Pages:
Author

Topic: Ledger Nano S Questions (Read 343 times)

hero member
Activity: 491
Merit: 1259
Nihil impunitum
January 26, 2021, 07:01:37 AM
#30
He asked about  the verification of   firmware which has to be flashed during upgrade of Ledger device  rather then about update Ledger Live which is software wallet.
The only way to update Ledger Live on the hardware device is via Ledger Live, and Ledger Live verifies the firmware it downloads before it pushes it to your hardware device. Therefore, if you verify Ledger Live as I have said above, then that is the closest you can get to verifying the actual firmware itself. The hardware device itself will also verify the firmware is genuine prior to installation.

I know that Ledger Live is the only way to upgrade firmware of  Ledger device. Ledger Live has the ability to  verify that firmware     but as I said there is no way to check what we get at the end, i.e. what bytes stream is flushing  Ledger wallet.  So my point was that  the reference to https://ledger-live-tools.now.sh/lld-signatures is controversial,   it is valid for verification of  Ledger Live solely.

What is left for him is to believe that there is no middle man in communication channel used when upgrading device and  trust Ledger SAS - company behind that hardware wallet.
legendary
Activity: 2730
Merit: 7065
January 31, 2021, 05:54:03 AM
#29
The only way to update the firmware on the hardware device is via Ledger Live, and Ledger Live verifies the firmware it downloads before it pushes it to your hardware device.
Exactly. During the firmware installation, Ledger will show an identifier in Ledger Live that you need to compare with the code displayed on the screen of your hardware wallet. That is all you can do in terms of verifying what you are installing. But even if you don't verify the code, you still can't install a malicious third party firmware on your device, in the same way that you can't install a fake app either. 
legendary
Activity: 2268
Merit: 18711
January 26, 2021, 05:55:14 AM
#28
He asked about  the verification of   firmware which has to be flashed during upgrade of Ledger device  rather then about update Ledger Live which is software wallet.
The only way to update the firmware on the hardware device is via Ledger Live, and Ledger Live verifies the firmware it downloads before it pushes it to your hardware device. Therefore, if you verify Ledger Live as I have said above, then that is the closest you can get to verifying the actual firmware itself. The hardware device itself will also verify the firmware is genuine prior to installation.
legendary
Activity: 2268
Merit: 18711
January 26, 2021, 02:26:58 AM
#27
What is a mnemonic?  You mean the word seeds?
Yes.
newbie
Activity: 29
Merit: 7
January 25, 2021, 07:07:25 PM
#26

Concerning Ledger Live, if it’s the original source you downloaded the software from, then you should be ok. Regardless, anytime you perform a firmware upgrade, you should probably make sure you’ve got your mnemonic handy in case anything goes wrong.


What is a mnemonic?  You mean the word seeds?
legendary
Activity: 1932
Merit: 4602
January 25, 2021, 03:21:11 PM
#25
I have crypto, if I update firmware, is it ok to update while coins are attached to the wallet?
The firmware can be updated. Then you may need to install applications again. All coins will be in your wallet.

If you have the opportunity, then buy a wallet for cash in a store so as not to give your personal data to anyone.

Here all the stolen data is in text format, you can search for this and your loved ones to warn them
Code:
https://intelx.io/?s=8761746e-d333-4256-bbcd-9100c8722799
legendary
Activity: 2268
Merit: 18711
January 25, 2021, 12:58:20 PM
#24
I'm interested because I purchased the nano x and want to make sure to protect  myself.
Depending on when you purchased it, and whether or not your purchased it directly from Ledger or from a third party, you may or may not have had your personal details exposed. The data breach does not affect the integrity of your Ledger device itself.

Also, I'm no expert, but if you got hacked, why would you want to buy from Amazon and not directly from ledger?
Somewhat ironically, people who purchased through third party resellers such as Amazon (which the general advice was not to do) have been protected from this data breach since Ledger never had their personal details in their database.

My ledger live app is telling me i need to update firmware on the device.  Is that safe to do?  How do I know thats not a hack in itself to get your orivate key?
You can verify Ledger Live using the hashes and public key available here: https://ledger-live-tools.now.sh/lld-signatures
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
January 25, 2021, 11:46:13 AM
#23
<...>
You can have a read through threads on the forum such as this one: Ledger SMS phishing campaign – New Leak (believe it or not). You’ll see references to:

Leak 1:
-   a breach in their customer email database (1M++ exposed)
-   a breach in their marketing database (phone, address, email, full name) -> 272K++ leaked -> not the initial 9,5K stated by Ledger.

Leak 2:
-    a breach in their marketing database through an API with Shopify -> 292K++ leaked (theoretically, a superset of the 272K).

Concerning Ledger Live, if it’s the original source you downloaded the software from, then you should be ok. Regardless, anytime you perform a firmware upgrade, you should probably make sure you’ve got your mnemonic handy in case anything goes wrong.
newbie
Activity: 7
Merit: 6
January 25, 2021, 11:09:42 AM
#22
Can you explain the ledger hack and how you were exposed?

Stick your email address into https://haveibeenpwned.com/ and see how many breaches you've been in.

As for your other questions... I'm not the best person to ask being a newbie myself!
newbie
Activity: 29
Merit: 7
January 25, 2021, 08:23:55 AM
#21
I was exposed during the Ledger hack, but should I buy a Nano X I will be getting from somewhere like Amazon and get it delivered to an amazon locker.

Can you explain the ledger hack and how you were exposed?  I'm interested because I purchased the nano x and want to make sure to protect  myself.  

Also, I'm no expert, but if you got hacked, why would you want to buy from Amazon and not directly from ledger?

My ledger live app is telling me i need to update firmware on the device.  Is that safe to do?  How do I know thats not a hack in itself to get your orivate key?  

I have crypto, if I update firmware, is it ok to update while coins are attached to the wallet?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
January 22, 2021, 11:02:15 AM
#20
As for the selling and buying of a second hand Ledger, surely it is only good practice to restore it/enter the pass code wrong 3 times to get it back to factory settings with a new pass phrase? The same should be said for any wallet, right?!

Resetting to factory values should be enough so that no one can take possession of your seed anymore, but since there is always some small chance that someone will find a way to get that information out of the device (theoretically only), I personally would never sell or gave someone the hardware wallet I used.

When you say "any wallet", I guess you mean hardware wallets - so even though I can't say 100% that this is the case, all these devices should more or less work on the same principle. I suggest you avoid buying used devices, there is too much risk for too little savings you can get.

newbie
Activity: 7
Merit: 6
January 22, 2021, 09:10:51 AM
#19
A lot of food for thought here, and I've learned a lot for sure. I was exposed during the Ledger hack, but should I buy a Nano X I will be getting from somewhere like Amazon and get it delivered to an amazon locker.

It's good that I can use multiple ledger devices to manage the same account.

As for the selling and buying of a second hand Ledger, surely it is only good practice to restore it/enter the pass code wrong 3 times to get it back to factory settings with a new pass phrase? The same should be said for any wallet, right?!
legendary
Activity: 1932
Merit: 4602
January 22, 2021, 03:27:16 AM
#18
Does nano s has limit on coins only or on tokens as well? Like can you store unlimited erc20 and other blockchain tokens?
Not all tokens are supported by the ledger live .
I don't use ledger live  for tokens.
Use metamask with ledger. In metamask, you can add any tokens on the Ethereum blockchain to the wallet interface and trade them on uniswap,
other exchanges, or send transactions.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
January 22, 2021, 02:51:46 AM
#17
<...>
If you are concerned about any crypto asset in particular, you can take a look at the list of those supported here:
https://www.ledger.com/supported-crypto-assets

The list is massive, so you may need to play around with the filters at the top.

There’s also this you may want to look into:
https://support.ledger.com/hc/en-us/articles/360011842739-List-of-supported-token-types
legendary
Activity: 2758
Merit: 6830
January 21, 2021, 11:18:57 PM
#16
Does nano s has limit on coins only or on tokens as well? Like can you store unlimited erc20 and other blockchain tokens?
The limit is on the number of apps installed on the device. You don't need to install an app for every ERC20 token (like USDC, USDT, etc...). You just need the ETH app.

Remember that every ERC20 token lives on top of Ethereum, so all your device sees is your ETH interacting with a contract. So... yes, no limit.
hero member
Activity: 2520
Merit: 952
January 21, 2021, 10:57:58 PM
#15
Does nano s has limit on coins only or on tokens as well? Like can you store unlimited erc20 and other blockchain tokens?
legendary
Activity: 1876
Merit: 3132
January 21, 2021, 08:29:14 PM
#14
When I set up my nano x, i turned it on without the live app and it generated a recovery phrase.  I assume once you generate a recovery phrase this way, you wont be able to "restore an existing wallet" once you are on the app cause you already generated a recovery phrase to that device?  Is that correct?

You don't need Ledger Live to restore an existing wallet. You must have selected "Set up as a new device" during the initial setup. See this YouTube video from Ledger. You can restore an existing wallet after you generate a new wallet if you wipe your device (either by doing so in the settings or by entering an incorrect PIN three times).
newbie
Activity: 29
Merit: 7
January 21, 2021, 08:11:22 PM
#13

In the beginning, you are asked if you want to create a new wallet or restore an existing one. You won't get a new recovery phrase if you choose the latter option.

When I set up my nano x, i turned it on without the live app and it generated a recovery phrase.  I assume once you generate a recovery phrase this way, you wont be able to "restore an existing wallet" once you are on the app cause you already generated a recovery phrase to that device?  Is that correct?
legendary
Activity: 1876
Merit: 3132
January 21, 2021, 07:26:27 PM
#12
1) If you get a new device and use your old device's recovery phrase on the new device, what do you do with your new device's recovery phrase?  Do you keep both recovery phrases? Or which one to keep?

In the beginning, you are asked if you want to create a new wallet or restore an existing one. You won't get a new recovery phrase if you choose the latter option.

2) Can't you just send the crypto to the new wallet instead?

Of course, you can. However, that could involve a couple of transactions if someone used multiple accounts or coins.

3) Someone mentioned resetting your old device back to factory defaults and selling it.  Does the resetted device generate an entirely new recovery phrase, or the same one?  I personally wouldnt buy someone's old device.

Yes, it does. Otherwise, you would have to buy a new device if you somehow exposed your seed.
newbie
Activity: 29
Merit: 7
January 21, 2021, 06:46:46 PM
#11
Not to hijack the thread, but to add to it with a few questions. 

1) If you get a new device and use your old device's recovery phrase on the new device, what do you do with your new device's recovery phrase?  Do you keep both recovery phrases? Or which one to keep?

2) Can't you just send the crypto to the new wallet instead?

3) Someone mentioned resetting your old device back to factory defaults and selling it.  Does the resetted device generate an entirely new recovery phrase, or the same one?  I personally wouldnt buy someone's old device.
Pages:
Jump to: