verified facts about ledger recover

12 thoughts on “verified facts about ledger recover”

1. to upgrade the firmware you will need to use ledger live

   to check your ledger is genuine you need ledger live

2. > the problem is that even if the service is not subscribed , the firmware update would hypotetically allow secret recovery phrase to leave the HW

   hypothetically yes, but in reality, no:

   The reality is that the secret recovery phrase cannot leave the ledger without the user approving it, because this function in the firmware, just like all other critical security-related functions (such as signing a transaction), is gated behind PIN and explicit approval by pressing ledger buttons.

   Also, security researchers can snoop on USB and bluetooth communications to check that indeed the seed cannot “leave the ledger” without your knowledge and approval. If they could show this happening, they would pocket a huge bounty from the Donjon. So it would not be in ledger’s interest to either do that (maliciously), or to allow this to happen due to a security vulnerability.

   Just like, it is not in ledger’s interest to modify your transactions so that they would send your cryptos to some address you don’t control (hypothetically, ledger can totally change the destination address in all the crypto transfers you sign, but they never did that).

   In addition, if you are concerned that this could happen, you can use a bip39 passphrase, as those are not backed-up by the Recover service.

   Downvote me for giving correct info.

3. And the fact they can’t be trusted anymore.

4. “the firmware update would hypotetically allow secret recovery phrase to leave the HW”

   this is not related to Recover, this is related to the trust you have in the hardware wallet manufacturer (Ledger in this case). All devices that sign cryptocurrencies transactions need to access the secret recovery phrase.

   When you buy a pre-built hardware wallet, you always have to trust at least the manufacturer (Ledger) and the chip provider (the secure micro division of ST Microelectronics). Thanks to the smartcard architecture we’re using, you do not need to trust more parties, which is different from most other hardware wallets, where the device is vulnerable to easy/trivial supply chain attacks before it reaches you, and physical attacks later.

5. Nano S best ledger wallet

6. So wait, all this recovery drama excludes the nano s? If I have a nano S i dont need to worry about any of this?

7. OP you should prob re evaluate what you call a fact, you have wrong info in your post or rather you’re omitting some clauses out to make it look a lot worse than it is. Hardware wallets need access to the SRP or private keys to even make a transaction possible.

8. >* the problem is that even if the service is not subscribed , the firmware update would hypotetically allow secret recovery phrase to leave the HW

   As far as I understand hardware wallets, it is possible for the firmware to extract the seed phrase and/or private keys for every single wallet. That includes the original Ledger (some other reason is why it isn’t compatible with recover – or they are deciding not to support it on that device to force upgrades).

   In other words, this has always been possible for all hardware wallets. What Ledger have really done wrong here is make statements that imply it wasn’t possible but, anyone who knew better, knew better.

   Given it’s possible on all hardware wallets, the real question is… do you trust Ledger more than other hardware wallet providers?

9. facts

10. > the firmware update would hypotetically allow secret recovery phrase to leave the HW

    how “hypothetically” be a “verified fact” ?

11. Basically, the govt can still go in and rape my account

12. Sooo Ledger is basically telling us that anyone can extract the secret seed.

Comments are closed.