Open fresheneesz opened 4 years ago
So now that I look deeper, I do see there's something in the right-click menu that allows you to do this. Its kind of unclear to me how much to trust the address that comes up. Not knowing what Trezor's api looks like, how can I really be sure the address that appears on the Trezor is what Electrum says it is?
Also, having the user be required to show the address on the hardware wallet would make good security a lot more fool-proof on Electrum. Otherwise, most people simply aren't going to be aware of this feature, or why its important.
There is an "eye" icon on the Receiving tab where the address is shown; and there is a "Show on ..." option in the Addresses tab in the context menu.
Its kind of unclear to me how much to trust the address that comes up. Not knowing what Trezor's api looks like, how can I really be sure the address that appears on the Trezor is what Electrum says it is?
Well it's the hardware manufacturer's responsibility to ensure this. The Trezor API call e.g. takes a bip32 path, so you can only get it to show an address it derives itself.
Also, having the user be required to show the address on the hardware wallet would make good security a lot more fool-proof on Electrum.
Well it's the hardware manufacturer's responsibility to ensure this. The Trezor API call e.g. takes a bip32 path, so you can only get it to show an address it derives itself.
That's interesting information. It would be nice if that information was present on the pop up that comes up when you use either the "eye" button or the "Show on
See #5126
That would certainly be an improvement. I'll comment there with some additional ideas.
I just realized that on a compromised machine, the Electrum software could have been overwritten to serve malicious addresses. Since I'm using a hardware wallet, I should be able to verify on the hardware wallet itself what addresses are mine. However I don't see any obvious way of doing this. On Trezor's mobile wallet, they have a feature for showing the address on your trezor.
Electrum should have a feature like this as well, otherwise users who are receiving payments don't get any of the benefits that a hardware wallet brings. I suggest the receiving addresses have a button similar to the Trezor web wallet called "Show Address on Trezor". Or possibly better would be a single button that puts trezor in a mode that allows you to scroll through receiving addresses.
In fact, if you're using a hardware wallet, the ideal thing would be to not even have a way to show the addresses in the Electrum UI without simultaneously showing the address on your hardware wallet. The electrum UI should be clear that the users should check the address on their hardware wallet.