[ad_1]
An upcoming update leak has cryptonians talking about some sort of reveal from Ledger, a French hardware wallet company.
You can subscribe to Ledger Recover, it says, “an ID-based key recovery service that provides a backup of your Secret Recovery Phrases.”
To make it even more interesting, you need a passport or driver’s license to actually use the recovery service later if needed, sending out the antenna.
“So even if I don’t use the service, my Ledger Nano X can now transmit my secret recovery phrase?” – a ledger publicly asked.
The initial answer by Nicolas Bacca, Ledger’s CTO, rules out the issue:
“You’re already using the device agreeing to the fact that Ledger can’t update the firmware without your consent – it’s the same mechanism for Recover, which is locked behind your device ownership, knowledge of your pin, and ultimately your consent to the device. ”
But the question is how exactly the private key is given to the company. Pressed further, Bacca stated:
“The device sends an encrypted shard of your seed to various companies if you decide to use the service. You can of course still choose to back it up yourself.”
Earlier this month Pascal Gauthier, CEO of Ledger, revealed to Wired that they were working on making private key ownership more accessible:
“Ledger is preparing to launch a new service called Ledger Recover that splits the wallet recovery phrase—essentially, a human-readable form of private key—into three encrypted shards and distributes them to three custodians: Ledger, crypto-custody firm Coincover, and the escrow company code. EscrowTech.
If someone loses their recovery phrase, two of the three shards can be combined—pending ID checks—to regain access to locked funds.
Basically, Ledger Recover is an added safety net; priced at $9.99 per month, it eliminates the dangers of the crypto version of dollar bills under the mattress.
Shamir’s secret is a rather old tool in crypto. Instead of having one long string as your private key, you cut it into three or more so that if you lose one, you can still combine the other two to get your private key.
Here Ledger goes a step further. After intercepting the private key, it then sends one part to itself, the company Ledger, one to Coincover and one to EscrowTech. So if you lose your device, you can show your ID and all three combine to give you your private key.
The big issue is how this is done. If it’s cropped within Ledger or somehow between two or three Ledger devices, then this is a great new feature for those who want more security.
Here instead the hardware wallet sends it to these companies, and that means your private key is no longer private.
“No single company knows about your seeds if you decide to use them,” says Bacca and that’s because no one company has the full set of seeds, only some of them. It is also encrypted.
But the main point in contention is that as a hardware wallet, it shouldn’t be able to transmit private keys. It must be offline and inaccessible.
“This doesn’t change the security assumptions compared to a firmware update,” said Bacca.
For that he’s relying on the fact that you have to push a button to agree to sending phases to these companies through Recovery, just like you have to push a button to agree to a firmware update.
Seeds don’t ship by themselves, or at least that’s the suggestion, although the device itself does send them if you confirm.
Almost Offline?
For those who want more security, the fact that this device can communicate the seed phase at all is a problem because if it can, then it’s not completely offline and not doing what Ledger said publicly last week:
“We get it – your device stores your private key offline for you. The thing is, you can do a lot more with your Ledger.”
As this update suggests, the private key is not quite sealed in a cold bag, but can be sent to this company, even if with your consent, there is an uproar on social media among Ledger holders.
The company has sold six million units of hardware, but ultimately setting it up always requires a certain level of trust, some trade-off between convenience and security.
If you want your own security, then you generate your private key on a new laptop that you’re not connected to the internet, print out the private key or take a photo of it on your phone that’s also not connected to the internet, and if you need access to funds, then start all over again to remaining balance by creating a new address.
Just buying a small device is more convenient, but in the end you never know what’s inside unless you build it yourself.
This has the potential to provide a boost for open source hardware, an idea that has been suggested now and then in the crypto space for years, but has yet to go anywhere as it is such a colossal endeavor.
Until then, it’s more a matter of tradeoff and how much security it is. As in Ledger’s case you have to agree to provide the private key it is slightly better than online wallets but the fact that the device can transmit the key goes against their literature which says:
“The ledger device generates your private key in a completely offline environment – and stores it there, always. With your private keys isolated from the internet connection, they will stay protected from hackers and malware.”
Following a firmware update, they may not be completely isolated. Ledger has stated that they will provide further documentation to explain how the new firmware update works, but the current ledger continues to work as before and you don’t need to update it.
Though of course there are conceptual issues for all Ledgers as to how these offline private keys on the device can be sent. Since it’s not manually entering it, based on Bacca’s assertion that the device sent it, then maybe the settings aren’t completely offline.
That said, Ledger has been operating for years without a hack, but their focus for many years has been on providing an offline wallet, rather than backing it up online and offering upgrade plans.
[ad_2]
Source link