markus - ethOS - e/acc-d pfp
markus - ethOS - e/acc-d
@markus
What the fuck is wrong with Ledger
8 replies
0 recast
10 reactions
EV3 Sal pfp
EV3 Sal
@danconia-crypto
isn’t this basically fireblocks-for-retail? tbh i don’t get the backlash… not like they made it opt-out
1 reply
0 recast
2 reactions
markus - ethOS - e/acc-d pfp
markus - ethOS - e/acc-d
@markus
No. With this feature they confirmed that they (Ledger Company) can push firmware updates that mess with the seed phrase. This should not be possible under any circumstance
1 reply
0 recast
3 reactions
Dan Romero pfp
Dan Romero
@dwr.eth
Hmm, I think if you want that level of control don’t use a hardware wallet built by someone else? Order of magnitude more cases of people losing phrases
1 reply
0 recast
2 reactions
markus - ethOS - e/acc-d pfp
markus - ethOS - e/acc-d
@markus
If you're buying a "hardware" wallet, the assumption is already that the manufacturer and hackers cannot extract the seed phrase. And "Just DIY it" is something you can tell someone with years of computer science/cybersecurity experience, but not the average crypto user.
2 replies
0 recast
1 reaction
Dan Romero pfp
Dan Romero
@dwr.eth
Right, what I’m saying is the avg crypto user is an order of magnitude more likely to lose the phrase than be hacked / nation state compelling Ledger to back door. If you want maximum security, don’t use a company.
3 replies
0 recast
7 reactions
pal 🟪 pfp
pal 🟪
@pal
The concerning part is more that the *existing product* has the capability of exporting the seed phrase from the secure element. Not being able to do that was part of the promise to begin with. If they had released a new hardware device that had this option, it’d be less controversial IMO
2 replies
0 recast
1 reaction
pal 🟪 pfp
pal 🟪
@pal
This is a take supporting @dwr.eth 's thinking - https://twitter.com/hosseeb/status/1658740433361702913 basically my view shared above is Stage 1 on Hoseeb's exploration
0 reply
0 recast
0 reaction
RoboCopsGoneMad pfp
RoboCopsGoneMad
@robocopsgonemad
Unfortunately, as long as the firmware of the secure enclave is upgradable, you can't really make that promise. Today, a transaction goes in, and if you auth, that tx gets signed with a secret that must be accessed. That right there is more complicated than just returning the secret.
0 reply
0 recast
2 reactions