All articles

Entropy check

The entropy check works on all Trezor Safe models and the Trezor Model T. It is not supported by the Trezor Model One.


When setting up your Trezor, the entropy check ensures your wallet backup is generated randomly.

Trezor does this by verifying that the random data (entropy) used to create your wallet is truly unpredictable and consistent. If the check fails, Trezor Suite blocks access to the wallet to prevent you from losing your funds.

While rare, some users who purchase Trezor from unauthorized resellers may unknowingly receive a device that does not produce truly random seeds. The entropy check mitigates this risk: if a device is found to handle randomness incorrectly, Trezor Suite will block access to the wallet.
 

The entropy check does not protect against every kind of counterfeit or tampered device. It specifically targets devices that generate non-random seeds. To further reduce risk, always purchase your Trezor from our official e-shop or from one of our authorized resellers.


How does the entropy check work?


The entropy check follows the following procedure.
 

  1. Wallet creation: When you set up your Trezor, it generates a wallet using random data (entropy) from both Trezor and Trezor Suite to ensure unpredictability.

  2. Wallet deletion: After the wallet is created, Trezor deletes it and sends the entropy it used back to Trezor Suite.

  3. Wallet recreation: Trezor Suite rebuilds the wallet using the provided entropy to check if it produces the exact same XPUBs (extended public keys) as the original.

  4. Comparison: If the XPUBs from both wallets match, the device is verified as authentic. If they don’t, the device may be counterfeit or compromised.

  5. Random checks: Suite repeats this process 1 to 5 times at random to make it harder for attackers to manipulate.

  6. What happens if it fails? If the wallets don’t match, Trezor Suite blocks access and prevents you from using the wallet. If the entropy check fails, you will see the following popup in Trezor Suite:

 


Press “Contact Trezor Support” and contact us immediately if this happens.
 

For more information on XPUBs, please read our article called What is a public key (XPUB)?


Why would the entropy check fail?


If the entropy check fails, this means that the device generates wallets which are not random.

Cryptographic security is based on a high degree of randomness which is practically impossible to replicate or emulate.

A failed entropy check means that the device is counterfeit and produces non-random wallets which are designed to steal your funds.
 

What should I do if the entropy check fails?


If the entropy check fails, contact us immediately via the prompt in Trezor Suite or our chatbot Hal. One of our agents will reach out to you as soon as possible with the next steps.