Support Trezor passphrase when creating wallet #4
Comments
|
There would be no password recovery when users use this option. |
|
I agree it is a very dangerous option. Regardless of password recovery, even if you had your seed phrase but forgot the pass phrase then your bitcoins are gone. This negates the premise of just having to look after a seed phrase. I'm not convinced this needs to be done so I'll move this issue into discussion and see if we get a demand for implementation from the community. |
|
I'd like to see this implemented like it is on the myTrezor site ideally - in that the password is used as the seed to the device and thus the device can be any number of wallets. Currently Multibit HD freezes when connecting to a Trezor with the passphrase enabled. The screen on the Trezor asks to enter the password. I feel explaining how other software implemented this is worth a mention... This proper implementation does not work with Electrum - it recognizes that the wallet isn't the same that it was created with if you use a different password when reopening (probably sees saved, mismatching addresses?) Thus, the $5 wrench attack (see documentation above) becomes a threat - someone asking you for your password can tell that you gave them the wrong one. Electrum DOES however allow you to easily create the wallet from the hardware device and passphrase as a new wallet - allowing for a way to spend funds in the case that myTrezor is unavailable. At a minimum that should be supported yet explained. Actually, if password is enabled, it might be wise to behave like myTrezor, and give the option to erase all record of the wallet when disconnecting OR save a copy as watch-only while disconnected. I prefer it to just always erase every trace. |
|
Thanks for reporting the freeze up bug. I've added an issue to MultiBit HD to cover the freeze up when a passphrase-enabled Trezor is detected. In the first instance this will explain why passphrases are not supported. Just for clarity I'll summarise your additional use case requirements:
There is an argument for the "erase every trace" option which would allow for plausible deniability of use of another's machine. For example one could attach a passphrase-enabled Trezor and then rely on MultiBit HD securely erasing the wallet. This argument is weakened by these factors:
In general, anyone with the level of sophistication required to adequately cover their tracks would rely on external tools to perform the secure delete so it isn't really necessary for MultiBit HD to provide this. Overall though, what you are proposing (passphrase support) is an advanced use case that only very few people will use. The overwhelming majority of mainstream users will not use a Trezor (against our recommendation that they should for balances over $500). Of those that do many are unlikely to apply an additional passphrase for fear of losing access to their bitcoin due to the additional complexity. Given that there is a lot of additional work to be done to support this and we're currently maxed out on the Beta 8, 9 and Release milestones I don't see this happening any time soon. |
|
Note also that as MultiBit HD uses a direct connection to Bitcoin Core nodes the first time it syncs a Trezor wallet it has to sync from a date earlier than the first ever Trezor wallet. This is slow. It can take 30 minutes. |
|
Closing as our policy is to not support passphrase-enabled Trezor devices out of concerns for users losing their passphrase thus negating the benefits of HD "wallet words". |
This was accidentally assumed to be deprecated but here's the documentation.
The text was updated successfully, but these errors were encountered: