A Trezor is a mini computer keeping access to the seed contained to an isolated component with on-device display / confirmation. It's wrong to expect that an attacker with physical access won't be able to extract the seed. That remains true with an obfuscated secure element too.
Conversation
This Tweet was deleted by the Tweet author. Learn more
The passphrase feature works by appending the passphrase to the seed phrase which is used as the input for key derivation. It doesn't encrypt the seed with it but rather appends it to the seed phrase to derive a different key / wallet. It doesn't store it or any outputs from it.
1
4
11
Replying to
It's important to keep in mind that the seed is not just on the device. There's at least one physical backup of the seed, generally written down with pencil and paper, and an attacker could obtain that rather than the hardware wallet. The hardware wallet is for using the seed.
1
2
11
This Tweet was deleted by the Tweet author. Learn more
You would probably only want to do that for one component of a passphrase, since it has to be exposed to a general purpose computer with lots of attack surface. It's also a very advanced approach and can't be recommended to typical users. A passphrase is hard enough for them.
1
1
This Tweet was deleted by the Tweet author. Learn more
Yeah, the Model T prompts for whether you want to enter it on the device or the attached computer. It's a bit inconvenient to enter it on the small touchscreen but it's definitely worth always doing since it avoids ever exposing it to the computer with vastly more attack surface.