/biz/ - Business & Finance

>tl;dr

Basically, most people out there (especially the most vocal ones on twitter/reddit) were operating under faulty assumptions from the very beginning.

They assumed that "the firmware can never touch the seed phrase", which has never been true. And this has always been public knowledge: https://developers.ledger.com/docs/embedded-app/bolos-hardware-architecture/

Some people don't yet know that their assumptions were always wrong, and are mad at Ledger for "betraying" them.

Other people didn't know but now know this, and are rightfully mad at Ledger for not making this information crystal clear from the start. They could have proactively headed this off, but instead they chose to sit back and let people foment incorrect assumptions, because it made their product look better.

>tl;dr the tl;dr

It is technically possible for malicious firmware to extract the seed phrase from your Ledger. The firmware must still be cryptographically signed by Ledger's private key, and you must still unlock the device with your pin/passcode first.

And that has always been true, this new feature doesn't change the threat model. It's just the first feature that takes advantage of the above possibility, and allows the seed phrase to leave the device.

gm!
https://i.4cdn.org/wsg/1684282020024583.webm

>>54991840
>>54991847
Thanks. Useful bread

And obviously if you do opt-in to the new Ledger Recover service, that has its own set of pitfalls.

All around it sucks.

Sorry for the twatter cap but it does the best job at summarizing that angle of this fiasco.

Good thread, OP. Trezor uses a shamir social recovery too, does that mean it's the same in this regard?
And do you know anything about the Grid+ lattice?

>>54991921
I have not delved into the tech for either trezor or lattice yet. However, my educated guess is that it's the same thing essentially.

The seed phrase cannot be used by itself. It's just a BIP-32 phrase, used as the base for many private keys/accounts, for all of your various networks/coins.

Code needs to take the SP and manipulate it to derive new private keys on the fly. Only then can you use those private keys to sign a message or transaction header.

If you bake that code into an immutable hardware coprocessor with an immutable kernel, that I think would work and would be the most secure, but terribly crippling for future-proofing the device (if you need to update elliptic curve parameters / ciphers, you can't anymore). Or perhaps you want to support new future crypto networks (or existing networks that go through upgrades). You might not be able to, depending on how the private key is supposed to be derived, or what algorithms / parameters are supposed to be used when signing data for that particular network.

So instead the much more future-proof, flexible, and user-friendly option is to have a kernel for that cryptographic coprocessor that is upgradable.

That is how Ledger works, and I would imagine that's how Trezor and Lattice work too. Otherwise I think we'd be seeing reports/complaints about how new networks or network upgrades aren't compatible with those devices.

Instead, no matter what new crypto network/upgrades happen, all these devices are eventually compatible with them. It's just a matter of the dev team creating an application for it.

Like Internet Computer for example, does some pretty off-the-wall shit cryptographically. Because the firmware has direct access to the seed phrase and can manipulate it in any way needed, the DFINITY devs were still able to create an app for it and add hardware wallet compatibility.

>>54991921
>>54992076
The one key with Trezor is that it's open-source.

Of course, that doesn't really mean a whole lot. I mean when you receive your Trezor device in the mail, it's not like you can independently verify that all the microarchitecture hardware inside is following the open-source spec. You're still just trusting the company that it is.

>>54992076
Excellent answer. Thanks.

>>54991840
>So the firmware does and has always been capable of accessing the seed phrase
so why did they lie

>>54991840
Bump for viz - smart anons, what do we make of this?

So what is current best practice for the average six figure hell retard? A Gnosis Safe 2/3 multi-sig?

>>54992109
Reads as semantics / wordsmithing to me.

They mean that they promise that THEIR firmware will never do that. And only firmware signed by Ledger's private key is allowed on the device. And because you trust Ledger (you do, don't you?), therefore "a firmware update cannot extract the private keys from the Secure Element". QED.

Well, obviously not. This new feature literally proves that it is technically possible for the seed phrase to leave the Secure Element via firmware.

Apparently this is only for Ledger Nano X. Just checked my Nano S Plus and there’s no option for the update. I suggest downgrading even though there’s less storage

>>54992194
There's a chance the S isn't technologically capable of generating the shards, but in any case you should be making plans to get off Ledger anyway

>>54992214
I’m not jumping ship like a retard. Ledger’s team will likely be spending the next few weeks giving clarification and who knows if they even just reverse the entire policy and fix everything

>>54992194

Anon they do plan to update this for the Nano S Plus.

I bought a Ledger Nano back in 2019. At one point it died, so I transferred the seed that came with it to a Trezor. Does Ledger still have the ability to access my seed since it's one that originally came with their device (even though I am using it on a Trezor)?

(my ID changed, dang VPN)

>>54992194
Correct, at least for now.

Everything I said in the first couple of posts still applies though. The Ledger Nano S uses the same core architecture, with an upgradable BOLOS kernel.

>>54992194

>if firmware is compromised
knowing these retards, its a question of when not probability

>>54992238
No, as long as you never use the ledger again or never update its firmware.

However like I said in >>54992076, this is not something that is isolated to Ledger, I don't think. I'm pretty sure that all of these devices have upgradable kernels for their cryptographic coprocessor units.

And also >>54992088

>>54992292
Thanks, sir. Hopefully Trezor is still safu.

>>54991840
Dear diary- today OP was not a faggot
Thanks man, good thread

>>54992234
Lmao that's some military grade copium right there

Good bread.
There is no one perfect option so the best option is to spread your funds across multiple wallets operating on different systems to minimize risk. Never trust a singular company for anything.

>>54991840
Thanks my nigga, good fucking thread, I'm a third worlder, and actually spent money on a Ledger, my family went to USA and I asked them for a Ledger, spent 1/4 of my monthly salary to get one of these pieces of shit, taking my funds out of this device as we speak lmfao

>>54992270
The real question would be, why would ledger do this? They knew there would be backlash, they knew most users don’t care for a feature like that, and most people would straight up hate it.

WHY? WHAT’S THE INCENTIVE BEHIND THAT???

I think there’s something far more sinister brewing up…

>>54992177
if a firmware update can be used to exfil keys, whats stopping the us gov from going to all hw wallet manufacturers and demanding that they push malicious firmware updates for this purpose?

seems to me that anything less than multisig with at least one DIY open source wallet + extra seed word / passphrase is very insecure if this is actually true

>>54992432
>WHY? WHAT’S THE INCENTIVE BEHIND THAT???
US and UK based companies are in control of those 3 shards for your recovery.
If you're on their list, they can get your funds.
So the incentive is political power probably

>>54992432
Highly technical people are sometimes blinded by their own knowledge. They often take certain pieces of information "for granted" and assume that everyone else is aware too.

Like I said, the fact that firmware has direct access to the seed phrase, and the fact that firmware is not separate from the Secure Element (it's PART of the SE) was already public knowledge from the beginning, right there in the architecture docs.

So from the dev perspective, they probably didn't imagine that the Ledger Recover announcement would cause such a backlash, because to them, there was nothing "surprising" about the technical details behind it.

I tend to think that this feature is essentially innocent, and there is nothing nefarious going on here, at least today. Maybe I'm overly optimistic.

>>54992432
I think they just wanted to get in on the "subscription service" thing.
It's now standard in business to charge user $15 a month forever rather than just selling them something. Pure greed.

>>54992441
>whats stopping the us gov from going to all hw wallet manufacturers and demanding that they push malicious firmware updates for this purpose?
Nothing.

Whether that could actually be pulled off completely secretly, without a single whistleblower from at any level, from any of those separate companies, is another story.

Trezor is also open-source, but like I mentioned here >>54992088 I don't know if there's actually any way to "audit" or "prove" that the device you receive in the mail is following that open-source spec.

>>54991840
Lol this is why I use Coldcard. Separate secure element.

this reads like a cybersecurity nightmare lol

>>54992557
I highly doubt their business intelligence person didn’t warn them about no customers wanting that shit service. Their main revenue comes from hardware wallets, why the fuck would they kys themselves by offering a service that shows the product driving most of their revenue is flawed?

WHATS THEIR INCENTIVE NIGGER?????

AASAAAAAEAAAAXAAHHHHHHHHOHHHH

>>54991840
>/biz/ tells me to get a ledger
>ledger leaks my info
>get scam letters, calls and emails by pajeets (even threats)
>already had to change my mobile number and email because of how much spam i was getting
>now this

thanks biz!
very cool recommendation!

>>54992619
I mean yeah, their marketing research fucked up big time.

I believe them when they say that there are actually many people out there who would like a service like this. And a service like this is definitely going to be needed if you ever want "the masses" to get into crypto (or maybe you don't, which is fair enough)

But this backlash should have been seen a mile away.

>>54992646

lmfao

>>54991921
Trezor's Shamir Secret Sharing is different
It just generates multiple seed phrases for you that can be later combined, but they're never broadcast from the device.
Ledger generates multiple seed 'shards' then uploads them to their cloud

>>54992587
That's cool, how are private keys derived from the seed phrase? What about signing data with a variety of different algorithms, ciphers, block modes, and other parameters? Are you saying that is all hard-coded / baked into a separate hardware unit that can never be upgraded?

If so, how does coldcard handle new networks or network upgrades that require something new cryptographically?

Ah, I'm reading up on it... Bitcoin only, okay that makes more sense then. Of course if BTC were to ever update its algorithm (for quantum resistance), then all existing coldcards would be useless, and new hardware would need to be created. But that all sounds like a good thing to me

>>54992781
It's the same scheme, Ledger uses SSS for this too.

But yeah Ledger Live (application layer) then takes the shards and sends them to different KYC entities.

So I've got a ledger I haven't used in a few months. What should I be doing? I've read the thread but no background info on what has happened and not very technical.

So the nano s is safe?

Also maybe OP could be a hero and discuss the raff of accusations from a few weeks ago that said people's ledger cold wallets were getting wiped out in spite of yadda yadda never exposed password. Was that fud or related to this?

>>54991840
>>54991847
>don't use an open source trezor
>they leak your private keys
>trust our secure element, goy

>>54992883
Should be getting another non-ledger wallet and transferring everything there.

>>54992883
Everyone who buys a hardware wallet was already implicitly trusting the vendor/company anyway.

Once you get it in the mail, there is no way to prove that the device works the way they say it does, and that's true for Trezor too.

So "what you should be doing" depends on whether you continue to trust the company that shipped you the device. Because nothing really is changing here as far as threat model goes.

>>54992910
that was kinda BS
it happened, but there was 0 proof it was related to ledger or cryptography and it likely was human (user) error

but this one is the real thing
only reason i haven't moved everything away already is because i staked my LINK from my ledger wallet, so now 50% of my networth is compromised

>>54992910
Sorry, I don't know for sure. But from what I've read, it's most likely related to the recent LastPass breach.

You can bet that attackers are busy brute forcing LP master passwords as we speak. Once they crack one, they see if any seed phrases were stupidly stored in there.

And even if not, a breach of someone's list of passwords may lead to the seed phrase indirectly. Maybe via a google login, where someone e-mailed themselves details on how to get/reconstruct the SP. Or maybe just plain social engineering, like using compromised accounts to convince other people to give up pieces of a multisig. Etc.

This seems like the most likely culprit to me because of how widespread it was, like there wasn't any one variable that people could tie it down to.

>>54992924
You have no guarantees that the Trezor you receive is only populated with the open source software. There are trust assumptions in both cases.

>>54992947
You should probsably et up a 2/3 gnosis safe multisig and keep your ledger as one of the keys. It will at least secure the rest of your folio .

>>54992652
>I mean yeah, their marketing research fucked up big time.

I doubt that actually. Their marketing research probably showed that the people haven't already bought a hardware wallet or Ledger so they can engage in DEFI and other dapps are those people who are afraid to self custody.

They are likely targeting an untapped market and probably figured that MORE people are afraid to self custody than those who have already bought a Ledger. It actually makes the most business sense even though its morally bankrupt.

They can attract the masses now AND charge them a subscription. I'm more interested in the timing for their announcement. I doubt they are that hard up for profits or failing so its either

Government legislation that is coming and they are somewhat privy to which is driving it

or

They believe liquidity and then retail will be return to crypto soon so they are getting ready to be able to onboard them somewhat ahead of time.

>>54993275
Yeah, some combination of that is likely.

I still think this feature in and of itself is pretty innocent, it's just another way to backup your seed phrase. You could do the same thing today if you wanted to with SSS and give one to your attorney, one in a safe deposit box, etc.

Where I'm saying they "fucked up" is more that they didn't foresee the obvious backlash coming from the current users, the vocal CT/reddit crowd. Because technically speaking, nothing new or "surprising" was revealed with it, at least from the Ledger devs' perspective. This upgradable BOLOS kernel has been public knowledge from the start.

>>54992905
It's discontinued so you should be fine. But look for another wallet altogether.

>tl dr
i should just buy a trezor and never look back right? i have a ledger nano x

>>54991840
Please I want everyone not to panic please. I dont work for ledger, but please I think everyone is actually overreacting.

Selling and moving all your funds off the ledger device is not recommended. Please its going to cause congestion. I think if we can take a minute to just level ourselves. No, ledger doesn't have access to your keys and NO we cannot access them willfully. The original poster is trying to stir a panic. Honestly, KYC is really good for the crypto industry as a whole and being able to prevent malicious payment to say financial terrorists is of the utmost importance. Again, we cannot access your seed phrase and the original poster's claim about ledger's device being open to malicious software is false.

>>54993609

>>54993580
Sure, if you don't trust Ledger and you do trust Trezor.

But it's really not any different with a Trezor from a technical or threat-model perspective. Ctrl+F ITT to learn more.

>>54993609
>we

>>54993676
it's a derail post from a troll who can't stand a 60 post thread with nobody being a retard. Don't feed it.

>>54993497
such as?

>>54993698
Apparently (I have not confirmed this) Coldcard's secure element is completely separate and cannot be altered/upgraded by firmware

How do they accomplish this without crippling their product and user-experience? Easy, it's Bitcoin ONLY, nothing else.

>>54993015
>You have no guarantees that the Trezor you receive is only populated with the open source software.
How do you feel about making your own trezor out of a raspberry pi?

>>54993713
what about my shitcoins sirs

>>54993748
Seems to be an option, with caveats...

I mean there is no secure hardware element that way, it's literally just an SD card or regular onboard memory if any. So better use a GOOD long passphrase that would be difficult to brute force, and even then...

>>54992432
they dont care about the users that already bought. they care about the new wave of retards they can swindle. a wave that doesnt care about the fundamentals because it takes more than 6 seconds to understand

>>54992619
Pressure from feds

>>54992818
Coldcard doesnt support anything but Bitcoin, on purpose.

For ETH and stuff, DeFi in general, I use my warm wallet. Real funds live on BTC coldwallets.

after reading this thread I'm just going to stick with my ledger. way too lazy to do the airgapped laptop thing and I'm probably going to fuck it up and expose my keys anyways

Imagine trusting any kind of proprietary soft and hardware

People thinking this is truly secure are retarded to begin with

>>54994734
>just build your own chipsets from sand and twigs, bro

>>54994737
The software and hardware being open source is the bare minimum, you retards discuss a "new" Feature even though like OPs said the firmware was capable of it all along, you dont know what their firmware can or not and will never know, same with their sw signing you cant verify it, if the firmware would be open source this would have been clear from the beginning, together with the hw schematics

>but you cant be sure what the manufacturer builds and delivers to you even with open hw and sw
If you can compile and flash the delivered hw yourself you can be sure its the right sw, if the hw is open source ideally there are multiple manufacturer you can choose from (or order it yourself in china, min. Order size for a custom pcb is only 5)

The 3 things they mentioned was, making it open source idk if while ledger or just this the 2nd thing was not sending shards to them but to selected family and friends as an option 3rd it doesn't touch the seed unless you insert the pin and something about for it to even be able to transmit the shard you have to op in first

>>54991840
>you still need to physically unlock the device
?? No my wallet is my seed and I can access via any app.
Ledger said my seed isn't stored anywhere. They lied.

>>54992076
So what's the best method to store your keys that's not overly complicated tech wise?

I use a ledger but Ledger probably secretly sends your seed to their server along with an IP address and any other information they can gather. I mean how would you be able to know otherwise? Surely this has always been a possibility

>>54992269
Nano S bros, we can't stop winning!

>>54992194
The problem with Nano S is the stupid OLED screens fuck up after a few years. They become really dim and you can barely read them. You can view it through a camera and increase the gain to improve this but it's a pain. I hadn't touched mine for ages and when I came to staking my Link it happened. You can imagine my delight.
Am considering plugging the seedphrase into a Trezor and going down that road instead but will wait until the dust settles on this episode

convenience is lazyness and leads to abuse

Alright so we back to paper wallets and shit?

>>54995124
core on a pi is good enough

So if I'm looking to get a Trezor, should I generate a whole new wallet or just import the old Ledger one?
Fucking stupid French cunts.

>>54991840
Hey OP, you're right but you're missing out on half of the puzzle.
>Pic Related

So here's what happens next
>Ledger employee device gets compromised via compromised MSI update
>Compromised employee device then used to upload a compromised update to ledger servers
>This update pushes to all ledger users
>everyone who's updated gets "opted in" to the new recovery feature regardless of how they actually choose
>the hacker now has your keys

>>54991840
>just trust us, bro

ask the native americans how that worked

>>54991840
>>54991847
I don't know on what part of the linked picture or technical documentation you are basing your conclusion that it was always clear that a firmware update would be able to exfiltrate the seed.

op is the perfect example of a midwit, and the exact target market ledger has

in reality:
every hardware wallet requires some level of trust
ledger, since 2020, has proven they can't be trusted in any capacity

that's all you need to know

https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks
For example here they write:
>Ledger devices use the Secure Element to generate and store private keys for your crypto assets. Thanks to the mechanics of the Secure Element, these will not leave your device.
IMHO this strongly implies that the secure element makes it impossible for private keys to leave the device.

>>54996150
>>54996204
he, like all the other midwits, fell for marketing

secure element or not all hardware wallets have the same software attack surface, the hardware differences only change for physical attacks.

under operation, a ledger is no more secure with a secure element than a trezor. they're both at the mercy of software bugs via the wired method of communication.

And what about the claim I highlighted here?
>Once the device is initialized, there is absolutely no way to retrieve the seed.
Except through a firmware update teehee!
(https://donjon.ledger.com/threat-model/os-seed-confidentiality/))

Also OP is a stupid redditor lol

>>54996193
Why do people not get together and make a hardware wallet that is completely open source (both hardware and firmware)? I don't see why it is hard to do, I am an electronics engineer and would be happy to contribute to the design of the electronics / PCB itself (i have contributed to other open source hw projects, e.g. arduino). Then anyone could get the original gerber files and send it off to a PCB manufacturing facility in China, get the PCB, solder the components on to the board and put the firmware on it.

This would make it a completely private hardware wallet - completely open and auditable by you.

>>54996469
you don't need to, in the age of raspberry pis and all the other smaller boards without wifi/bluetooth this is already how people do it

>>54996486
Well sure, there are DIY solutions, but there is an obvious market for dedicated crypto wallets running on custom hardware that are maybe more compact / easier to use than a hacked together raspberry pi solution.

Why haven't there been any open source projects like this (atleast, those that I've heard of)?

>>54996502
trezor is that, fully open source

>>54996594
Cool, I didn't know that.

>>54994772
Yeah making a true hardware wallet with an actual separate secure element chip would be best.

This is more outside my wheelhouse but it should be possible for the average techie these days. You can get custom PCBs and chips made and all that. I'm not sure if a general purpose programmable chip would work, unless there's a way to "lock" it in someway

>>54991840
>your pin/passcode. 3 failed tries, and the Ledger wipes itself clean.
wtf???
thats crazy

>>54992566
>worker of the year.webm
after unlocking the true Good Ending: plot twist it was all Bud Light (sometimes rebranded in new cover brands)

>>54997000
Probably you could do it with exactly the same secure microcontroller that ledger uses, just with a better design
>https://www.st.com/en/secure-mcus/st31-arm-sc000.html

>>54996640
the problem is supply chain attacks, and you can't get rid of those
if i think you're buying a device to use for crypto, i can just change it so it thinks it's running legitimate software but actually generates a master key i already know, or slowly leaks your master key in parts to the blockchain whenever you send a transaction.

the solution is creating the software for these wallets in the open, as trezor did, but then making sure then can run on a huge variety of genetic devices from raspberry pis to cheap laptops.

>>54994913
>Ledger said my seed isn't stored anywhere.
...no, they never said that. The seed obviously needs to be stored somewhere.

>>54994955
Simple STORING your keys is much simpler. But that is not really the use-case of a hardware wallet like this. A hardware wallet is meant to be as secure as possible while STILL being able to interact with your keys to sign things.

If you don't care about being able to access your wallet easily or sign things, then great, just store your keys / seed phrase and don't worry about any of this!

It doesn't have to be overly complicated, but if you do anything that requires a computer, then make sure it's a temp airgapped one. You can accomplish this with a USB stick with Linux on it, that you can just destroy afterwards.

For example you could encrypt the seed phrase with a strong password that you will remember. Then you can safely store the encrypted ciphertext redundantly in multiple places (still never let it touch a computer with internet access though, just in case)

Or you could do the same SSS scheme and split up your seed phrase into encrypted shards, then store each individual piece separately, redundantly, and securely.

>>54996079
This is why I carefully worded it to say
>the firmware is signed by Ledger's private code signing key
Not that it's necessarily signed "by Ledger".

Because yeah, if their private code signing key were ever compromised, then an attacker would be able to create malicious firmware that appears completely authentic to the device.

However, you're wrong that it can be "pushed to all ledger users". That's not how it works. In order to update the firmware, the user has to connect their device, unlock it with their PIN, and then physically press the button to consent to the update. So it's still possible via social engineering, but it's not an "automatic push".

>>54991840
So trezor would have been the right buy

>>54992924
It's funny, because four- five days ago I made a thread about noticing how the company Ledger consists of mainly jews.
Sadly I noticed after ordering it.
My Nano S came yesterday and today I see this news.
Pretty much everyone on here was telling me i'm just being paranoid and there's no way for the jews at Ledger to get my keys.
Kek

>picrel
Marked everyone who looks like a jew with a pink dot. There are even some I overlooked, but I don't care enough to paint them in.
Yeah, with jews you lose.

>>54999309
you bought it after they leaked everyones info in 2020?
you're the only midwit here

>>54995036
Oh your still losing. You just don't know it yet. If they can do this to the newer models they can do it to nano s too.

>>54991840
Oh look, OP delivered, and biz is not filled with faggots. good thread anon.

>Operation system
Holy fuck am I bearish

>>54991840
>>54991847
FYI this was just confirmed by Ledger a little bit ago.

>It's not like this possibility didn't exist prior to Ledger Recover
>Ledger has many """layers of governance""" and controls that """eliminate""" the ability for malicious firmware to be deployed.
>Under no circumstance do those layers of governance and controls change with the introduction of Ledger Recover.

>>54991847
>Basically, most people out there (especially the most vocal ones on twitter/reddit) were operating under faulty assumptions from the very beginning.
You mean trusting lies straight from Ledger which we now know are lies.

>and are mad at Ledger for "betraying" them.
For lying to them, yes.

>And that has always been true, this new feature doesn't change the threat model
yes, but between the e-mail/address/phone leak which still threatens Ledger owners to this day and now how Ledger is handling this and even outright lying shows that there are some bigger problems with how they operate and people like me are re-evaluating their trust with them as a company.

>>54999309
>all the good looking people are jews
Get outta here rabbi.

>>54991840

Collision? Impossi…. https://threatpost.com/flame-attackers-used-collision-attack-forge-microsoft-certificate-060512/76648/

Basically, what everyone is skirting, is that most likely the government or some power that is be could get your coins because the ability to do so DOES EXIST as opposed to NOT EXISTING.
It's over for ledger fags. (me)

>>54992619

they have already sold hardware wallets to almost everyone that wants one. Now they want something to sell to normies as well. What they should have done is created a totally new device within Ledger Recover built-in, but I guess that would have cost them more money

either that or they've been glowied

Tldr should have used trezor retards

>>55001961
WOW IT GOT CONFIRMED?
BY THE LEDGER TEAM ITSELF?
HOLY FUCK I GUESS WE REALLY OVERRACTED AFTER ALL!

>>55002797
Yeah pretty much agreed.

That old tweet is not factually correct. The very fact that they CAN add this new "Ledger Recover" feature to old devices via a firmware update proves it. And confirmed now by Ledger as well, earlier today: >>55001961

Whether it was a straight-up intentional lie or not, I don't know. More likely it was written by a lower-level support tech that didn't know all the details, or something like that.

>>55003062

perhaps you're not old enough to remember that trezors were "hacked" at hardware level once. Ultimately you still have to trust that that the hardware trezor sends you has not been compromised

Jesus Christ, this thread is full of severe autism. I ain't ready every post. What I want to know is... Is it safe to use? Low IQ answers only.

>>55003387
>Low IQ answers only
this is not the thread for you fren.

>>55003387

Fine I'll give you a simple answer. Its not safe.

>>54995036

Your not winning anything. lmfao.

See >>55000636

>>55003387

based on your post, I'd say it's safe enough for you

>>55003387
The Ledger company has the capability to release firmware that can extract the seed phrase from your device. Nobody else can, as the firmware must be signed by Ledger's key (unless that gets compromised in the future). Whether that is "safe" enough to you is for you to decide.

FYI this is true for Trezor too. The "secure element" works the same way, the firmware must access the non-volatile memory in order to manipulate the seed phrase and derive private keys in various ways for various networks/coins. Applications can NOT access the non-volatile memory, only the firmware.

However at least with Trezor the firmware is open-source, so you can check it out, inspect the code yourself, and build it directly from source. You can even build the hardware yourself too with a raspi, but of course then you have no secure hardware element, it's just a naked SD card.

>>55003578
Additional information on Trezor firmware...

So yes you can build your own firmware from source and load it.

However, if the firmware is not signed by SatoshiLabs, the Trezor hardware will COMPLETELY WIPE the device before loading it. It will also pop up an "unsigned firmware" warning every single time you plug it in.

So every time you want/need to update the firmware, it will be wiped, and you'll have to input your seed phrase again. But it makes sense why.

I think having read around the subject I will set up a multisig, using maybe 3 different hardware wallets, does this seem like a secure solution. Flashing open-source firmware onto my own generic hardware is, i think, beyond my capabilities

>>55003839
Yeah that's probably a good idea. Hardware wallets from different providers too.

If you're talking Bitcoin then it's simple, as the protocol supports multisig natively.

If you're talking Ethereum then you are presumably using/deploying a multisig contract for that, so you need to trust the integrity of the smart contract code.

does anyone have experience with the Lattice1?

This service is bad for a different reason. Ledger is struggling and needs to make funds somehow. A subscription service is their "how".

>>55004396
Lattice is by far the most convenient, for at-home setups.

The large touchscreen makes it super simple to interact with, plus when you approve a transaction, all the minute details will show up on the screen, including individual function parameters (if the contract has a discoverable ABI).

It also supports multiple seed phrases via its cards, essentially hot-swappable hardware wallets (the secure element is the chip on the card). So you can easily make multiple backups or entirely different accounts that you can switch between on the fly.

However, the firmware is closed source.

Also, if you use one, then run a local MQTT broker instead of using GridPlus' service. https://github.com/GridPlus/lattice-connect-v2

GridPlus deleted this tweet lol

>>55004858
The moral of the story is you basically have to set up a gnosis safe multisig and then use a HW or multiple HWs as signing keys within it.

>>55004858
>>55001961
>>54996359
jesus fucking christ are all hardware wallets compromised??? what the fuck did satoshi use?

>>55004871
Yeah.

Even there you are trusting the integrity of Gnosis' contract code. But that is pretty damn battle-hardened by now.

Still, it's not foolproof. A complete backdoor exploit vector for new deployments was found in 2020 (admittedly a long time ago).

So be very careful how you deploy your new Gnosis multisig. For example, you could deploy a complete standalone contract yourself, rather than relying on the proxy service (which is much cheaper in gas)

>>55004958
Kek that's a damn good question.
We are yet to face the wrath of the quantum computers, I really wish the quantum resistant blockchain that is eco-friendly and innovative goes live soon.

>>55004958
Satoshi went dark in 2010, the first hardware wallets didn't even exist until 2014

>>55001961
Oh yeah and this lol

>tfw too retarded to understand 90% of the shit posted in this thread
I just wanted to buy some blue chips cheap and keep them safe on a hardware wallet
I'm too dumb for crypto bros

>>55005527
NOOOOOOOOOOOOOOO SIRS

PLEASE FOR TO TAKING US OUT OF CONTEXT SIR FUCKING YOU BENCHOD

>>55005577
tl;dr - Ledger as a company are fucking idiots and just announced they've backdoored every single one of their hardware wallets "for your safety and convenience". Whether that backdoor is ever used is up to whether you agree to it or not by using or not using their recovery service, and also by whether or not their software ever gets pwned and someone uses it maliciously. For most people that use a hardware wallet and have more than two braincells to rub together, this is a completely unnacceptable risk and would prompt them to store their crypto elsewhere and stop using or recommending that others use a Ledger. For retards or people that trust Ledger to be infallible, they're still fine to use.

As for me, if I had any amount of crypto worth actually caring about I'd either keep it on an exchange that was 2FA'ed and hope they never rugged me (lazy, still very secure, have someone to sue in the event things go wrong) or make my own hardware/software/paper wallet to store my shit on (far more involved, as secure as I am not retarded, everything is on me and if I fuck up I have noone to blame but myself). Personally I think any social recovery services are retarded and would never use them, nor any other recovery service, but in the event I'm rendered braindead or struck with memory loss everything I would hold would stop existing for all intents and purposes. Which is fine by me. Those are your choices and that's as simply as it can be explained.

>>55005577
If you want to just STORE your keys, that is much simpler. See here >>54997107

However, if you want the ability to easily sign things (send funds, interact with contracts, etc), a hardware wallet is the most secure option.

Trezor and all the other hardware wallets work the same way. Malicious firmware can technically access the private keys and do whatever with them.

However, with a Trezor you can build the firmware from source yourself, then load it on your device.

Furthermore, you can build the hardware yourself with a raspi. You're not working with a secure element at that point, just an encrypted SD card. But you will still have a working hardware wallet that you can trust since you built everything (well, as much as you trust yourself anyway), and that you can safely connect to your computer and use.

So if you want an actual hardware wallet, with the least trust possible given to corporations, then this is your best bet.

>>55005720
On top of that, other anons made good suggestions to use multisig, with multiple hardware wallets.

Bitcoin multisig is native to the protocol.

However with Ethereum you are using/deploying a smart contract, so it's only as good as that code and deployment method. See >>55004971

GridPlus also just said that they are open-sourcing their Lattice firmware.

Unknown if you will be able to actually load self-built firmware onto a Lattice though, seems doubtful at least for all existing Lattice1 devices. So open-sourcing is kind of useless since you still have to download GridPlus' signed firmware binary and trust that it's using the exact same open source code.

>>54991840
>>54991847
>>54992076
Podcast today with the ledger CTO and he confirmed everything OP said, including that its the same exact thing with trezor and all other wallets too. Basically the code that touches private keys _has_ to be upgradeable to fix security vulnerabilities in encryption algos or add new features, always has been
https://youtu.be/X7WjuxE6K5w

>>54992292
But what if the current and previous firmware is compromised and ledger or someone else already got the seed? We have no way of knowing

>>55007126
The current firmware runs on binarys so it can be easily compromised by the quantum computers.
I am waiting for an L1 to go live that will ensure security against this quantum threats with its quantum-resistant blockchain tech.

That's why I keep my coins on an cex.

>>55000636
>>55003481
The functionality isn't even offered on Nano S.
That means the hardware simply isn't compatible, because they seem to really believe in this seed backup thing.

>>55007990
you bumped this dogshit thread to post more bullshit
they explicitly said they aren't supporting it, but that it could be supported in the future

if you didn't realize after they failed to protect everyone's personal info anything ledger offers is compromised and deigned/developed by the incompetent

>>55008066
>they explicitly said they aren't supporting it, but that it could be supported in the future
Source?
Everywhere I'm looking the Nano S is explicitly excluded from this functionality.

>>55008128
the architecture is the same, all ledger devices are compromised on a hardware level
using ledger devices requires 100% trust in the company that leaked your personal information and then lied about it

you got played.

>>55008207
>the architecture is the same
If that were true, they'd just add this function to the nano s

>>54992243
Hey OP, would it bew possible to use the open source Trezor code on a Raspberry Pi to make our own hardware wallets?

>>55008245
and they said they're planning to

You cannot win
For every satoshi you save, the government will confiscate a million more

>>54991840
the private key is not just exposed to the firmware, its exposed to any app running on the ledger. everything they said about the secure elenent was a marketing lie

>>54991847
lying cunt

>>54992238
for all you know they could already have sent ur private key to a ledger database the first time you used the device

>>55008409

the s plus. they have explicitly said they are not able to add it to the s. i still wouldnt trust them though

>>55008347
Yes. See >>54993842

I originally said that it differed from the actual device because there's no Secure Element. However now after reading up some more, I learned that Trezor DOES NOT EVEN HAVE a Secure Element at all.

So yeah, go for the raspi, it's not much different. Your seed phrase is literally just encrypted on a naked SD card, as long as you're okay with that and you make sure to use a good strong passphrase.

>>55008727
That's not true. The applications run in sandboxes that can only read data through specific API calls that the firmware allows.

If you have a source for your claim, link it

>>55008742
Yeah this old tweet is being thrown around everywhere. It was basically a support tech who didn't know all the technical details.

See here, plain as day:
>>55005527
>>55004858

>>55009746
>If you have a source for your claim, link it
ledger said on twitter that the new firmware is not whats allowing the exfiltration of the seed /private key

>Yeah this old tweet is being thrown around everywhere. It was basically a support tech who didn't know all the technical details.
>See here, plain as day:
Yeah, they used to say the opposite. They lied. Their marketing used to say that the private key / seed could not leave the secure element but it was a marketing lie all along.

>>55009629
I don't know whether Ledger Recover support will or won't eventually come to the Nano S.

However, it definitely does not change the fact that the core architecture (and threat model you agree to) is the same. Yes, even on the Nano S, the firmware has access to the seed phrase, and malicious firmware could extract it, technically speaking.

>>55009786
>ledger said on twitter that the new firmware is not whats allowing the exfiltration of the seed /private key
Where? Sounds like more semantics / wordsmithing if so. Only the firmware has programmatic access to the seed, and the new firmware update is definitely what is allowing the seed to be sharded and then sent out of the device. However, that is separate from the sandboxed applications, which have no access to the non-volatile memory that the seed resides on.

To be clear, I'm not trying to defend Ledger or anything. Just trying to get down to the facts

As far as "marketing lie" goes, yeah, pretty much. Technically it was true given the assumption that the firmware would never allow that, which is a big assumption. However people took that to mean that it was literally not possible ever at the hardware level, which was always false.

>>55009886
>Sounds like more semantics / wordsmithing
They are good wordsmiths, everything they say is pilpul.

>Only the firmware has programmatic access to the seed
No, all the apps have access to the seed / private key.

>and the new firmware update is definitely what is allowing the seed to be sharded and then sent out of the device
You have zero evidence that the firmware was not able to do this previously.

>To be clear, I'm not trying to defend Ledger or anything. Just trying to get down to the facts
You're probably lying here as well.

>Technically it was true given the assumption that the firmware would never allow that
Again, you have zero reason to affirm that.

>>55005599
check'd
and that was a dumbass tweet, fire their PR team.
>>54991840
worried about hackers? no
worried about the US government getting the key from ledger and confiscating wallets? yes

>>55009970
You need the 3 shards though. Your 3rd shard lives in the ledger.

>>55009996
yea so, just imagine
>FBI detains you for whatever reason
>they have your ledger somehow, maybe they raided your house, maybe it was on you, I don't know
>FBI writes firmware with ledger auth token
>FBI updates the firmware on your ledger
>FBI recreates your wallet some where in their control instead (don't need your pin)

>>54992925
i mean, yeah probably you're right because ledger has demonstrate their incompetence more than once, but the gist of the thread is that all hardware wallets suffer from the same vulnerability. even open-sourced wallets can have their keys extracted by a malicious firmware update, and that's discounting the trust you have to place in the organization putting the hardware together. so even if you build one yourself using off-the-shelf parts, you're still open to the same vulnerability that everyone's so mad at ledger for exposing.

tl:dr there seems to be no way to maintain a modicum of convenience completely trustlessly.

>>55009996
The 3rd shard is not in the ledger, it is custodied with Ledger the company. The other two are custodied with Coincover and one other KYC entity (likely EscrowTech)

>>55010047
You still need the PIN. You can't update firmware unless you unlock the device first, this is hard-coded into the secure element bootloader.

Of course unless there's some other backdoor they added for feds, who knows

>>55010084
I think people inc. me are mad b/c Ledger took several years' worth of revenue before 'fessing up to your last sentence.
They very much obfuscated the difference between security via chip and security via firmware.
Nobody's mad that Trezor could push a firmware update, so it's on you how much DD you do before running the code.

>>55010103
>this is hard-coded into the secure element bootloader.
I didn't know that.
but yea, if Ledger gave them their auth, they definitely would also give some way to circumvent the pin as well.

>>55010103
You need all 3 shards and the only way to decrypt them is inside the element on your ledger

>>55010967
First of all, the decryption happens inside the element on ANY ledger, not "your" ledger. The service is advertised as a backup that is recoverable even if you lose your device.

Second, I haven't seen anything that says that the ONLY way to decrypt them is inside of a Ledger SE. They are just using Shamir Secret Sharing, which is rather simple and well known (Trezor supports it too). All that is required is to possess a certain quorum of the shards, and the secret can be decrypted.

>>55010967
>You need all 3 shards
Also you only need 2 shards, not all 3. Not much of a difference for the purpose of this discussion, but still

so glad I use Keystone

Well fuck me.

>>54991840
>>54991847
You are missing the point.
People are not concerned about someone injecting a bad firmware.
They are concerned with the official firmware *GIVING YOUR SEED PHRASE TO LEDGER LIVE ON REQUEST*
Its really not that complicated, before:
>hack the device to accept unsigned firmware and retrive the seed
now:
>call a reverse engineered giveSeedPhrasePls() from ledger live
And you might be tempted to say
>giveSeedPhrasePls() does not give seed phrase, it gives "encrypted shards"
*THAT'S THE SAME THING WITH ONE EXTRA STEP*
*LEDGER HAS DATABASE LEAKS ON THE REGULAR*
*THE PRIVATE KEY FOR THOSE SHARDS IS TO BE ASSUMED COMPROMISED*

Are you retarded mongoloids really that fucking retarded or are you getting paid to misinform people?

>>55010967
>the only way to decrypt them is inside the element on your ledger
WRONG
The private keys to decrypt those shards are held by ledger on their porous databases.
Imagine trusting a company with a history of data leaks to keep those keys safe.

There’s a community initiative $FuL fuledger.build that aims to fix this by building an opensource DIY alternative.

>>54991840
>Ledger is a french company
>uses BOLOS architecture

>>55013074
No. Ledger Live, or any malicious software, cannot get the sharded seed phrase by itself.

You would still have to approve the operation on the device by physically pressing the buttons.

And LL or other software cannot control what messages pop up on the device. That is governed by the device firmware.

>>54991847
>Yeah bro its just reddit freaking out. Tch.
>You should totally be cool and keep your seeds on our shitty hardware goy- I mean bro.

>>55013227
And you know this because the hardware/firmware definitely does exactly what Ledger claims it does and nothing more? There’s zero chance of a backdoor that can call redeemSeedPhrase() without physical confirmation?

>>55013420
Sure, if you're going there, then yes, there is always the possibility that the hardware or firmware has backdoors for the feds or whatever.

That also goes for Trezor and every other hardware wallet out there. Does not matter if the firmware code is open-source, because when you receive your device in the mail, you have no way of knowing or proving whether that device follows the same specs. When you go to update firmware, it doesn't matter whether it's open source, because the firmware you download is likely just the SatoshiLabs signed pre-built binary from their website.

With Trezor you CAN build the firmware completely on your own from source, but even then you are still trusting their hardware device to not have backdoors.

If you want fully maxed trustlessness with a hardware wallet, then also build your own hardware device (e.g. raspi), then compile the firmware directly from source and load that. See
>>54993842
>>55005720
>>55009724

If you want to go even further, then don't use a hardware wallet. Use an airgapped computer where you sign transactions on, then securely transfer the signature to your regular computer and broadcast it to the network from there. If you're using a USB stick to make that transfer, then make sure you use a completely fresh USB stick for every single transaction you want to make, and destroy each one afterwards.

>>55013154
>it's real
that's pretty hilarious

>>54993015
Never keep your eggs in one basket. I think that it's a calculated risk.

>>55013608
>no, that's false
>ok ok it is right but all hardware can be backdoored!1!!1!
obvious ledger kike shill

>>54992495
Is this the same guy?

>>54991840

>>55018051
Fucking majestic, look at him go

>>55018318
kek

>obvious ledger pr thread still up

don't listen to anything from FMNYm6ub or NkWqZY5O, its not worth your time.

all of ledger's products require your full trust, they're all entirely closed source black boxes, and nobody that's been around for more than a few years trusts or respects ledger.

if trezor or bitbox isn't secure enough for you despite being fully open source you need something more secure than a hardware wallet like a different computer or diy solution.

all hardware wallets are a security middle ground, a compromise, and ledgers sit now at the very end with the rest of the untrusted chinese manufactured wallets

>>55009629
>not able to
they never said that. it's simply a business decision: nano s has very little memory so it would require a ton of code optimization to retrofit the code. and they don't even make new nano s's anymore.

What's insane is these retards were hyping this 'feature' and thought it'd make more customers happy, ceo was trying to shill the 'next big release', kek it backfired so hard

>>55019585
Not his problem, you already bought your ledger, not like you were going to buy another anyway

>>54992489
The most based reply in the thread and also most ignored.

>>55019585
>proudly announce that they can get to your seed phrase with some firmware
>"they'll love this!"
What the fuck were they even thinking.

>>55012357
But apparently its the same with Trezor ust open source

>>55019237
Most of what I said is actually damning to Ledger, not defending them. This whole thread is showing why Ledger fucked up, and why DIY Trezor is the best option if you want to maximize trustlessness. I agree with everything you said, and I don't think anything I've said ITT contradicts that.