Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 19. (Read 4835 times)

But at this point with Ledger's statement, all devices (even coldcards for example) that have the same secure element chip are vulnerable or am I wrong?  Because if it's true that until yesterday you couldn't extract the private key, today it seems that it can be done simply via software, and who can guarantee me that it can't be done with others as well?

Hands down worst thing they could ever do, talk about shooting yourself in the foot. Did the company honestly think about how crypto users of their wallets would take this news? They thought they were moving a step in the right direction here I guess. Even with the best intentions this is putting people at even greater risks to malicious and bad actors

I have a few bitcoin savings in Ledger Nano s which I never open since 2 years ago, and I never connect with Live applications except only connect with Electrum. So, does my ledger have an impact or effect? I don't want to try it and don't intend to open it now, because I save it for the next 10-15 years, now, I have doubts if is it really safe to continue it or if I must move my balance to another hardware wallet, Please give me instruction what the best, I'm still young and only have bitcoin as my current investment for future.

I think Ledger want to be the first oficial """"""aproved hardware wallet"""""" by the goverments/stablishment, i cant find another idea about what are they doing.

Because this seem very very similar at how it works the payment system on shops online when you paid with credit/debit card. You never give to the local where you are buying you credit card info, you send that information to a third party who say its OK or not and make the payment in conection with the bank and the commerce.

So i think this its very similar, they are making some lobby and making some new units of business with someone to be the first and only """"LEGAL"""" hardware wallet.
Trusted by some XXX third party companie who the goverment aproves and they are all friend between them.

And yes before you say, they sell their soul to the devil.

From what I can comprehend from Ledger replies all over Twitter, it seems that a prompt will appear on the device screen asking you if you want to subscrive to the service (or a similar message). If you decide to approve by means of physically pressing the button on your Ledger then this circus happens[1]:
Basically they are, once again, saying that a copy of your Secret Recovery Phrase will be encrypted and then sent over to 3 entities by E2E encryption channels. What they keep claiming is that without a user concept, Ledger isn't able to proactively access their users SRP[2]:
Remember o_e_l_e_o previously linked tweet[3]? I'll like you to introduce you to the following statement[4] by Ledger about 4h ago:

Someone correct me if I'm wrong, but isn't Ledger openly admitting that enabling this feature was always possible from the beginning? Isn't this mocking their userbase?

EDIT: Look at this Twitter user[5] - When faced with the decision to evaluate what is worse - either a company accessing their SRP within the secure chip or having the user to type the seed so that Ledger could send it over to their partners - they would prefer to have the last option being implemented which is shocking as both of them goes against the core principles of the products being sold by Ledger. What's even worse is that Ledger comes up and actually says "No, you're wrong, we don't need that, that would go against our motto ( ), we just need your consent and we can syphon away a copy of your SRP and send them over to our partners".

EDIT 2: Ledger just keeps giving wood[6][7] to a fire that keeps on growing:

---

[1]https://nitter.it/Ledger_Support/status/1658828387807264772
[2]https://nitter.it/Ledger_Support/status/1658824425192521728
[3]https://bitcointalksearch.org/topic/m.62258795
[4]https://nitter.it/Ledger_Support/status/1658910942405566485
[5]https://nitter.it/Ledger_Support/status/1658978163047776257
[6]https://nitter.it/Ledger_Support/status/1658892462440456192
[7]https://nitter.it/Ledger_Support/status/1658970979417088000

Right on, that's my worry and that's why even I've got the old one I know that if I try to connect and they forcefully require an update then I have no choice. Thanks, I've missed the tweet part as it's just a milliseconds after I've posted and still got to go through with everything, I'm overwhelmed with the info and technicals that's in here.

---

This kinda give me some biggest concern, as the process everytime we use our Ledgers in doing a transaction, we have to approve it through our devices and this requirement is kind of sick, those that will avail the service should review this first.

Right. But approve what?
Does the person have to repeat the passphrase in order to be registered in this "recovery program"? Or is it just a mere question, which person answers "yes"?

According to their statement

I still haven't been able to figure out one aspect (and maybe no one has figured it out yet):
Is the key automatically collected by Ledger for the person paying for this service, or does the user need to provide the key?

I've seen some reports of users on Reddit and Twitter that actually stand besides Ledger in saying that their keys are still safe if they don't opt-in for this program. This baffles me and I can't honestly understand what's the reasoning for such actions. Not only did they lied, as per the information shared by o_e_l_e_o, but they are gaslighting their audience in saying that their keys a copy of their keys ( ) are only shareable if the user decides to which totally goes against the concept of all their products. And they keep saying this over[1], and over[2] and over[3] again[4], which is ridiculous. They never answer the real question - Why is this feature even possible to be activated by either party?

And here's another article where Ledger tries to make sense of this service[5] where, once again, they explain that the original Ledger device isn't needed to "unlock" the original recovery phrase, which is mind-blowing :

---

[1]https://nitter.it/Ledger_Support/status/1658905804307669008
[2]https://nitter.it/Ledger_Support/status/1658908657482973184
[3]https://nitter.it/Ledger_Support/status/1658905447783440401
[4]https://nitter.it/Ledger_Support/status/1658902661360492553
[5]https://support.ledger.com/hc/en-us/articles/11022833583261

Honestly, more and more I have the feeling that there was a big miscommunication about how everything was going to work and the sentence still cannot be removed. But, the problem is already done and they will hardly be able to go back.

Once doubts are generated at this level, it will be difficult for anyone to go back to believing that portfolios do not have a back door - especially those that are updated in the future.

According to ANSSI  their devices where always vulnerable  in this respect:



The question remains whether their Secure Channel is able to countermeasure that vulnerability



Regardless, two days ago I have moved the whole of my stash to Passport 2.

 

This sounds good on paper, and is apparently supposed to calm down the voices screaming everything is closed-source, but the type of code means nothing in this scenario. The problem is not that we can inspect the code to see that the seed will be divided into 3 parts, encrypted, and then shared with 3 different custodians. The problem is that there is a way for them to do that, and it's a huge security risk combined with a privacy risk since they also require KYC.

They claim Ledger Recover will be open-source and you can verify the code. So what? What prevents them or anyone else to still get access to the shards by working with those custodians behind everyone's back. Not to mention that a serious hack could result in shards landing in the wrong hands.

That statement is still true today. The keys can't leave the secure element unless you pay $9.99 a month for the pleasure of sharing your keys. It's not a time to joke around, but this is as silly as it gets.

An update is irrelevant. As I explained earlier in this thread and in the tweet just above, the whole point of Ledger's Secure Element was that the private keys could never leave the Secure Element. We now know that claim is a lie, and has therefore been a lie since day one. A simple piece of code is all that is required to extract your private keys. All Ledger devices are vulnerable whether or not you opt in to this or update to the latest firmware.

No thanks Ledger. I've got my old nano s and good to see that it's not affected by this unimpressive upgrade of theirs. I'm still trying to absorb all of these questions on my mind while reading the entire thread backreading interesting questions that would do concern everybody's worry on this feature they've just made. I hope that there's a bigger company that would poke them and give them a shake on Ledger's head that this is full of bs update and defeat's the purpose of their own product. Say that even if we've got the old nano s but they can still try to do something and do a force update for its firmware, is that right?

Tweet by Ledger from 6 months ago:


Lol.

At this point I believe the worst thing would be to find out that there is a way to extract the seed from the hard wallet, at least in my opinion.
The fact of making a user enter the seed would only be done according to the user and would not be a design flaw, but a "social" flaw, but for me it's still hard to believe that they actually already have this tool to extract the seed.
The Ledger I own is a nano S, which apparently will not be compatible with this technology, so theoretically I am protected
But I'm afraid of how things might escalate from here on out

Yesterday I saw this tweet:

Source

The user claims that Ledger reportedly wrote a tweet saying that Ledger would create another backup phrase, and that no one would have access to seed, but that tweet was deleted.

Well. This is something I would have never expected a hardware wallet provider to come up with...
I am not that much into conspiracy theories but this is rather very fitting to the concept of inteligency agencies of being able to move, freeze or seize people's money if they find any "reasonable" excuse to do so.

It is very likely the encryption process of the seed means nothing, there must be some master key so the seed is read and recovered for God knows who.

The fact Ledger is the biggest provider of HW devices in the market only makes this to feel worse. Time to go to the isolated PC and paper. I guess.

It's anyone's guess since part of their code is closed source, but it might very well be that this backdoor can't be integrated into the Nano Ledger S for whatever reason -- why else would they want to miss out on that sweet sweet subscription money? On the other hand they might also just want to entice people to upgrade to their latest hardware wallets, because obviously everyone (and their moms, as we have learned) wants this feature.

Either way, at that point the 2.2.1 update is the vulnerability. If you can live without the GUI features even outdated hardware wallets can stay secure for a very long time (with few exceptions that involve physical access).