Pages:
Author

Topic: Is Ledger Nano S REALLY SAFE ?? Best Hardware Wallet ? - page 2. (Read 14721 times)

sr. member
Activity: 628
Merit: 276
BTC, ETH, XMR, LTC
When exactly did you buy the ledger where you got it that quickly?

I bought it before the new year, I don't know exact date. (Ledger wasn't out of stock yet at that time.)
Quote
Where are you located?
Slovenia, Europe.
Quote
So you would suggest not buying one on amazon.com then right?
If you are not in a hurry and you don't need Hardwallet urgently I would suggest you to wait and buy it from Ledger official website.
IMO in a year or two there will be a few more hardware wallets manufactures and their price should go down. (Like USB)
Quote
So basically as long as you reset it, then its no problem no matter what?
I believe so. Since it should generate new mnemoric seed (private key). But please read more about this, since I'm not sure.
full member
Activity: 1750
Merit: 186
When exactly did you buy the ledger where you got it that quickly?  Where are you located?

So you would suggest not buying one on amazon.com then right?  So basically as long as you reset it, then its no problem no matter what?
sr. member
Activity: 628
Merit: 276
BTC, ETH, XMR, LTC
How long does it take to receive it from the official site?

I got mine in one week, but as you can see on their website: https://www.ledgerwallet.com/products/ledger-nano-s, they are our of stock.

Quote
Currently out of stock. Order today and get prioritary shipping from March 26

So it will take about 2 months to receive it atm. And be careful if you will buy from resellers. (https://www.reddit.com/r/btc/comments/7ofrqf/warning_brutal_scam_guy_buys_a_ledger_nano_wallet/)
full member
Activity: 1750
Merit: 186
How long does it take to receive it from the official site?
newbie
Activity: 19
Merit: 0
Just generate address/private key pairs and keep them safe.

Hardware wallets are probably best for new comers, they are handy and they are compatible with many tokens.

For people that can generate and manage their own addresses safely maybe there's no need for a hardware wallet.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
Should I spread around the risk and not keep most/all of my coins on a hardware wallet? The idea of keeping my private keys plugged into the USB drive does kind of freak me out.
This will be the same if you have a laptop connecting it to the web, download wallet --> send funds on that wallet and then stay offline forever for security.

With the given points of Eric Voskuil on his tweet. The only possible risk that we can get through our hardware wallets is through this.
As of right now the only risks with hardware wallets are from social engineering like people buying from third parties with preinstalled seeds.

Base on the points there, it will also depend on the computer you're connecting. If you are not that much techie, just don't click anything unnecessary.
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
Should I spread around the risk and not keep most/all of my coins on a hardware wallet? The idea of keeping my private keys plugged into the USB drive does kind of freak me out.

I think anyone claiming 100% faultlessness is a little deluded. Look at the gaping holes that have been there for years in all of our systems that have only recently been uncovered.

There will be white hat and black hat hackers along with the Ledger developers themselves constantly probing for weaknesses. If they're found then I assume we'll hear about it along with a fix very rapidly.

As of right now the only risks with hardware wallets are from social engineering like people buying from third parties with preinstalled seeds.
sr. member
Activity: 251
Merit: 257
Everyone says to buy a hardware wallet. Could anybody explain to me how much of a threat this is? Regarding Ledger:

Quote
Last I checked they use shared attestation to bootstrap trust for device pairing. (That’s really bad, but not as bad as their first product that used a shared secret on a plastic card, that you would enter in parts over time via the untrustworthy device).
Quote
Attestation is proving the device, type using a challenge response pattern. Given the claim is of type, not instance, the proof is based on a common secret retained by each device of the same type. This is what makes attestation distinct from authentication (identity).
Quote
I used the qualifier “shared” to emphasize that attestation uses a secret that is shared across devices of the same type (possibly divided into lots). The secure element is not used by credit cards in this manner, instead each card is manufactured with a unique (identity) secret.
Quote
So you do not get anything like “bank level” security despite using the same hardware.

Also this:
Quote
HW wallets are definitely hacking targets now. Regardless of boot security, they have 2 very high risk attack vectors: - Jailbreak style infection/persistence. - USB hack while connected. Don't trust them more than: - computer you connect it too. - who had physical access.

Should I spread around the risk and not keep most/all of my coins on a hardware wallet? The idea of keeping my private keys plugged into the USB drive does kind of freak me out.
rbt
full member
Activity: 266
Merit: 101
Yes, very interested in nano s, waiting for reviews from users. Also, have anyone already bought a ledger blue??
I`m regularly using Ledger Nano S and I recommend it. If you have a few hundred dollars worth of coins/tokens, than it definitely worth spending $100 for one. I bought it from the producer, but you can buy it from the reseller as long you initialize the device. NEVER use a Ledger already initialized because you`ll loose your funds!

...What if the manufacturer only provides a certain range of words to generate a weak private key, which can be gained by exhaustive attack method? After all, you can only comply with the seed words it provides.
In theory I guess everything is possible, but I don`t think we should worry about. Ledger is on the market for some time and their codes were checked and deeply analyzed, they probably offered a bug bounty too in order to incentivize people (I don`t know for sure, but I see almost everybody does this nowadays).
hero member
Activity: 2520
Merit: 568
Payment Gateway Allows Recurring Payments
What if the manufacturer did something evil?
Their company is worth billions of dollars so why they have to do something crazy just to destroy their smooth running business. I know you are starting to worry since they are the ones who are manufacturing our nano ledger s'. But to think of it, they have more than our bitcoins so why would they destroy their reputation just for the sake of stealing. I have seen on how they reacted with a reddit complain about a reseller who stole the coins of the complainant and that was a very impressive reply from them, they care for their customers.
HCP
legendary
Activity: 2086
Merit: 4361
...What if the manufacturer only provides a certain range of words to generate a weak private key, which can be gained by exhaustive attack method? After all, you can only comply with the seed words it provides.
That isn't strictly true... you don't have to use a seed generated by the device itself.

You can restore any BIP39/BIP44 compatible seed into a Ledger Nano S... so you are free to use another tool to generate a 24 word seed. Theoretically, you could even generate it offline using dice and some maths and then "restore" that seed to the Nano.
member
Activity: 126
Merit: 10
Hi, guys! I got three Ledger nano s and I got this very interesting question one day when I using it.

What if the manufacturer did something evil? I mean of course you can always wipe the ledger nano as much as you like, and of course, the code of it is open-source online. What if the manufacturer only provides a certain range of words to generate a weak private key, which can be gained by exhaustive attack method? After all, you can only comply with the seed words it provides.

How can we know for sure the ledger nano we have is not provided by evil manufacturers? I mean, you cannot open it and check it thoroughly. I just really curious about this question and it haunted me. Is it possible? And is it possible for some hacker to gain interest with any bug that hides inside this hardware wallet?

Please correct me if wrong. Really appreciated!
 

And what about the official and unofficial wallets?

Of course they can do that, but the real question is why would they do that? Ledger is a serious company and they should have some random quality control to check that everything is ok. You can also send your ledger to a security company to check whether every seems ok.
newbie
Activity: 4
Merit: 3
Hi, guys! I got three Ledger nano s and I got this very interesting question one day when I using it.

What if the manufacturer did something evil? I mean of course you can always wipe the ledger nano as much as you like, and of course, the code of it is open-source online. What if the manufacturer only provides a certain range of words to generate a weak private key, which can be gained by exhaustive attack method? After all, you can only comply with the seed words it provides.

How can we know for sure the ledger nano we have is not provided by evil manufacturers? I mean, you cannot open it and check it thoroughly. I just really curious about this question and it haunted me. Is it possible? And is it possible for some hacker to gain interest with any bug that hides inside this hardware wallet?

Please correct me if wrong. Really appreciated!
 
sr. member
Activity: 628
Merit: 276
BTC, ETH, XMR, LTC
So how's that if you were using Ledger Nano S on ED? I understand that he can't confirm transactions since you need to use physical button to approve it.

Yes, thats right.
Ether Delta creates the transactions and you have to sign (approve) them via pushing the physical buttons.


But did he get your private key/ seed?

In this case he doesn't have any chance to get the seed (or private keys). They never get exposed to 'outside' of the nano s.


Could he import that in another Ledger Nano S wallet and send funds from there?

No, because look above.
Generally: You dont need a nano s to import the seed and transfering coins. Any BIP39-compatible wallet can do that.


Can PIN code prevent that?

1. This can't happen (look above)
2. The pin code only secures your funds against physical access (thief would have to know your pin code). In a scenario where the attacker has your private key or seed he doesn't need to
access your device since he can easily create transaction by himself (with any other tool/wallet).


Is there something owner of ledger wallet could/should do in this case? Are there any cases in which your private key/mnemoric seed would get exposed and stolen from Ledger Wallet, example: if you are using My Ether Wallet with Nano S and someone would replace their domain?

Your private key / seed never gets exposed.
However, a 'fake' ether delta would steal your money in terms of taking your deposits and not paying out withdrawals.
As long as you confirm/approve transactions consicious only these 'deposits' would be stolen from you (and additionally your master public key would be known to the fake ED, destroying your privacy).

Thank you very much for this answer!
So if you take good care of private key (mnemoric seed) and PIN there is no way to steal funds from Ledger Nano S. Now I'm even happier that I have it. Smiley
legendary
Activity: 1624
Merit: 2481
So how's that if you were using Ledger Nano S on ED? I understand that he can't confirm transactions since you need to use physical button to approve it.

Yes, thats right.
Ether Delta creates the transactions and you have to sign (approve) them via pushing the physical buttons.


But did he get your private key/ seed?

In this case he doesn't have any chance to get the seed (or private keys). They never get exposed to 'outside' of the nano s.


Could he import that in another Ledger Nano S wallet and send funds from there?

No, because look above.
Generally: You dont need a nano s to import the seed and transfering coins. Any BIP39-compatible wallet can do that.


Can PIN code prevent that?

1. This can't happen (look above)
2. The pin code only secures your funds against physical access (thief would have to know your pin code). In a scenario where the attacker has your private key or seed he doesn't need to
access your device since he can easily create transaction by himself (with any other tool/wallet).


Is there something owner of ledger wallet could/should do in this case? Are there any cases in which your private key/mnemoric seed would get exposed and stolen from Ledger Wallet, example: if you are using My Ether Wallet with Nano S and someone would replace their domain?

Your private key / seed never gets exposed.
However, a 'fake' ether delta would steal your money in terms of taking your deposits and not paying out withdrawals.
As long as you confirm/approve transactions consicious only these 'deposits' would be stolen from you (and additionally your master public key would be known to the fake ED, destroying your privacy).
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Anyone knows how is with security if you were using Ledger Nano S on EtherDelta (ED)?
As I heard ED was hacked. Someone replaced their domain with his and he got private keys from users (users typed/generated private key on ED in order to start trading).

So how's that if you were using Ledger Nano S on ED? I understand that he can't confirm transactions since you need to use physical button to approve it.
But did he get your private key/ seed? Could he import that in another Ledger Nano S wallet and send funds from there? Can PIN code prevent that?

Is there something owner of ledger wallet could/should do in this case? Are there any cases in which your private key/mnemoric seed would get exposed and stolen from Ledger Wallet, example: if you are using My Ether Wallet with Nano S and someone would replace their domain?

When you generate your 24 word seed on Ledger Nano S this should be written on a piece of paper,make few copy and store in safe place.This seed is not for share with nobody,but if you give this to someone,then it is easy to use that seed to generate your wallet.

You can not import private key in Ledger Nano S,it will only accept seed created by Ledger or Trezor(as far as I know).If you use Ledger with other wallets like Electrum,your private keys/seed is never leaves device and you always need to confirm sending address on Ledger display before confirm sending.

Hardware wallets are best option for keeping your coins safe for long term and also for daily use.
member
Activity: 308
Merit: 10
Yes is the safest, easiest option to store your bitcoin/cryptocurrencies. Your private keys are stored in the ledger and never exposed

Moreover it cannot be tampered since it has 2 different chips
sr. member
Activity: 628
Merit: 276
BTC, ETH, XMR, LTC
Anyone knows how is with security if you were using Ledger Nano S on EtherDelta (ED)?
As I heard ED was hacked. Someone replaced their domain with his and he got private keys from users (users typed/generated private key on ED in order to start trading).

So how's that if you were using Ledger Nano S on ED? I understand that he can't confirm transactions since you need to use physical button to approve it.
But did he get your private key/ seed? Could he import that in another Ledger Nano S wallet and send funds from there? Can PIN code prevent that?

Is there something owner of ledger wallet could/should do in this case? Are there any cases in which your private key/mnemoric seed would get exposed and stolen from Ledger Wallet, example: if you are using My Ether Wallet with Nano S and someone would replace their domain?
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
Okay let me just get this confirmed.  If i get a nano ledger s and then transfer my btc from electrum to nano ledger.  Then my nano ledger no longer works or something like that, i would just have to put that 24 word seed from nano ledger and enter that into electrum wallet and it will be recovered?  Thus its like if i needed to restore electrum again on the same computer or new computer?  I want to make sure of this because i know i would not be able to get a nano ledger s again if the initial one has issues and malfunctions etc.

Yes, because the Nano S uses the BIP39 standard, it is accepted by other wallets. You will be fine. At the very least you can find a tool online to help you recover your wallet.
full member
Activity: 1750
Merit: 186
Okay let me just get this confirmed.  If i get a nano ledger s and then transfer my btc from electrum to nano ledger.  Then my nano ledger no longer works or something like that, i would just have to put that 24 word seed from nano ledger and enter that into electrum wallet and it will be recovered?  Thus its like if i needed to restore electrum again on the same computer or new computer?  I want to make sure of this because i know i would not be able to get a nano ledger s again if the initial one has issues and malfunctions etc.
Pages:
Jump to: