/biz/ - Business & Finance

>>54984386
so it's twice the price of a trezor model T and all it does better is having a larger display?

Why not just get an ESP32 like picrel for $3?

Still using this lil nigga.

>>54984386
>now that Ledger fucked up
quick rundown?

>>54984543
Macron gets a copy of every ledger seed.

>>54984560
Source?

>>54984543
They added a $9.99/month recovery service where 3 encrypted shards of your seed is sent to 3 different custodians.

It seems fairly secure but it means that their actually is a method to export the seed from the device, where the entire point is for the hardware to never even be able to expose the seed.

>>54984543
Ledger added a recovery service that is optional which requires ID to get back your wallet in case you forget your password.

Bizz is shitting themselves even though it's fucking optional. It also makes sense that you need an ID if you are a retard and forget your password.

A pen and paper password book will utterly rek the jews in this case because they can't see it online.

>>54984639
>>54984689
the point is not even how it is stored externally in the end, it's that this "service" makes use of a novel feature in the new firmware that allows the ledger to expose the seed to the computer it is connected. this is a fundamental design flaw in a hardware wallet, which should only provide signatures to the computer, never the private key itself. doesn't matter if you "opt-in" or not, if they want your seed phrase they can now extract it from your device.

>>54984639
Top fucking kek. Just took a peek on twatter and leddit and they're all freaking out. I guess that explains why they had free shipping and free bitcoins when you ordered one this past few days because for some reason they desperately wanted people to buy em before they released this announcement.

>>54984764
yeah totally right, the recover service would be fine if it was completely separate from the device, and it could work for any seed too. But they just had to integrate it for some reason.

>>54984386
>>54984543
If you have atleast one braincell you would have never touched ledger, NEVER

They fucked up big time before, shouldve gone banrkupt after that, just look at their privacy policy, they STORE every transaction you make through their software for 5 YEARS

Stay away from ledger you fucking retards

>>54984386
Why not just stamp your seed phrases on to a piece of metal using a cypher you won't forget?

>>54984475
>BRO JUST BUILD YOUR OWN LEDGER. JUST BUY A ESP32 FOR $3 AND SECURE IT YOURSELF AND JUST TRUST YOURSELF TO BUILD A SECURE SYSTEM AND PRACTICE SOLDERING AND

>closed source
>built by ethmaxis
oh no no no

>>54984843
Because you couldn't use it security. Hardware wallets are for actually signing transactions easily without exposing your seed.

And you have to store the seed anyway, so you could stamp it too for security storing it, then the device is for using it.

but why would ledger do this?
why would add a backdoor that allows someone to steal your seed phrase and be able to reconstruct your wallet remotely?
who would need the ability, to be able to confiscate your cryptocurrency, remotely?
criminals?
or is it the government?

>>54984991
because they're retarded and have always been retarded. there's a reason they got hacked twice, there's a reason they added bluetooth into their new hardware wallet, there's a reason their latest consumer trinket is a full screen display, because they hire people who think think nfts are important.

it's the midwit's wallet of choice

So what hardware wallet can I trust? Or do I just go the route of having my wallet on an encrypted, airgapped, computer. However, I don't trust Intel or AMD too much either.

>>54984991
>but why would ledger do this?
For more retail adoption unironically. The vast majority of people are too dumb to secure their own assets.
>a backdoor that allows someone to steal your seed phrase and be able to reconstruct your wallet remotely
Well on paper it's not that, but sharing shards of encrypted data of your seed so the dumb pleb can restore it again.
>who would need the ability, to be able to confiscate your cryptocurrency, remotely?
Someone who is dumb enough to lose their info and then want to recover their seed just with their ID, like normalfags do with other financial services.

>>54985038
i use trezor model t. works great. connects with metamask so its just like using metamask except I just confirm on the trezor too.

and just use a cold paper/metal wallet for stuff you're holding long term, then use a hardware wallet for your "hot" wallet for defi and stuff.

>>54985039
really, naw, I think it's just so the government can confiscate accounts they suspect of criminal activity.
yea, the seed is split on 3 networks and encrypted.
but you don't want that, as a consumer, you just commit the phrase to memory, make a silly sentence, and the wallet can't be recovered if you die.
protects your money, protects your life.
absolutely Ledger will give the seed phrases to the US government on request.
absolutely, they say it's opt in, but that seed phrase gonna be backed up anyways, it doesn't matter what they tell you, and there won't be any legal recourse if your wallet gets stolen.
and if you want to be able to use the recovery service yourself, you also pay a fee.
but again this is really the US govt getting control of things they can't control currently.

>>54985078
>i use trezor model t.
Don't even know why I wasted my money on that shit. Would have continued using Ledger and not seeking for a large display that make no sense. Would have lived in regret if not that I got Cashback of almost half the price after paying the money through CryptMi gateway.

>>54985038
Trezor gets a pass from https://walletscrutiny.com/ -- this is not an endorsement, just info.

>>54984764
Retarded, considering the whole point of hw wallet is that "seed never leaves device".

>>54984543
A group of hackers (probably Russians) leaked the seed phrases

>>54984858
If you're too stupid to flash a ready made firmware on that bitch you're too stupid to handle crypto period.

>>54985138
>but again this is really the US govt getting control of things they can't control currently.
Yeah sounds like it. Not just the US but the EU and Cucknada too. It's baffling that nobody in Ledger thought to themselves that this was a bad idea, almost like as if they were forced to do it by regulatory authorities.

>>54985210
yea, I hear you, it's mostly just walking through a gui.
but level of technical competence these days, I wouldn't expect even 1 in 10k people to make their own cold wallet.
flashing firmware sounds scary.
and before that, then they need to source the firmware, are they technical enough to know that that repo is safe?
are they technical enough to understand the concept of a wallet?
that being said, ima probably make a few myself, given that ledger is providing a backdoor for the government now on all future ledger versions.
>>54985264
>almost like as if they were forced to do it by regulatory authorities.
for me that's the only possibility is they've been contacted by the FBI and this was their 'compromise', that maybe some people don't think it's totally retarded.

Use a seed signer

>>54984578
He also gets a copy of every fromage
any newly released fromage has to have at least 100 grams sent to the Bibliotheque Nationale de Fromage. So why wouldn't they do the same with seeds?

>>54985030
>they added bluetooth into their new hardware wallet
LMAO
didn't even know this
what a bunch of retards
>>54985038
>However, I don't trust Intel or AMD too much either.
Even though they are backdoored there's nothing they can really do if you use a reasonably old computer without physical network connection

>>54984816
>>54985264
You're all missing the point. It's not the fact that they made this feature which is the problem, and everything would be fine if they simply hadn't released this firmware update. It's the fact that it was even possible at all to implement this feature, that simply exposed the fact that the hardware was not as secure as they claimed all along.

>>54984639
>but it means that their actually is a method to export the seed from the device, where the entire point is for the hardware to never even be able to expose the seed
No, that's retarded. Obviously, if the hardware can export a signed transaction then nothing stops it from exporting a private key.

Even with complete airgapped wallets that work via cameras and QR codes, there is a possibility that the wallet will encode the private key inside of QR and leak it that way.

>>54985558
No, you can design the hardware to only sign things and not have anyway to get the keys

>>54985536
yes but I assume the only reason they designed it like that was for this service.

>>54985536
No, you're right. There's nothing Ledger could do now to unfuck this, given that the device is not supposed to be able to transmit recovery data out of it, but they are now claiming that they can. It's joever for Ledger.

>>54985358
You're right as far as the general population goes but I'd expect the average bizraeli to be able to do this. Worst case ask the nerds here how to do it and some retard like me would take his time to help. With the ttgo microcontrollers there's nothing to solder or whatever, it comes with buttons and even a semi-nice IPS LCD, plus all the usual ESP32 stuff like WiFi/BT, at least half a MB of storage (some have more), etc. Even CPU-wise it's plenty for a wallet.

>>54985596
>be a hardware wallet
>user sends a transaction to sign
>instead of signing it, construct a brand new transaction with the private key encoded in OP_RETURN, sign and sent out
>???
>bazinga

>>54985630
Wouldn't work retard, the wallet software would get a completely different transaction back than the one it sent and fail when verifying the signature.

>>54985663
The wallet software is even easier to compromise than the firmware, so what's your point? You can't design a hardware that would protect you from a malicious software update.

>>54985630
The whole point is that the secure element is NOT a general-purpose cpu that you can program to do anything you want. If it were properly designed, it would ONLY have the circuits to retrieve the pk from secured memory, sign something with it, and export ONLY the signed result.

>>54985558
>No, that's retarded. Obviously, if the hardware can export a signed transaction then nothing stops it from exporting a private key.
yes, if the firmware supports it. if the firmware does not support is then you can send over that USB connection whatever you want, it will never expose the seed. ledger now added functions to the firmware that allow to query the seed by providing the right commands over the USB connection. it's really easy to understand how this is a massive security flaw to extend the firmware by this functionality.

>>54985677
You are talking confidently about something that you clearly have no idea of. As a simple example consider an FPGA implementation of the signing algorithm, where the programming mechanism is not exposed to the usb ports or firmware update circuitry.

>>54985712
Okay, you're right

>>54985677
The software isn't written by the hardware manufacture, and it can be open source software you can verify. You are saying that trezor would have to compromise metamask for example. Your idea of a hardware wallet just returning completely different transactions would not work at all and be so obvious to detect its retarded.

>>54985210
>future of finance

Jesus christ. Do I need to get out of ledger now? I have a ledger nano S and my seed is on paper.

>>54985892
you don't have to do anything urgently but you should see this as a good time to shop for alternatives

>Future of finance
lol
Everyday I edge closer to just fucking this shit off and putting everything into the S&P

>>54985915
If you love trad finance you'd love this ledger update lol wtf are you complaining about? If you like trusted third parties "protecting" you then you'd love this feature.

>>54985892
>my seed is on paper
didn t you read the thread ? your seed is in the device and now your seed is exporter to other provider like EU....so it s not (YOUR) seed. pic related

>>54985927
But only if we sign up for id storage right?

>>54985909
What's a good alternative?

>>54985964
>only if we sign up for id storage right
yes or gov law to make it mandatory...but it s not like ECB is anti crypto, right ?

>>54985915
If I could yeet all my crypto into fiat in the bank with no worries and flexibility I would too, but there's a few elements that make me more paranoid about keeping it all in fiat Vs crypto. I'm basically cucked and forced in some manner to keep on hodling and adopting a permabull bias.

>>54985972
But im not European

>>54986033
cool. your ledger is not coming from the ledger company in EU ? if EU parliament say any hardware wallet need to send seed to EU parliament your seed will be in the batch

>>54985828
Only retards want crypto to be for normies.
They will ruin it just like they ruined the internet.
Look at all the normie faggots crying about shitcoins all day, about how "nobody will take us seriously," and that we need "common sense regulation."
FUCK NORMIES
NORMIES FUCK OFF
They should stick to buying "bitcoin stock" on Robinhood.

Ledger’s feed the seed

>>54985536
Is it even possible to design such hardware that’s inaccessible to be changed yet still accessible to serve its function?

>>54986172
crypto's been a normie thing for a while now lol, why does it bother you? imagine being this much of a child.

>>54986421
Because they fucking ruined the internet and now they bitch and moan about wanting "common sense regulation" for crypto you fucking mongoloid didn't you read the post

>>54985828
It's the same as if you're dumb enough to buy spyware IoT door locks instead of flashing some software on a $3 microcontroller that doesn't need to phone home to open a door. Basically if you can't do this you're too stupid to live in the modern hyper tichnologicalized world.

>>54985927
yeah, but chud, don't you see that this pc has a nice, super high res retina display, unlike this old, stinky my pc?

>>54986172
>>54986421
Crypto can be for everyone. There is shit like coinbase for normie fucks who don't care about control or privacy, but they can still avoid getting screwed by inflation. But hardware wallets are usually marketed for people who want to self custody exactly because they don't want someone to have control over their funds.

>>54986505
grow up, poorfag retard manchild.

so do i buy a model t or a model one

>>54987194
try to get the t if you can, the one kinda of sucks and is outdated.

>>54985138
Ledger also keeps a record of all your transactions and your IP through ledger Live. Each for 5 years in their system.

I really need to leave Ledger now.

>>54985453
>seed signer
this, cant believe biz does not know

https://lnbits.github.io/hardware-wallet/installer/
> Free Open-Source Bitcoin Hardware Wallet
>Contruct your own bitcoin hardware wallet
>Build from source code, or flash binaries directly from browser
It says still in beta but that's already much better than anything with no source code as all. There's probably projects out there that are more mature. I don't use hardware wallets at all so idk what the nerds use.

>nooooooo
>my internet money isn't secure!!!!!!
never was

Why couldn’t they just release a new ledger device that has this capability and leave the old ledgers alone

>>54985915
The amount of counterparty risk in traditional finance is an order of magnitude greater than this ledger update, let alone a safe hardware wallet

>>54986093
Keked and saved! You can literally see the fed taking the picture in the reflection on that faggoty chrome.

>>54987586
Looks like a bunch of landwhale drumpfh supporters really.
>the reflection distorts it
No. It doesn't.

>>54987316
>not coding it yourself
>going full-retard with someone else's code

>>54988999
I could do it and I have an ESP32, but I don't even use hardware wallets.

>>54984764
do you realize your private seed is exposed at every transaction you make from ledger?

>>54984858
you must be some kind of retard to not know how to do something so simple

>>54986302
yes, ASICS do just that but on a different usecase.

>>54985708
>If the firmware supports it
>you can send whatever you want over the USB and never be sent the private key
So, for the intermediate programmer missing a few security things, how do I best understand this? Would you basically be interfacing with the ledgers API and they've now added a call thats along the lines of "expose_private_key(args)" which is only supposed to be called in certain conditions but anticipated to be abusable in general?
And if it were designed the way >>54985681 suggests, you couldn't even program additional functions into it directly, you'd have to bash it out at the hardware level?
Am I missing anything here, for anyone out there who likes explaining stuff?

>>54990113
If you want it to be secure you'd make it show the seed phrase on the screen but not expose your keys over USB or whatever to a possibly compromised computer.

>>54987741
>brand new bumper sticker
>brand new hat
that's 100% a Fed being a fat faggot retard

>>54984560
This, just market sold my ledger.