Entropy check
The entropy check works on all Trezor Safe models and the Trezor Model T. It is not supported by the Trezor Model One.
When setting up your Trezor, the entropy check ensures your wallet backup is generated randomly.
Trezor verifies that the random data (entropy) used to create your wallet is truly unpredictable and consistent.
If the check fails, Trezor Suite blocks access to the wallet to prevent you from losing your funds.
While rare, some users who purchase Trezor from unauthorized resellers may unknowingly receive a device that does not produce truly random seeds. The entropy check mitigates this risk. If a device is found to handle randomness incorrectly, Trezor Suite will block access to the wallet.
The entropy check does not protect against every kind of counterfeit or tampered device. It specifically targets devices that generate non-random seeds.
To further reduce risk, always purchase your Trezor from our official e-shop or from one of our authorized resellers.
How does the entropy check work?
Each time Trezor Suite runs the entropy check, it deletes the previous wallet and creates a new one.
By testing the randomness of each newly created wallet, Trezor Suite verifies whether the device is generating truly random wallets.
Entropy check procedure
Wallet creation
- When you set up your Trezor, it generates a wallet using random data (entropy) from both Trezor and Trezor Suite to ensure unpredictability.
Wallet deletion
- After the wallet is created, Trezor deletes it and sends the entropy it used back to Trezor Suite.
Wallet recreation
- Trezor Suite rebuilds the wallet using the provided entropy to check if it produces the exact same XPUBs (extended public keys) as the original.
- This process does not put any private keys at risk because each wallet created during testing is discarded and never used—it only exists briefly on the device to verify entropy.
Comparison
- If the XPUBs match, the device is verified as authentic.
- If they don’t match, the device may be counterfeit or compromised.
Random checks
- Suite repeats this process 1 to 5 times at random to make it harder for attackers to manipulate.
Wallet is verified
- Once Trezor Suite completes the verification process (repeating it between one and five times), it confirms that your wallet has an acceptable degree of entropy.
- You can now generate a wallet and use it in Trezor Suite.
What happens if it fails?
- If the wallets don’t match, Trezor Suite blocks access and prevents you from using the wallet.
- If the entropy check fails, you will see the following popup in Trezor Suite. Press "Contact Trezor Support" and reach out immediately if this happens.
For more information on XPUBs, read our article: What is a public key (XPUB)?
Why would the entropy check fail?
If the entropy check fails, this means that the device generates wallets that are not random.
Cryptographic security is based on a high degree of randomness, which is practically impossible to replicate or emulate.
A failed entropy check indicates that the device is counterfeit and produces non-random wallets that could be designed to steal your funds.
What should I do if the entropy check fails?
If the entropy check fails, contact us immediately via:
- The prompt in Trezor Suite
- Our Chatbot Hal
A Trezor support agent will reach out as soon as possible with the next steps.