0
I'm trying to figure out how to use a Trezor for my needs. I'd like to have different "layers" of security, so my plan is to use this setup (less secure on top):
- Online wallet for every day usage (1%)
- Trezor with passphrase A connected to online computer (19%)
- Trezor with passphrase B connected to offline computer (80%)
My question is: does it make sense to separate layers 2 and 3 in online and offline computers? I'm assuming that the Trezor does not store the passphrase, so by using passphrase B only in a secure offline computer to sign transactions this layer is much more secure.
Thanks!
A malware could steal your passphrase in an online computer, so in theory it should be more secure to use a separate passphrase for larger amounts and use this second passphrase only in an offline computer. Don't you agree? – Paul – 2017-09-19T18:36:33.587
1
@Paul Everything is done on your Trezor, your computer never sees the private keys / mnemonics. So it doesn't matter. If you still have doubts, you can chat with Trezor devs on https://gitter.im/trezor/community
– MCCCS – 2017-09-20T13:00:51.540I understand the computer never sees the private key or seed, however it's possible that it's extracted from the device (e.g. https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8 ), so I believe it's wise to protect the passphrase.
– Paul – 2017-09-20T16:18:47.733@Paul https://gitter.im/trezor/community?at=599550192723db8d5eb1f796
– MCCCS – 2017-09-20T16:22:33.687The fact that that particular article is supposedly fake doesn't mean the private data cannot be extracted. It's fair to assume it could be extracted with physical access to the device. – Paul – 2017-09-20T19:16:38.390