trezor-agent icon indicating copy to clipboard operation
trezor-agent copied to clipboard
verified publisher icon romanz

Support for a passphrase?

Open Midar opened this issue 4 years ago • 4 comments

Given that the Trezor hardware is vulnerable to voltage glitching which allows easy recovery of the secrets, is there a way to add a passphrase to GPG keys, similar to https://wiki.trezor.io/Passphrase?

Midar avatar Mar 06 '22 11:03 Midar

???

I'm talking about this: https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/

Trezor's official statement was that it's not too bad because you can use a passphrase to protect your wallet. However, you'd also need a passphrase then to protect your GPG keys, otherwise the same attack would work against GPG keys on a Trezor.

Midar avatar Mar 06 '22 17:03 Midar

??

What do you mean by "synchronize your wallet"? What is that even supposed to mean in the context of GnuPG?!

And what should I debug here - how do you "debug" the absence of a feature?!

Midar avatar Mar 06 '22 19:03 Midar

If a passphrase usage is enabled, it will be used to derive the GPG secret key.

romanz avatar Jan 06 '23 12:01 romanz