The wallets can have a malicious random quantity generator.
There are a number of methods to be malicious. Usually random quantity mills are thought of malicious when they’re
one way or the other predictable, so when you use them another person can guess your “random quantity”.
However that does not appear to be what your plan protects you from.
What you confirm along with your process is that your {hardware} pockets don’t provide you with a distinct seed (while you do the preliminary setup or ask to export it) from the one it used to generate the personal keys and associated addresses, that it makes use of while you obtain or ship funds with him.
On this that means, the seed (from which personal and public keys are derived in HD wallets) wouldn’t be yours however belong solely to your {hardware} pockets: you’ll be able to obtain and ship utilizing the gadget, however when you import the seed elsewhere there are not any related funds, as a result of it is completely different from the one utilized by Trezor.
Nevertheless I’ve by no means heard of such an issue on any {hardware} pockets.
The wallets can generate handle for keys that aren’t mine
This do not make sense to me, public addresses are derived from personal keys, so the pockets must have the personal
keys to generate addresses … i am undecided what you imply.
Moreover, you’ll be able to’t confirm that you’re the only real proprietor of a seed or a non-public key, probably the most you are able to do is make
certain that this doesn’t leak out, but when one way or the other somebody manages to repeat, predict or generate it randomly, you’ll be able to’t
discover till the cash goes away.
So, all issues thought of, I believe you’ll be able to keep away from having to confirm the seeds that your wallets provide you with, as a result of this
provides virtually nothing to the safety you have already got utilizing multisig addresses with 2 {hardware} wallets evaluated
as Trezor and Coldwallet, which are already closely scrutinized, as you’ll be able to see right here for instance.
PS: I do know that if the trezor has a malicious random quantity generator and it creates a non-public key that not solely myself personal, this can be a privateness leak, however not an issue. And it is a privateness leak solely once I spend from this handle, revealing the general public key on the blockchain.
I am not conscious of troubles with Trezor rng (have you ever any reference for this?), but when your personal keys are leaked you’ll lose your funds nearly istantly, there is no such thing as a want to attend you spend, as mentioned earlier than, public key and addresses derive from personal key, so when you’ve got this you do not want anything