Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 10. (Read 4835 times)

The only blog post they have made since this was shared 18 days ago (which is far more than "In the coming days" implies), is this one: https://www.ledger.com/blog/ledger-live-expands-cosmos-support-with-xprt-nom-qck-coins

Shows you exactly where their priorities lie. Instead of actually addressing this mess, they focus instead on implementing more shitcoins and staking to drive more profits for themselves.

Security is so boring! Shitcoins are the real important stuff!

 

There are no exact dates, but the way it was written suggests that we should already be somewhere between phase #2 and #3 if everything went according to plan. A few days after the roadmap announcement, they were supposed to release a Ledger Recover whitepaper and technical posts explaining the Recover feature. And a few weeks after that, parts of their Recover framework was supposed to become open-source. Etc., etc.,. It's just a waiting game now.

The roadmap doesn't specify a time frame for each phase. The start of a new phase could happen tomorrow (no, definitely not) or sometime later (until users completely forget about it). Vague dates, wording, promises - all this suggests that the role of the pseudo-roadmap is a distraction and a way to make the user calm down, stop fanning the fire of discontent and anger at the recovery function. It seems that Ledger succeeded. People got angry and quieted down.

The roadmap picture has done its job, now the obligations to fulfill the promised can be abandoned and forgotten. Does anyone still believe liars after they have repeatedly lied to?


That's right, they will have a second attempt to push through and impose a recovery function on users, which the ledger will definitely take advantage of. Sooner or later, they will do what they intended, as soon as they process and prepare users for blind acceptance.

Good point. My guess is that they have put everything on hold for the time being. Ledger Recover has not received the reception they anticipated, and now they have to figure out how to re-introduce it with as little damage as possible to their company and future profits. Good luck with that Ledger...

Sooo... where are we on this roadmap? I was promised some blog posts.

Did I miss the blog posts?

Or did they just a slap some random bullshit timeline together with no intention of sticking even to the bare minimum?

It's almost as if they've quietly moved on from that matter...

I think that this process (brainwashing) would not be suitable for the user base you mention, because you cannot brainwash someone who does not understand the basics, and I will dare to say that at least 80% of all those who own Bitcoin or some altcoins are not even aware of what Bitcoin is (in a slightly more detailed sense), let alone what it means to be your own bank.

Consequently, if someone offers a service that is diametrically opposed to what they primarily offered, only a person without a bit of common sense will accept it.

Lol. Good find. SEC literally ordering Binance to hand over all customer funds and private keys.

Ledger: "We would only hand over your seed to the government in the case of a subpoena for terrorism or similar, which is never going to happen, so there is nothing to worry about."
US Government: "Hold my beer."

Their support team are limited to guesswork and regurgitating information from elsewhere. They apparently have been told absolutely nothing about Ledger Recover, and all they know is what the rest of us know from reading the Ledger website and Twitter:

"Fool Me Once, Shame on You; Fool Me Twice, Shame on Me"[1]. I am always available to help people to reach their own Sovereignty, either in the forum or other similar setting, publicly or privately. What I can't have pity on is people that, despise all the red flags and warnings regarding the services or the wallets that they use, still decide to keep their funds / trust on those same services (or, even worse, transferring their funds to a similar service).

It's a shame that Ledger brainwashed some of their userbase in thinking that this service actually is more of a help to them than a risk (and how it goes against with everything they stand for). I can't wait to see the release of the Whitepaper of the process so that we can finally have even more arguments to spread awareness about the service.

---

[1]https://knowyourphrase.com/fool-me-once

If it's a universal decryption key, don't forget about the requirement of undergoing KYC. Sure, that data could also be stolen from a compromised computer. We can only hope that those who opt-in for Ledger Recover will be asked for an extensive KYC verification during seed recovery. I am talking about live video verification, and not simple selfies. Another worrisome piece of the puzzle is that AI software progresses at a rapid pace and it's scary what it can do.

I doubt those poor bastards can be of much help. All they can do is tell you what they have been told from up above or copy/paste some nonsense making them look unknowledgeable.

Jesus Christ, with all of this scammy shit going on I'm now really regretting that I didn't major in computer science.  Not that it would have helped me discover that Gigabyte mobo backdoor or anything of the sort, but I think I'd feel more secure with just a bit more knowledge about how tech works.  Ah well, it's too late now.

I'm still following the Ledger subreddit and it's amazing that they still have so many supporters, presumably people who ought to know better than to keep trusting them.  As I said previously, many of them just don't get the points being made in this thread, i.e., that as long as that backdoor exists it doesn't matter if you subscribe to their recovery service or not; Ledger can access your keys whenever they want.

Wrote the following questions to Ledger support:
How will the seed recovery process take place on a new wallet?
Where will the decryption keys be stored and how will they be transferred to the new Ledger?
My request is accepted, it has been assigned id 1138638
If they send an answer, I undertake to publish it here without any changes.

Surely some users are aware that the SEC has pressed charges against Binance[1] this week. I have taken a look at the document[2] and had a laugh when I saw this particular entry on it:
Granted we already know the dangers of using the wallets provided by CEX's , but I do wonder what would happen if a similar process happens within any company holding the shards? Why can't people realize how enormous is the risk associated with having their funds in someone else's hands? It is even worse when they are paying $9.99 for it...

---

[1]https://www.sec.gov/news/press-release/2023-101
[2]https://storage.courtlistener.com/recap/gov.uscourts.dcd.256060/gov.uscourts.dcd.256060.4.1.pdf

My point is we do not need to wait on any further information from Ledger.

We already know the following pieces of information:

So in summary:
1 - Your Ledger Nano device creates three encrypted shards
2 - These shards are transmitted to three third parties for storage
3 - The decryption key must also be stored by at least one of these third parties, since you can recover everything using a brand new device.*

Therefore, we can deduce that at some point, all the information necessary to recover your seed phrase (shards + decryption key) must be transmitted from your Ledger Nano device to these third parties. The only way for this to happen is via your internet connected computer. It does not matter if the encryption takes place solely within the Nano device, nor does it matter what decryption algorithm is used. All the information must pass through your computer. Therefore, if your computer is compromised, your funds can be stolen.

---

*The only alternative to this is that the decryption key is identical for every Ledger Nano device and so is simply stored on the device itself and not transmitted at all, but in this case any attacker can just buy a Ledger Nano and have access to the decryption key, so it makes no difference to the final conclusion that if your computer is compromised your funds can be stolen.

I just described an example of how this can be implemented. All Ledger nano X wallets have unique bluetooth identifiers, so what's stopping them from adding something like that to security chips? It would also be a great stupidity on their part to transfer the seeds in an unprotected form. When they launch this service will be more clear, now one can only guess.

I agree. I was trying to explain to tenant48 that his idea about each Ledger device having a unique key pair doesn't hold up because it would render the decryption of shreds on a new device impossible. It just doesn't make logical sense in that context.


Absolutely! The whole idea behind a hardware wallet is to eliminate as many potential attack points as you can, not to introduce new ones, no matter how insignificant they might seem. Safety first, no compromises!

This means all shreds pass through your computer, and through Ledger Live. If Ledger Live gets compromised, your seed can get compromised. The whole point of a hardware wallet used to be that your security doesn't depend on the security of the computer you're using.

I have no reason to doubt your words, but maybe we should wait for Ledger to release how exactly they envision this system of theirs is supposed to work. More importantly, how and when the encryption will take place. Does the Secure Element have the capacity to encrypt everything on the chip before taking any further actions? Or does the encryption take place in Ledger Live where it could become vulnerable to various attack models?

But that's not how it's supposed to work, according to Ledger. They state that the seed phrase undergoes encryption and is divided into three shreds. These shreds are then directly sent to the three custodians from the Ledger device itself. When a recovery is requested, these encrypted parts are sent back to the new or old hardware device and decrypted back in the recovery seed. Nowhere does it mention that the shreds must pass through any Ledger server for encryption or decryption during recovery. Additionally, the process you described would imply that Ledger stores all private encryption keys from every device they have ever produced on their servers, which would create a single point of failure. It wouldn't make sense to keep such a system in place, and the entire process of splitting the recovery seed into shreds and distributing them to three different custodians wouldn't make sense in that case.

If you are like DeKwon than you can try his tactics of swallowing hardware wallet (or seed phrase) when police comes for you... than you can play the bail game with government 

That was my point all along since I am following that subject for a while.
Secure element is almost worthless if it is closed source, since they have signed NDA with manufacturer they can do whatever they want and they must cooperate with government parasites.

I think this is also a flaw of Shamir Secret Sharing scheme (that ledger is planning to use), that is trying to mimic multisig setup as a poor man choice.
If they used proper Multisig setup maybe single point of failure could be avoided, even with this stupid Recover feature.

Each Ledger has a security chip that can have a unique private and public key. All Ledger needs is to get your seed from two sources, decrypt it at home, then read the unique public key from your new Ledger and re-encrypt the seed individually for your instance. I don't see any difficulties here.