find it interesting, i will also resteem it.

There is no harm done here. What exactly is your beef here? Is it with resteem services in general or you are trying to pick on me alone?

Pls study more on what resteems do, and you will see that its a very helpful service to those who take advantage of it.
Cheers naija mate!

  ·  7 years ago (edited)

Don't feel bad for the flag, it's only 1%, just to let you know, and also to clean up my feed.

Oh... btw. If you want to resteem posts, just do it. Spamming on the other hand is lame.

Hmm... if you must know, I hate spam.

Wow! Rendering a service to you which you indirectly benefit from is now called spam? I am truly surprised at this.

How will you know i appreciated your post and resteemed it if i dont comment?

How will you know what my value proposition is here on steemit, if i dont write about my services... How can you connect with me again for a repeat if this service proved helpful, without this comment you are labelling spam?

Simply put spam is unsolicited messages, that expressly do nothing of benefit for you

You should not consider my comment a spam because

  1. I rendered a service to you free of charge, which other people pay for
  2. Even though you didnt ask for the resteem, your post was deemed a post worth resteeming
  3. Your post was resteemed to over 4000 accounts. The added visibility you have gotten from my resteem cannot be quantified and as such should be appreciated and not lightly esteemed.
  4. And finally, the resteem was really done and not faked. You can check my feed. It is there!

Frankly i dont mind your flag... In the beginning i was reported to @steemcleaners several times, but i explained my case very well, and i was made to understand that steemit has an exception for resteem services, when it comes to comment spamming resteem services are excluded from being labelled spammers, and no action is taken against them so long as they genuinely render such service and are not scamming other users

Basically its a free world, you are free to dislike what i am doing, but thankfully many more appreciate it, and this is what keeps me going.

Thanks for your time!

Spam is spam, whether it sports a "free service" or not.

my bad... sincerely sorry i resteemed your post then.

I resteem peoples posts too you know. The difference is I am not begging handouts for it.

Its alright. dont overflog the issue. I already apologised for doing something you didnt appreciate...
i go a step further... i can remove the comment if you want me to, just so peace can reign. Cheers!