diff --git a/internal/readpassword/trezor.go b/internal/readpassword/trezor.go
index be9c22a..9020b33 100644
--- a/internal/readpassword/trezor.go
+++ b/internal/readpassword/trezor.go
@@ -1,6 +1,8 @@
 package readpassword
 
 import (
+	"bytes"
+	"log"
 	"os"
 
 	"github.com/rfjakob/gocryptfs/internal/exitcodes"
@@ -96,6 +98,18 @@ func Trezor(payload []byte) []byte {
 		os.Exit(exitcodes.TrezorError)
 	}
 
+	// Sanity checks
+	if len(key) != TrezorPayloadLen {
+		log.Panicf("BUG: decrypted value has wrong length %d", len(key))
+	}
+	if bytes.Equal(key, payload) {
+		log.Panicf("BUG: payload and decrypted value are identical")
+	}
+	zero := make([]byte, TrezorPayloadLen)
+	if bytes.Equal(key, zero) {
+		log.Panicf("BUG: decrypted value is all-zero")
+	}
+
 	// Everything ok
 	return key
 }