Home Foren Trezor Wallet Ziemlich verrückt – ich wurde bei Ledger gebannt, weil ich nach Hintertüren mit mehreren Unterschriften gefragt habe…

Ansicht von 4 Antwort-Themen
  • Autor
    Beiträge
    • 19. Juli 2023 um 09:05 Uhr #2689448
      root_s2yse8vt
      Administrator
      Up
      0
      Down
      ::

      Hier ist, was ich fragte- Völlig paranoid. Ich bin also Casa beigetreten und um eine Multi-Sig-VAULT einzurichten, habe ich Ledger (und Trezor) als mein Hardware-Gerät 2 von 3 verwendet. Ich habe den Prozess mit Ledger durchlaufen, wo es sagt, dass es mein Gerät synchronisieren will, dann will es, dass ich meinen Ledger-Pin eingebe, um “meinen PUBLIC-Schlüssel zu exportieren”. Woher weiß ich, dass ich nicht unwissentlich meinen 24-Wort-Seed exportiert habe? Ich brauche Antworten, bevor ich das mit meinem Trezor mache.
      Zum Wohl,
      S.
      EDIT: Dieser Beitrag ist auf der Ledger-Website gelandet, also nicht schattenverboten.

    • 19. Juli 2023 um 09:05 Uhr #2689449
      Infinite-Raspberry-6
      Gast
      Up
      0
      Down
      ::

      you can’t know that , ledger uses closed source firmware. you need to trust them not to extract the seedphrase

    • 19. Juli 2023 um 09:05 Uhr #2689450
      BTCMachineElf
      Gast
      Up
      0
      Down
      ::

      All hardware wallets share their public key after the pin is entered. That’s normal operation. They absolutely should not be programmed to share your private key, and honestly there’s no indication that they do, just that they could with a firmware update. Still there is trust involved there. Trust in a greedy corporation.

      But you’ve always trusted that your device isn’t sharing your private key (it wouldn’t be your seed, but same result), as the software is closed-source. Even before, people just ‘trusted’ ledger that it wasn’t possible. The only difference now is that Ledge admits it is possible.

      I’m not surprised you were banned. Ledger is taking a huge beating over this and doing major damage control.

      But that is reason for doing multi-vendor multisig, right? Still, you’d be better off pairing that trezor with a coldcard or blockstream jade, as all those devices do use open-source peer-reviewed software.

    • 19. Juli 2023 um 09:05 Uhr #2689451
      drfederation
      Gast
      Up
      0
      Down
      ::

      Ledger is full of shit. Their software bug cost me close to 25k in Bitcoin and they claimed it was user error. Thieves

    • 19. Juli 2023 um 09:05 Uhr #2689452
      Zatouroffski
      Gast
      Up
      0
      Down
      ::

      1- No channel mod can shadowban you. And we can see your messages.

      2- Exporting master public key is a casual thing to monitor your wallet and your new derivated addresses. If you don’t export the xpub and enter it to an app (or adding your account to your Ledger Live or any other app that shows you your balance), you cannot see your balance on your computer. It has no control over your addresses.

      3- You cannot know. And being opensource doesn’t guarantee everything is working fine. People lose their balances over opensource software because of undiscovered bugs vice versa. Humans make mistakes.

      You see the device’s API output when you request your xPub. If you are too paranoid about it, go buy a cheap 2nd hand computer, install ledger live, disconnect from everywhere else, export your master public key, take a note, and destroy that computer. Or you can do it on a spare offline raspberry pi device with your own master seed, then destroy the SD card (and the RPI to guarantee you are safe).

  • Autor
    Beiträge
Ansicht von 4 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.