gesicherte Fakten über Ledger Recovery

Home Foren Ledger Wallet gesicherte Fakten über Ledger Recovery

  • Dieses Thema hat 13 Antworten sowie 1 Teilnehmer und wurde zuletzt vor vor 1 Jahr, 7 Monaten von pringles_ledger aktualisiert.
Ansicht von 13 Antwort-Themen
  • Autor
    Beiträge
    • 21. Juli 2023 um 15:11 Uhr #2698826
      root_s2yse8vt
      Administrator
      Up
      -1
      Down
      ::

      was wir bis jetzt wissen

      [https://www.ledger.com/recover](https://www.ledger.com/recover)

      * ledger recover ist ein kostenpflichtiger Abo-Dienst, der es erlaubt, **geheime Wiederherstellungsphrasen** aus dem Gerät zu extrahieren (wir dachten, dies sei in der Vergangenheit nicht möglich gewesen, daher die ganze Polemik darüber)
      * Kompatibilität nach Ledger :

      Ledger Recover wird mit Ledger Nano X kompatibel sein. In naher Zukunft wird es auch mit Ledger Nano S Plus und Ledger Stax kompatibel sein. 📷 Ledger Recover ist nicht mit Ledger Nano S kompatibel.

      * Das Problem ist, dass selbst wenn der Dienst nicht abonniert ist, das Firmware-Update hypothetisch erlauben würde, dass **geheime Wiederherstellungsphrase** die HW verlässt
      * Ledger Nano S ist die einzige HW, die nicht mit dem Dienst kompatibel ist (nicht mehr im Ledger-Katalog).

      ​

      ​

      EDIT: Wir wissen, dass die Verwendung von HW Vertrauen in die Instanz erfordert, die Hardware und Firmware herstellt;

      auch „secret recovery phrase **leaving** device „kann niemals auf ledger Nano S möglich sein, da es nur signierte Transaktionen ausgibt

    • 21. Juli 2023 um 15:11 Uhr #2698828
      Mooks79
      Gast
      Up
      0
      Down
      ::

      >* the problem is that even if the service is not subscribed , the firmware update would hypotetically allow **secret recovery phrase** to leave the HW

      As far as I understand hardware wallets, it is possible for the firmware to extract the seed phrase and/or private keys for every single wallet. That includes the original Ledger (some other reason is why it isn’t compatible with recover – or they are deciding not to support it on that device to force upgrades).

      In other words, this has always been possible for all hardware wallets. What Ledger have really done wrong here is make statements that imply it wasn’t possible but, anyone who knew better, knew better.

      Given it’s possible on all hardware wallets, the real question is… do you trust Ledger more than other hardware wallet providers?

    • 21. Juli 2023 um 15:11 Uhr #2698829
      6e6f74
      Gast
      Up
      0
      Down
      ::

      to upgrade the firmware you will need to use ledger live

      to check your ledger is genuine you need ledger live

    • 21. Juli 2023 um 15:11 Uhr #2698830
      DryTechnology5224
      Gast
      Up
      0
      Down
      ::

      So wait, all this recovery drama excludes the nano s? If I have a nano S i dont need to worry about any of this?

    • 21. Juli 2023 um 15:11 Uhr #2698831
      tchofs
      Gast
      Up
      0
      Down
      ::

      Nano S best ledger wallet

    • 21. Juli 2023 um 15:11 Uhr #2698832
      btchip
      Gast
      Up
      0
      Down
      ::

      „the firmware update would hypotetically allow secret recovery phrase to leave the HW“

      this is not related to Recover, this is related to the trust you have in the hardware wallet manufacturer (Ledger in this case). All devices that sign cryptocurrencies transactions need to access the secret recovery phrase.

      When you buy a pre-built hardware wallet, you always have to trust at least the manufacturer (Ledger) and the chip provider (the secure micro division of ST Microelectronics). Thanks to the smartcard architecture we’re using, you do not need to trust more parties, which is different from most other hardware wallets, where the device is vulnerable to easy/trivial supply chain attacks before it reaches you, and physical attacks later.

    • 21. Juli 2023 um 15:11 Uhr #2698833
      loupiote2
      Gast
      Up
      0
      Down
      ::

      > the firmware update would hypotetically allow secret recovery phrase to leave the HW

      how can „hypothetically“ be a „verified fact“ ?

    • 21. Juli 2023 um 15:11 Uhr #2698834
      loupiote2
      Gast
      Up
      0
      Down
      ::

      > the problem is that even if the service is not subscribed , the firmware update would hypotetically allow secret recovery phrase to leave the HW

      hypothetically yes, but in reality, no:

      The reality is that the secret recovery phrase cannot leave the ledger without the user approving it, because this function in the firmware, just like all other critical security-related functions (such as signing a transaction), is gated behind PIN and explicit approval by pressing ledger buttons.

      Also, security researchers can snoop on USB and bluetooth communications to check that indeed the seed cannot „leave the ledger“ without your knowledge and approval. If they could show this happening, they would pocket a huge bounty from the Donjon. So it would not be in ledger’s interest to either do that (maliciously), or to allow this to happen due to a security vulnerability.

      Just like, it is not in ledger’s interest to modify your transactions so that they would send your cryptos to some address you don’t control (hypothetically, ledger can totally change the destination address in all the crypto transfers you sign, but they never did that).

      In addition, if you are concerned that this could happen, you can use a bip39 passphrase, as those are not backed-up by the Recover service.

      Downvote me for giving correct info.

    • 21. Juli 2023 um 15:11 Uhr #2698835
      DarkRabbit82
      Gast
      Up
      0
      Down
      ::

      And the fact they can’t be trusted anymore.

    • 21. Juli 2023 um 15:11 Uhr #2698836
      Caponcapoffstillon
      Gast
      Up
      0
      Down
      ::

      OP you should prob re evaluate what you call a fact, you have wrong info in your post or rather you’re omitting some clauses out to make it look a lot worse than it is. Hardware wallets need access to the SRP or private keys to even make a transaction possible.

    • 21. Juli 2023 um 15:11 Uhr #2698837
      kinch07
      Gast
      Up
      0
      Down
      ::

      facts

    • 21. Juli 2023 um 15:11 Uhr #2698838
      Additional-Meat-9334
      Gast
      Up
      0
      Down
      ::

      Basically, the govt can still go in and rape my account

    • 21. Juli 2023 um 15:11 Uhr #2698839
      SpliffTasticHaze
      Gast
      Up
      0
      Down
      ::

      Sooo Ledger is basically telling us that anyone can extract the secret seed.

    • 21. Juli 2023 um 15:11 Uhr #2698840
      pringles_ledger
      Gast
      Up
      0
      Down
      ::

      Hi – The OS (firmware) update runs on the Secure Element. Downloading the latest OS update for your Ledger Nano X does not mean that your Secret Recovery Phrase can be extracted.

      Updating the device’s firmware will not activate Ledger Recover service by Coincover. Recover remains disabled by default and cannot be activated without your explicit consent. Please review our white paper for an in-depth overview of the offering:
      https://blog.ledger.com/Ledger-Recover-White-Paper/

      And check out our FAQ for more information:
      https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs?docs=true

      Let us know if you have any other questions.

  • Autor
    Beiträge
Ansicht von 13 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.