Sharding in eine App statt in eine Firmware verschieben?

[root_s2yse8vt]

Up

0

Down

::

Apps können auf die privaten Schlüssel zugreifen, warum also nicht die Sharding-, Verschlüsselungs- und Exportfunktionen auf eine App statt auf die Firmware verlagern?

Wenn jemand exportieren/wiederherstellen möchte, kann er die Funktionalität herunterladen und wir vermeiden, dass die Angriffsfläche ständig auf dem Gerät vorhanden ist.

[Y0rin]

Up

0

Down

::

That’s effectively the same thing.

[Itsatemporaryname]

Up

0

Down

::

It’s the same thing, it’s less about which application gets the keys and more that there’s apparently been a misunderstanding on the fact that they can be gotten

[loupiote2]

Up

0

Down

::

On the ledger, apps do not have access to the seed. And it is definitely not a good idea to give them access to the seed, this would increase attack surface of the ledger. so big no-no.

Only the operating system (i.e. ledger firmware) can shard and encrypt the seed safely.

Now, yes, an opensource and vetted app could be used to transfer the encrypted shards out of the device and to ledger live, which will transfer them to the 3 backup services. doing that probably not add new security vulnerabilities, IMHO.

[pringles_ledger]

Up

0

Down

::

Hi – The apps on Ledger devices do not have direct visibility of the seed. To maintain security, any app that fails to follow security guidelines, will not be approved.

Additionally, the OS-based security segregation mechanism in place ensures that an application cannot access or modify data or memory that does not belong to it. This documentation provides a comprehensive overview of the responsibilities apps have in maintaining a secure environment.

https://github.com/LedgerHQ/ledger-dev-doc/blob/master/source/additional/security_guidelines.rst#private-key-management

[Autor]

Beiträge