Home Foren Ledger Wallet Inwieweit wird die Angriffsfläche durch das Vorhandensein des “Ledger Recovery”-Codes vergrößert?

Ansicht von 7 Antwort-Themen
  • Autor
    Beiträge
    • 20. August 2023 um 18:18 Uhr #2821183
      root_s2yse8vt
      Administrator
      Up
      0
      Down
      ::

      Idealerweise hätte ich gerne eine Antwort von jemandem, der bei Ledger an dieser Funktion arbeitet.

      Wir alle wissen, dass mehr Code = mehr potenzielle Risiken bedeutet.

      Meine Frage ist, wie hoch das Risiko bei dieser neuen Funktion ist und warum?

      So gab es zum Beispiel Fragen zur Unterstützung von mehr Kryptowährungen durch Ledger. Die Vergrößerung der Angriffsfläche erschien mir sehr vernünftig.

      Das Bluetooth scheint auch akzeptabel zu sein, aber ich schätze die Möglichkeit, ein Gerät ohne drahtlose Funktionen zu haben.

      Was ist mit der Wiederherstellung von Ledger, wenn Sie es nicht verwenden? Ich danke Ihnen

    • 20. August 2023 um 18:18 Uhr #2821184
      btchip
      Gast
      Up
      0
      Down
      ::

      I didn’t work on Recover, but I designed with my team the architecture and platform that we’re still running today.

      > We all know that more code = more potential risks.

      That’s only correct if the code actually runs. Recover is locked behind your PIN and consent. This mechanism has been implemented from day 1, and is strongly enforced by the smartcard. There’s no way around it (that can be debated if you get physical access, but it stiill won’t be easy at all, and Recover doesn’t change anything there)

      If you accepted that you need to enter your PIN to access your device, and that you need to consent to sign, then you should be fine to ignore Recover if you don’t want to use it.

    • 20. August 2023 um 18:18 Uhr #2821185
      deterrant_
      Gast
      Up
      0
      Down
      ::

      It adds another point which attackers can try to exploit, so IMO it makes it worse (even though Ledger is still better than any wallet running on your daily use PC or phone (again, IMO)).

      Many Ledger users also thought you cant “physically” get the seed out even if you wanted to, even with firmware updates. Now that that they have shown this not to be the case, I would personally prefer all software and hardware to be open source so that I could look at it, compile it and deploy it.

    • 20. August 2023 um 18:18 Uhr #2821186
      kinch07
      Gast
      Up
      0
      Down
      ::

      To be perfectly honest ANY increase in attack surface is a move in the wrong direction.

    • 20. August 2023 um 18:18 Uhr #2821187
      jackashnor
      Gast
      Up
      0
      Down
      ::

      Hi, is it safe to update the Ledger Nano X firmware to version 2.2.1 (Ledger Recover) or is it a beta version? Will the process to enable the recovery functionality take place during the firmware update?

    • 20. August 2023 um 18:18 Uhr #2821188
      0xAERG
      Gast
      Up
      0
      Down
      ::

      If you don’t use it, the answer is easy : None.
      If you don’t activate recover from within your device, your seed won’t be sharded, thus, the shards will never leave your device. So nothing will change for your device.

    • 20. August 2023 um 18:18 Uhr #2821189
      joannew99
      Gast
      Up
      0
      Down
      ::

      Ledger “just Trust me bro”

    • 20. August 2023 um 18:18 Uhr #2821190
      Gearheadfmc1
      Gast
      Up
      0
      Down
      ::

      In my opinion, it is not that Ledger(the Company) would do any rug pull but, rather with the crooked governments globally, should for example the US Feds want to know about your funds, seize your funds, confiscate your funds…. they would be able to do so! That is my biggest concern.

  • Autor
    Beiträge
Ansicht von 7 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.