Ledger Nano S Questions | Bitcointalksearch.org

xenon131

hero member

Activity: 491

Merit: 1259

Nihil impunitum

Quote from: o_e_l_e_o on January 26, 2021, 05:55:14 AM

Quote from: ?? on ??

He asked about the verification of firmware which has to be flashed during upgrade of Ledger device rather then about update Ledger Live which is software wallet.

The only way to update Ledger Live on the hardware device is via Ledger Live, and Ledger Live verifies the firmware it downloads before it pushes it to your hardware device. Therefore, if you verify Ledger Live as I have said above, then that is the closest you can get to verifying the actual firmware itself. The hardware device itself will also verify the firmware is genuine prior to installation.

I know that Ledger Live is the only way to upgrade firmware of Ledger device. Ledger Live has the ability to verify that firmware but as I said there is no way to check what we get at the end, i.e. what bytes stream is flushing Ledger wallet. So my point was that the reference to https://ledger-live-tools.now.sh/lld-signatures is controversial, it is valid for verification of Ledger Live solely.

Quote from: ?? on ??

What is left for him is to believe that there is no middle man in communication channel used when upgrading device and trust Ledger SAS - company behind that hardware wallet.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: o_e_l_e_o on January 26, 2021, 05:55:14 AM

The only way to update the firmware on the hardware device is via Ledger Live, and Ledger Live verifies the firmware it downloads before it pushes it to your hardware device.

Exactly. During the firmware installation, Ledger will show an identifier in Ledger Live that you need to compare with the code displayed on the screen of your hardware wallet. That is all you can do in terms of verifying what you are installing. But even if you don't verify the code, you still can't install a malicious third party firmware on your device, in the same way that you can't install a fake app either.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: ?? on ??

He asked about the verification of firmware which has to be flashed during upgrade of Ledger device rather then about update Ledger Live which is software wallet.

The only way to update the firmware on the hardware device is via Ledger Live, and Ledger Live verifies the firmware it downloads before it pushes it to your hardware device. Therefore, if you verify Ledger Live as I have said above, then that is the closest you can get to verifying the actual firmware itself. The hardware device itself will also verify the firmware is genuine prior to installation.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: Bitman7976 on January 25, 2021, 07:07:25 PM

What is a mnemonic? You mean the word seeds?

Yes.

Bitman7976

newbie

Activity: 29

Merit: 7

Quote from: DdmrDdmr on January 25, 2021, 11:46:13 AM

Concerning Ledger Live, if it’s the original source you downloaded the software from, then you should be ok. Regardless, anytime you perform a firmware upgrade, you should probably make sure you’ve got your mnemonic handy in case anything goes wrong.

What is a mnemonic? You mean the word seeds?

zasad@

legendary

Activity: 1932

Merit: 4602

Quote from: Bitman7976 on January 25, 2021, 08:23:55 AM

I have crypto, if I update firmware, is it ok to update while coins are attached to the wallet?

The firmware can be updated. Then you may need to install applications again. All coins will be in your wallet.

If you have the opportunity, then buy a wallet for cash in a store so as not to give your personal data to anyone.

Here all the stolen data is in text format, you can search for this and your loved ones to warn them

Code:

https://intelx.io/?s=8761746e-d333-4256-bbcd-9100c8722799

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: Bitman7976 on January 25, 2021, 08:23:55 AM

I'm interested because I purchased the nano x and want to make sure to protect myself.

Depending on when you purchased it, and whether or not your purchased it directly from Ledger or from a third party, you may or may not have had your personal details exposed. The data breach does not affect the integrity of your Ledger device itself.

Quote from: Bitman7976 on January 25, 2021, 08:23:55 AM

Also, I'm no expert, but if you got hacked, why would you want to buy from Amazon and not directly from ledger?

Somewhat ironically, people who purchased through third party resellers such as Amazon (which the general advice was not to do) have been protected from this data breach since Ledger never had their personal details in their database.

Quote from: Bitman7976 on January 25, 2021, 08:23:55 AM

My ledger live app is telling me i need to update firmware on the device. Is that safe to do? How do I know thats not a hack in itself to get your orivate key?

You can verify Ledger Live using the hashes and public key available here: https://ledger-live-tools.now.sh/lld-signatures

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: Bitman7976 on January 25, 2021, 08:23:55 AM

<...>

You can have a read through threads on the forum such as this one: Ledger SMS phishing campaign – New Leak (believe it or not). You’ll see references to:

Leak 1:
-   a breach in their customer email database (1M++ exposed)
-   a breach in their marketing database (phone, address, email, full name) -> 272K++ leaked -> not the initial 9,5K stated by Ledger.

Leak 2:
-    a breach in their marketing database through an API with Shopify -> 292K++ leaked (theoretically, a superset of the 272K).

Concerning Ledger Live, if it’s the original source you downloaded the software from, then you should be ok. Regardless, anytime you perform a firmware upgrade, you should probably make sure you’ve got your mnemonic handy in case anything goes wrong.

HoddzDJ

newbie

Activity: 7

Merit: 6

Quote from: Bitman7976 on January 25, 2021, 08:23:55 AM

Can you explain the ledger hack and how you were exposed?

Stick your email address into https://haveibeenpwned.com/ and see how many breaches you've been in.

As for your other questions... I'm not the best person to ask being a newbie myself!

Bitman7976

newbie

Activity: 29

Merit: 7

Quote from: HoddzDJ on January 22, 2021, 09:10:51 AM

I was exposed during the Ledger hack, but should I buy a Nano X I will be getting from somewhere like Amazon and get it delivered to an amazon locker.

Can you explain the ledger hack and how you were exposed? I'm interested because I purchased the nano x and want to make sure to protect myself.

Also, I'm no expert, but if you got hacked, why would you want to buy from Amazon and not directly from ledger?

My ledger live app is telling me i need to update firmware on the device. Is that safe to do? How do I know thats not a hack in itself to get your orivate key?

I have crypto, if I update firmware, is it ok to update while coins are attached to the wallet?

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: HoddzDJ on January 22, 2021, 09:10:51 AM

As for the selling and buying of a second hand Ledger, surely it is only good practice to restore it/enter the pass code wrong 3 times to get it back to factory settings with a new pass phrase? The same should be said for any wallet, right?!

Resetting to factory values should be enough so that no one can take possession of your seed anymore, but since there is always some small chance that someone will find a way to get that information out of the device (theoretically only), I personally would never sell or gave someone the hardware wallet I used.

When you say "any wallet", I guess you mean hardware wallets - so even though I can't say 100% that this is the case, all these devices should more or less work on the same principle. I suggest you avoid buying used devices, there is too much risk for too little savings you can get.

HoddzDJ

newbie

Activity: 7

Merit: 6

A lot of food for thought here, and I've learned a lot for sure. I was exposed during the Ledger hack, but should I buy a Nano X I will be getting from somewhere like Amazon and get it delivered to an amazon locker.

It's good that I can use multiple ledger devices to manage the same account.

As for the selling and buying of a second hand Ledger, surely it is only good practice to restore it/enter the pass code wrong 3 times to get it back to factory settings with a new pass phrase? The same should be said for any wallet, right?!

zasad@

legendary

Activity: 1932

Merit: 4602

Quote from: libert19 on January 21, 2021, 10:57:58 PM

Does nano s has limit on coins only or on tokens as well? Like can you store unlimited erc20 and other blockchain tokens?

Not all tokens are supported by the ledger live .
I don't use ledger live for tokens.
Use metamask with ledger. In metamask, you can add any tokens on the Ethereum blockchain to the wallet interface and trade them on uniswap,
other exchanges, or send transactions.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: libert19 on January 21, 2021, 10:57:58 PM

<...>

If you are concerned about any crypto asset in particular, you can take a look at the list of those supported here:
https://www.ledger.com/supported-crypto-assets

The list is massive, so you may need to play around with the filters at the top.

There’s also this you may want to look into:
https://support.ledger.com/hc/en-us/articles/360011842739-List-of-supported-token-types

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: libert19 on January 21, 2021, 10:57:58 PM

Does nano s has limit on coins only or on tokens as well? Like can you store unlimited erc20 and other blockchain tokens?

The limit is on the number of apps installed on the device. You don't need to install an app for every ERC20 token (like USDC, USDT, etc...). You just need the ETH app.

Remember that every ERC20 token lives on top of Ethereum, so all your device sees is your ETH interacting with a contract. So... yes, no limit.

libert19

hero member

Activity: 2520

Merit: 952

Does nano s has limit on coins only or on tokens as well? Like can you store unlimited erc20 and other blockchain tokens?

Rath_

legendary

Activity: 1876

Merit: 3132

Quote from: Bitman7976 on January 21, 2021, 08:11:22 PM

When I set up my nano x, i turned it on without the live app and it generated a recovery phrase. I assume once you generate a recovery phrase this way, you wont be able to "restore an existing wallet" once you are on the app cause you already generated a recovery phrase to that device? Is that correct?

You don't need Ledger Live to restore an existing wallet. You must have selected "Set up as a new device" during the initial setup. See this YouTube video from Ledger. You can restore an existing wallet after you generate a new wallet if you wipe your device (either by doing so in the settings or by entering an incorrect PIN three times).

Bitman7976

newbie

Activity: 29

Merit: 7

Quote from: Rath_ on January 21, 2021, 07:26:27 PM

In the beginning, you are asked if you want to create a new wallet or restore an existing one. You won't get a new recovery phrase if you choose the latter option.

When I set up my nano x, i turned it on without the live app and it generated a recovery phrase. I assume once you generate a recovery phrase this way, you wont be able to "restore an existing wallet" once you are on the app cause you already generated a recovery phrase to that device? Is that correct?

Rath_

legendary

Activity: 1876

Merit: 3132

Quote from: Bitman7976 on January 21, 2021, 06:46:46 PM

1) If you get a new device and use your old device's recovery phrase on the new device, what do you do with your new device's recovery phrase? Do you keep both recovery phrases? Or which one to keep?

In the beginning, you are asked if you want to create a new wallet or restore an existing one. You won't get a new recovery phrase if you choose the latter option.

Quote from: Bitman7976 on January 21, 2021, 06:46:46 PM

2) Can't you just send the crypto to the new wallet instead?

Of course, you can. However, that could involve a couple of transactions if someone used multiple accounts or coins.

Quote from: Bitman7976 on January 21, 2021, 06:46:46 PM

3) Someone mentioned resetting your old device back to factory defaults and selling it. Does the resetted device generate an entirely new recovery phrase, or the same one? I personally wouldnt buy someone's old device.

Yes, it does. Otherwise, you would have to buy a new device if you somehow exposed your seed.

Bitman7976

newbie

Activity: 29

Merit: 7

Not to hijack the thread, but to add to it with a few questions.

1) If you get a new device and use your old device's recovery phrase on the new device, what do you do with your new device's recovery phrase? Do you keep both recovery phrases? Or which one to keep?

2) Can't you just send the crypto to the new wallet instead?

3) Someone mentioned resetting your old device back to factory defaults and selling it. Does the resetted device generate an entirely new recovery phrase, or the same one? I personally wouldnt buy someone's old device.

Topic: Ledger Nano S Questions (Read 343 times)