Is Ledger Nano S REALLY SAFE ?? Best Hardware Wallet ? - page 2.

7jaka7

sr. member

Activity: 628

Merit: 276

BTC, ETH, XMR, LTC

Quote from: jerry0 on January 26, 2018, 10:51:34 PM

When exactly did you buy the ledger where you got it that quickly?

I bought it before the new year, I don't know exact date. (Ledger wasn't out of stock yet at that time.)

Quote

Where are you located?

Slovenia, Europe.

Quote

So you would suggest not buying one on amazon.com then right?

If you are not in a hurry and you don't need Hardwallet urgently I would suggest you to wait and buy it from Ledger official website.
IMO in a year or two there will be a few more hardware wallets manufactures and their price should go down. (Like USB)

Quote

So basically as long as you reset it, then its no problem no matter what?

I believe so. Since it should generate new mnemoric seed (private key). But please read more about this, since I'm not sure.

jerry0

full member

Activity: 1750

Merit: 186

When exactly did you buy the ledger where you got it that quickly? Where are you located?

So you would suggest not buying one on amazon.com then right? So basically as long as you reset it, then its no problem no matter what?

7jaka7

sr. member

Activity: 628

Merit: 276

BTC, ETH, XMR, LTC

Quote from: jerry0 on January 26, 2018, 12:28:47 AM

How long does it take to receive it from the official site?

I got mine in one week, but as you can see on their website: https://www.ledgerwallet.com/products/ledger-nano-s, they are our of stock.

Quote

Currently out of stock. Order today and get prioritary shipping from March 26

So it will take about 2 months to receive it atm. And be careful if you will buy from resellers. (https://www.reddit.com/r/btc/comments/7ofrqf/warning_brutal_scam_guy_buys_a_ledger_nano_wallet/)

jerry0

full member

Activity: 1750

Merit: 186

How long does it take to receive it from the official site?

Subutai

newbie

Activity: 19

Merit: 0

Just generate address/private key pairs and keep them safe.

Hardware wallets are probably best for new comers, they are handy and they are compatible with many tokens.

For people that can generate and manage their own addresses safely maybe there's no need for a hardware wallet.

jossiel

hero member

Activity: 3150

Merit: 636

DGbet.fun - Crypto Sportsbook

Quote from: manchester93 on January 21, 2018, 05:10:36 AM

Should I spread around the risk and not keep most/all of my coins on a hardware wallet? The idea of keeping my private keys plugged into the USB drive does kind of freak me out.

This will be the same if you have a laptop connecting it to the web, download wallet --> send funds on that wallet and then stay offline forever for security.

With the given points of Eric Voskuil on his tweet. The only possible risk that we can get through our hardware wallets is through this.

Quote from: gentlemand on January 24, 2018, 02:56:35 PM

As of right now the only risks with hardware wallets are from social engineering like people buying from third parties with preinstalled seeds.

Base on the points there, it will also depend on the computer you're connecting. If you are not that much techie, just don't click anything unnecessary.

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

Quote from: manchester93 on January 21, 2018, 05:10:36 AM

Should I spread around the risk and not keep most/all of my coins on a hardware wallet? The idea of keeping my private keys plugged into the USB drive does kind of freak me out.

I think anyone claiming 100% faultlessness is a little deluded. Look at the gaping holes that have been there for years in all of our systems that have only recently been uncovered.

There will be white hat and black hat hackers along with the Ledger developers themselves constantly probing for weaknesses. If they're found then I assume we'll hear about it along with a fix very rapidly.

As of right now the only risks with hardware wallets are from social engineering like people buying from third parties with preinstalled seeds.

manchester93

sr. member

Activity: 251

Merit: 257

Everyone says to buy a hardware wallet. Could anybody explain to me how much of a threat this is? Regarding Ledger:

Quote

Last I checked they use shared attestation to bootstrap trust for device pairing. (That’s really bad, but not as bad as their first product that used a shared secret on a plastic card, that you would enter in parts over time via the untrustworthy device).

Quote

Attestation is proving the device, type using a challenge response pattern. Given the claim is of type, not instance, the proof is based on a common secret retained by each device of the same type. This is what makes attestation distinct from authentication (identity).

Quote

I used the qualifier “shared” to emphasize that attestation uses a secret that is shared across devices of the same type (possibly divided into lots). The secure element is not used by credit cards in this manner, instead each card is manufactured with a unique (identity) secret.

Quote

So you do not get anything like “bank level” security despite using the same hardware.

Also this:

Quote

HW wallets are definitely hacking targets now. Regardless of boot security, they have 2 very high risk attack vectors: - Jailbreak style infection/persistence. - USB hack while connected. Don't trust them more than: - computer you connect it too. - who had physical access.

Should I spread around the risk and not keep most/all of my coins on a hardware wallet? The idea of keeping my private keys plugged into the USB drive does kind of freak me out.

rbt

full member

Activity: 266

Merit: 101

Quote from: Vanessa02 on December 04, 2017, 12:07:04 PM

Yes, very interested in nano s, waiting for reviews from users. Also, have anyone already bought a ledger blue??

I`m regularly using Ledger Nano S and I recommend it. If you have a few hundred dollars worth of coins/tokens, than it definitely worth spending $100 for one. I bought it from the producer, but you can buy it from the reseller as long you initialize the device. NEVER use a Ledger already initialized because you`ll loose your funds!

Quote from: CryptoPadawan on January 20, 2018, 02:12:41 AM

...What if the manufacturer only provides a certain range of words to generate a weak private key, which can be gained by exhaustive attack method? After all, you can only comply with the seed words it provides.

In theory I guess everything is possible, but I don`t think we should worry about. Ledger is on the market for some time and their codes were checked and deeply analyzed, they probably offered a bug bounty too in order to incentivize people (I don`t know for sure, but I see almost everybody does this nowadays).

bhadz

hero member

Activity: 2520

Merit: 568

Payment Gateway Allows Recurring Payments

Quote from: CryptoPadawan on January 20, 2018, 02:12:41 AM

What if the manufacturer did something evil?

Their company is worth billions of dollars so why they have to do something crazy just to destroy their smooth running business. I know you are starting to worry since they are the ones who are manufacturing our nano ledger s'. But to think of it, they have more than our bitcoins so why would they destroy their reputation just for the sake of stealing. I have seen on how they reacted with a reddit complain about a reseller who stole the coins of the complainant and that was a very impressive reply from them, they care for their customers.

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: CryptoPadawan on January 20, 2018, 02:12:41 AM

...What if the manufacturer only provides a certain range of words to generate a weak private key, which can be gained by exhaustive attack method? After all, you can only comply with the seed words it provides.

That isn't strictly true... you don't have to use a seed generated by the device itself.

You can restore any BIP39/BIP44 compatible seed into a Ledger Nano S... so you are free to use another tool to generate a 24 word seed. Theoretically, you could even generate it offline using dice and some maths and then "restore" that seed to the Nano.

lorya

member

Activity: 126

Merit: 10

Quote from: CryptoPadawan on January 20, 2018, 02:12:41 AM

Hi, guys! I got three Ledger nano s and I got this very interesting question one day when I using it.

What if the manufacturer did something evil? I mean of course you can always wipe the ledger nano as much as you like, and of course, the code of it is open-source online. What if the manufacturer only provides a certain range of words to generate a weak private key, which can be gained by exhaustive attack method? After all, you can only comply with the seed words it provides.

How can we know for sure the ledger nano we have is not provided by evil manufacturers? I mean, you cannot open it and check it thoroughly. I just really curious about this question and it haunted me. Is it possible? And is it possible for some hacker to gain interest with any bug that hides inside this hardware wallet?

Please correct me if wrong. Really appreciated!

And what about the official and unofficial wallets?

Of course they can do that, but the real question is why would they do that? Ledger is a serious company and they should have some random quality control to check that everything is ok. You can also send your ledger to a security company to check whether every seems ok.

CryptoPadawan

newbie

Activity: 4

Merit: 3

Hi, guys! I got three Ledger nano s and I got this very interesting question one day when I using it.

What if the manufacturer did something evil? I mean of course you can always wipe the ledger nano as much as you like, and of course, the code of it is open-source online. What if the manufacturer only provides a certain range of words to generate a weak private key, which can be gained by exhaustive attack method? After all, you can only comply with the seed words it provides.

How can we know for sure the ledger nano we have is not provided by evil manufacturers? I mean, you cannot open it and check it thoroughly. I just really curious about this question and it haunted me. Is it possible? And is it possible for some hacker to gain interest with any bug that hides inside this hardware wallet?

Please correct me if wrong. Really appreciated!

7jaka7

sr. member

Activity: 628

Merit: 276

BTC, ETH, XMR, LTC

Quote from: bob123 on January 04, 2018, 09:52:45 AM

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

So how's that if you were using Ledger Nano S on ED? I understand that he can't confirm transactions since you need to use physical button to approve it.

Yes, thats right.
Ether Delta creates the transactions and you have to sign (approve) them via pushing the physical buttons.

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

But did he get your private key/ seed?

In this case he doesn't have any chance to get the seed (or private keys). They never get exposed to 'outside' of the nano s.

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

Could he import that in another Ledger Nano S wallet and send funds from there?

No, because look above.
Generally: You dont need a nano s to import the seed and transfering coins. Any BIP39-compatible wallet can do that.

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

Can PIN code prevent that?

1. This can't happen (look above)
2. The pin code only secures your funds against physical access (thief would have to know your pin code). In a scenario where the attacker has your private key or seed he doesn't need to
access your device since he can easily create transaction by himself (with any other tool/wallet).

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

Is there something owner of ledger wallet could/should do in this case? Are there any cases in which your private key/mnemoric seed would get exposed and stolen from Ledger Wallet, example: if you are using My Ether Wallet with Nano S and someone would replace their domain?

Your private key / seed never gets exposed.
However, a 'fake' ether delta would steal your money in terms of taking your deposits and not paying out withdrawals.
As long as you confirm/approve transactions consicious only these 'deposits' would be stolen from you (and additionally your master public key would be known to the fake ED, destroying your privacy).

Thank you very much for this answer!
So if you take good care of private key (mnemoric seed) and PIN there is no way to steal funds from Ledger Nano S. Now I'm even happier that I have it.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

So how's that if you were using Ledger Nano S on ED? I understand that he can't confirm transactions since you need to use physical button to approve it.

Yes, thats right.
Ether Delta creates the transactions and you have to sign (approve) them via pushing the physical buttons.

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

But did he get your private key/ seed?

In this case he doesn't have any chance to get the seed (or private keys). They never get exposed to 'outside' of the nano s.

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

Could he import that in another Ledger Nano S wallet and send funds from there?

No, because look above.
Generally: You dont need a nano s to import the seed and transfering coins. Any BIP39-compatible wallet can do that.

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

Can PIN code prevent that?

1. This can't happen (look above)
2. The pin code only secures your funds against physical access (thief would have to know your pin code). In a scenario where the attacker has your private key or seed he doesn't need to
access your device since he can easily create transaction by himself (with any other tool/wallet).

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

Is there something owner of ledger wallet could/should do in this case? Are there any cases in which your private key/mnemoric seed would get exposed and stolen from Ledger Wallet, example: if you are using My Ether Wallet with Nano S and someone would replace their domain?

Your private key / seed never gets exposed.
However, a 'fake' ether delta would steal your money in terms of taking your deposits and not paying out withdrawals.
As long as you confirm/approve transactions consicious only these 'deposits' would be stolen from you (and additionally your master public key would be known to the fake ED, destroying your privacy).

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: 7jaka7 on January 04, 2018, 07:12:09 AM

Anyone knows how is with security if you were using Ledger Nano S on EtherDelta (ED)?
As I heard ED was hacked. Someone replaced their domain with his and he got private keys from users (users typed/generated private key on ED in order to start trading).

So how's that if you were using Ledger Nano S on ED? I understand that he can't confirm transactions since you need to use physical button to approve it.
But did he get your private key/ seed? Could he import that in another Ledger Nano S wallet and send funds from there? Can PIN code prevent that?

Is there something owner of ledger wallet could/should do in this case? Are there any cases in which your private key/mnemoric seed would get exposed and stolen from Ledger Wallet, example: if you are using My Ether Wallet with Nano S and someone would replace their domain?

When you generate your 24 word seed on Ledger Nano S this should be written on a piece of paper,make few copy and store in safe place.This seed is not for share with nobody,but if you give this to someone,then it is easy to use that seed to generate your wallet.

You can not import private key in Ledger Nano S,it will only accept seed created by Ledger or Trezor(as far as I know).If you use Ledger with other wallets like Electrum,your private keys/seed is never leaves device and you always need to confirm sending address on Ledger display before confirm sending.

Hardware wallets are best option for keeping your coins safe for long term and also for daily use.

blozo

member

Activity: 308

Merit: 10

Yes is the safest, easiest option to store your bitcoin/cryptocurrencies. Your private keys are stored in the ledger and never exposed

Moreover it cannot be tampered since it has 2 different chips

7jaka7

sr. member

Activity: 628

Merit: 276

BTC, ETH, XMR, LTC

Anyone knows how is with security if you were using Ledger Nano S on EtherDelta (ED)?
As I heard ED was hacked. Someone replaced their domain with his and he got private keys from users (users typed/generated private key on ED in order to start trading).

So how's that if you were using Ledger Nano S on ED? I understand that he can't confirm transactions since you need to use physical button to approve it.
But did he get your private key/ seed? Could he import that in another Ledger Nano S wallet and send funds from there? Can PIN code prevent that?

Is there something owner of ledger wallet could/should do in this case? Are there any cases in which your private key/mnemoric seed would get exposed and stolen from Ledger Wallet, example: if you are using My Ether Wallet with Nano S and someone would replace their domain?

RGBKey

hero member

Activity: 854

Merit: 658

rgbkey.github.io/pgp.txt

Quote from: jerry0 on December 16, 2017, 10:38:45 PM

Okay let me just get this confirmed. If i get a nano ledger s and then transfer my btc from electrum to nano ledger. Then my nano ledger no longer works or something like that, i would just have to put that 24 word seed from nano ledger and enter that into electrum wallet and it will be recovered? Thus its like if i needed to restore electrum again on the same computer or new computer? I want to make sure of this because i know i would not be able to get a nano ledger s again if the initial one has issues and malfunctions etc.

Yes, because the Nano S uses the BIP39 standard, it is accepted by other wallets. You will be fine. At the very least you can find a tool online to help you recover your wallet.

jerry0

full member

Activity: 1750

Merit: 186

Okay let me just get this confirmed. If i get a nano ledger s and then transfer my btc from electrum to nano ledger. Then my nano ledger no longer works or something like that, i would just have to put that 24 word seed from nano ledger and enter that into electrum wallet and it will be recovered? Thus its like if i needed to restore electrum again on the same computer or new computer? I want to make sure of this because i know i would not be able to get a nano ledger s again if the initial one has issues and malfunctions etc.

Topic: Is Ledger Nano S REALLY SAFE ?? Best Hardware Wallet ? - page 2. (Read 14721 times)