It doesn't include any proprietary software and the whole thing is an open design that other people are able to build (and have successfully done so in practice). The primary purpose is for cryptocurrency wallets but it works well for U2F, GPG, SSH and various other purposes too.
-
-
I greatly prefer only trusting only the HSM and having a physical backup of the seed recorded directly from it. The approach to passphrases is also really nice. Trezor *only* stores the seed, not any state for wallets, SSH/GPG keys, etc. which are derived from seed + passphrase.
-
If it dies, I can do recovery on a new one (or a compatible implementation) by entering my recovery seed into it directly and I'll have back all of my wallets and keys. I also really like that I could quite feasibly memorize a recovery seed since it's 12 / 18 / 24 common words.
-
Satoshi Labs (Trezor) got the recovery seed and deterministic wallet approach standardized, so there are a lot of compatible options available. The trezor-agent project providing SSH / GPG support also appears to support some other devices like Ledger models too.
-
If I wanted to transport keys across a border, I'm confident that I could memorize a 12 word recovery phrase, which is the 128-bit security level. Bitcoin and ed25519 have an 128-bit security level anyway. Using 24 words is useful to split physical backups into two pieces though.
End of conversation
New conversation -
-
-
Ah, for initial generation.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
^Exactly. Impossible to audit the entire stack of a laptop, compared to a hardware token. You need to know that your key is being generated validly, and the only way to truly destroy data on a computer is to burn it.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.