The wallets can have a malicious random quantity generator.
There are a number of methods to be malicious. Sometimes random quantity mills are thought of malicious when they’re
one way or the other predictable, so if you happen to use them another person can guess your “random quantity”.
However that does not seem to be what your plan protects you from.
What you confirm together with your process is that your {hardware} pockets don’t offer you a distinct seed (if you do the preliminary setup or ask to export it) from the one it used to generate the personal keys and associated addresses, that it makes use of if you obtain or ship funds with him.
On this which means, the seed (from which personal and public keys are derived in HD wallets) wouldn’t be yours however belong solely to your {hardware} pockets: you possibly can obtain and ship utilizing the machine, however if you happen to import the seed elsewhere there are not any related funds, as a result of it is totally different from the one utilized by Trezor.
Nevertheless I’ve by no means heard of such an issue on any {hardware} pockets.
The wallets can generate deal with for keys that aren’t mine
This do not make sense to me, public addresses are derived from personal keys, so the pockets must have the personal
keys to generate addresses … i am undecided what you imply.
Moreover, you possibly can’t confirm that you’re the only real proprietor of a seed or a non-public key, essentially the most you are able to do is make
positive that this doesn’t leak out, but when one way or the other somebody manages to repeat, predict or generate it randomly, you possibly can’t
discover till the cash goes away.
So, all issues thought of, I believe you possibly can keep away from having to confirm the seeds that your wallets offer you, as a result of this
provides virtually nothing to the safety you have already got utilizing multisig addresses with 2 {hardware} wallets evaluated
as Trezor and Coldwallet, which might be already closely scrutinized, as you possibly can see right here for instance.
PS: I do know that if the trezor has a malicious random quantity generator and it creates a non-public key that not solely myself personal, this can be a privateness leak, however not an issue. And it is a privateness leak solely after I spend from this deal with, revealing the general public key on the blockchain.
I am not conscious of troubles with Trezor rng (have you ever any reference for this?), but when your personal keys are leaked you’ll lose your funds virtually istantly, there is no such thing as a want to attend you spend, as mentioned earlier than, public key and addresses derive from personal key, so when you’ve got this you do not want the rest
