Trezor One

First cryptowallet released by a company called Trezor, previously a flagship model, it was superseded by Trezor Model T albeit the device still receives software via regular security patches and less frequent feature updates. Powered by ST STM32F205RE.

The device lacks an SE, which could be a matter of concern compared to its counterparts in this space. The device had as of the time of writing suffered only minor incidents, mostly related to malware/ransomware attacks on the computer (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14199).

At a glance

BECH32 - yes Legacy Addresses - yes Multisig - yes Segwit - yes

Transparency

The device is fully open-source, with both the software client and hardware itself being open-source and is deterministically manufactured. All hardware info is publicly available on their GitHub. The device is heavily audited not only by Trezor itself but also by independent developers, ensuring its security and soundness in safety. The developers had also released a full devkit specification with an emulator, that allows the developer to test out the wallet itself without physically having it.

Software client

The device is managed by a software called Trezor Suite, which not only doubles as a device manager but also as a crypto-wallet to manage all funds stored by the device.

Optional features

The wallet also contains support for U2F. In addition, in conjunction with Trezor’s official software, the device may operate as an external encryptor/decryptor for it’s built-in password manager called Trezor Password Manager.

Security

User can validate on the device itself. The process of generating the wallet is done all in-device, including writing down the recovery seed and validating correct transcription of the seed.

The rest of the processes are done out of the device, on a computer, which makes the device easily susceptible to attack from outside, such as hijacking the pincode, or recovery seed.

There is an option to set a specialized Wipe pin, which will irreversibly wipe the keys stored in the wallet in case of an attack. In case the attacker uses brute force, the device will wipe itself after 16 unsuccessful tries.

The device does not allow installation of any external software whatsoever, restricting potential attack points on the device itself.

Physical security

The device’s case is sealed shut and ultrasonically welded together, hardening access to the hardware. The packaging is protected by very tight packaging, which demands irreparable damage to it, to access the device itself.

There had been a security incident, where due to the open-source nature of the device, there were clones of the device freely distributed in the wild. https://blog.trezor.io/psa-non-genuine-trezor-devices-979b64e359a7

Privacy

The device relies on software wallet to do it’s work, reducing confidentiality of the funds on device.

Non-hardware related

Manual

The device doesn’t have a very rich manual (only a quick start guide, which only instructs user on how to setup the device), the quality of documentation is at times poor and demands user to look up information or even how the precise processes look from the community on the internet, such as Youtube or Reddit.

Support

Support is either done via Reddit (https://reddit.com/r/trezor), on their official website’s forum (https://forum.trezor.io/) or via their email form (https://trezor.io/support/technical/issue/).

Upgradability

The device is already superseded by Trezor Model T which creates a divide in support of cryptocurrencies/features and also range of support by the developers themselves. The device is still sold and there are currently no known plans of phasing out the device in favor of Model T, the weaker SOC could be concerning where there would be necessary support for more expansive improvements to protocols on already support cryptocurrencies.

The most concerning thing would be lack of an SE, which per the claims of Trezor isn’t essential due to its equal amount of attention given to security of not only the hardware but also the software and lack of any hardware acceleration for common cryptographical algorithms, which may will impact its longevity in case of a hypothetical introduction of multi-layered encryption schemes in cryptocurrencies.

Trezor offers Bitcoin-only flavour of their firmware.

Links to this page
  • Trezor Suite

    Desktop client for managing Trezor One and Trezor Model T. Also contains modules for managing cryptowallet funds and a password manager, which derives the decryption keys of passwords via the hardware devices.

  • Trezor Core

    Other than that, each device maintains its own codebase with Trezor Model T’s being written mainly in Micropython with small parts of code written in C, and Trezor One’s mainly in C with parts of the code being written in Micropython or flavor of Python.

  • Trezor

    Is a brand of hardware-based cryptowallets made by SatoshiLabs. During their time, they released two products Trezor Model T and Trezor One. Trezor One is their first product with proud proclamation of being the first hardware-based cryptowallet on the market (citation needed). Nowadays it serves as a lower-end product with Trezor Model T replacing it as their flagship device, with upgraded features and hardware.

  • On Security of Trezor

    Trezor Core seems to not utilize any sort of hardware acceleration, relying on software-based approach. Libraries located on the Trezor monorepo have implementations of common cryptographic formulas and also own implementation of bignum [https://github.com/trezor/trezor-crypto/blob/master/bignum.c]. This is also further proven by the fact, that hardware used by both Trezor devices doesn’t have any sort of hardware acceleration aside from CRC calculation. The implementations of said algorithms don’t have any added side-channel attack mitigation, for example to prevent sniffing of date via power consumption readouts, as was done previously with Trezor One OLED display’s power consumption Details of the OLED Vulnerability and its Mitigation | by SatoshiLabs | Trezor Blog and CVE - CVE-2019-14353 (mitre.org). As far as it’s known, Trezor Model T doesn’t have this issue kind of issue so far.

  • Main page
  • Ledger Nano S

    Versatile hardware wallet device created by a french company Ledger. Company is at competition with Trezor company, by releasing their device shortly after the release of Trezor One.

  • BWallet (Trezor Clone)

    The device has same security options as Trezor One

  • BC Vault

    The device is regularly updated with new cryptocurrency support and features. Due to the uncertainty of the containing hardware, it’s unknown whether the device has strong or weak performance. But due to the fact that it supports Ripple, which is not generally supported by Trezor One but by Trezor Model T, the performance of the SOC is somewhere above One, and around Model T. Unfortunately the device doesn’t support Monero yet, so it’s not on par with Model T.

  • Archos Safe-T Mini

    The firmware is based upon Trezor One’s 1.6.1 firmware with modifications done to the storage controller to support a Microchip AT88SC0104CA secure memory, which should guarantee higher level of protection regarding storage of cryptographical seeds.

    The security is similar to Trezor One with an exception of added SE to securely store data into an embedded SE.