Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 9. (Read 4835 times)

I am always suspicious of these alleged videos that appear.

And that normally in this moment of alert, it is. That these videos appear, but the fundamental thing is always missing: When was it made? Is the context complete or am I taken out of context? If he said that, before this mess, why is it only now being revealed/talked about? It was said and no one believed it, why?

Either way, it's often said that where there's smoke, there's fire. So we have to remain very attentive to all the information that comes out, and evaluate in detail.

This is pathetic! So the "Support" guy says he's not an expert and doesn't bother to ask someone else, then tells you to wait, and forwards you to a collection of 30 posts that are each shorter than a SMS instead of a clear article on their own website? They can't seriously expect people to read Twitter for technical information on their product, right?

This also means they released their new "product" before they had the details sorted out. Does that mean they were hoping to hype it, and truely didn't expect the massive backlash they got instead? Lol.

So they are employing the well know tactic of "It will be released when it's ready". I fully expected that behaviour from them, considering the kind of company that they are. No surprises here.

---

BTW @o_e_l_e_o you'll find this amusing - I've just found this[1] video circulating on Twitter and Reddit where Pascal Gauthier, Ledger CEO's, talks about privacy in their products:

Got this response from Ledger:

I’m not an expert, we have tons of educational materials in the pipeline including a white-paper detailing the multiple layers of encryption employed. Ultimately I don’t want to give you incorrect information, so I encourage you to keep an eye on Ledger academy for more information.

Our CTO also outlines some technical details here.

But personally I'd recommend waiting for the whitepaper, as it will break all of this down clearly, and should be able to answer any questions regarding the encryption, and the nuances of how it operates!

Here is everything related to Ledger Recover from the sent link:

Of course this doesn't explain much, we'll have to wait for them to prepare more detailed explanations.

I also disliked the "Attach to PIN" feature, and I've spoken before about why I don't think people should use it. As you say it reduces the security of your passphrase to a simple PIN, and it also means that your passphrase is stored on the device rather than wiped after use when using a temporary passphrase. However, it does serve one useful purpose in specific niche cases and that's plausible deniability. You can have your main wallet with no passphrase holding a small amount of coins, and then you can also have a wallet with a passphrase attached to a secondary PIN holding a little more funds, which you can also hand over to an attacker. Meanwhile, you can have the bulk of your funds stored behind one or more other passphrases which you don't reveal.

It's up to the user to consider whether such a feature would actually deter an attacker, though. And since I keep my funds spread out across multiple wallets on multiple different mediums, then I never used this feature even when I did use Ledger devices.

Agreed. Hot wallets are only as secure as the device you keep them on. Ledger Recover is only as secure as a bunch of devices that you are trusting complete strangers to keep secure. Does anyone want to sit and add up all the times that centralized exchanges or other centralized crypto services have been hacked or sold/shared/leaked data?

Ledger has successfully blurred the line between malicious and "harmless" updates: both can now be used to extract seed words along with passphrases directly from a hardware wallet and in both cases, you are paying a price. Naturally, they could have stolen users' funds directly via Ledger Live malicious update, but it would break a continuous flow of income, which they strive to.

It is worse not only because of the services it offers but also because of implementation details and design decisions that imply keeping all eggs in one basket: anyone having physical access to a device will have all the information needed to steal the funds, anyone who has remote access to your device (like trusted third parties offering Recovery service) will also have everything. Curiously, they can reconstruct the history of your transactions and hand over it directly to IRS and other government entities without your permission.

"Could have"? Why not both? We have no way of checking anyway!

I'd say it's worse than a hot wallet: I use several different hot wallets (for small amounts), and I'd never use Ledger's "pay us to give us your seed phrase" scheme.

No, I wasn't saying you won't be able to recover your hidden wallet in some other wallet software. I am saying Ledger tries to make passphrases less secure and more user-friendly, which, together with the announced Recovery service, is going to make a hardware wallet no better than a regular hot wallet. Passphrases should be kept separately both from the seed phrase and a hardware wallet itself: that's a rule that should be followed regardless of proficiency in security matters. Ledger relies too much on encryption and third parties not breaking trust and not sharing user data with unwanted entities, but we all know that the former will not protect if the decryption key is revealed, and the latter just goes against Bitcoin principles themselves.

The "25th word" is a misnomer like the "13th word" for 12-word mnemonics and it usually used to mean the password that is used alongside a BIP39 mnemonic to derive the master public key.

By using a PIN to encrypt the BIP39 password, it reduces the security of said password to the strength of the PIN, especially since most PINs are short sequences of numbers.

BTW: This whole "Open Source Roadmap" is missing one important entry: To open-source the entire Ledger firmware!

You basically throw your mnemonic words in a sanitized form together with the string "mnemonic" and an optional mnemonic passphrase (trailing space(s) matter!, I wouldn't speak of it as a 25th word because it's not necessarily a single word, contrary to the 12, 15, 18, 21 or 24 single mnemonic seed words) into a 2048 rounds of PBKDF2 with HMAC-SHA512 to get 64 bytes which are then further mangled in the so called BIP32 Root Key Derivation. See here: https://learnmeabitcoin.com/technical/mnemonic#mnemonic-to-seed

From a fixed set of mnemonic seed words any optional mnemonic passphrase gives an individual and unique wallet, there's no right or wrong like with a password or so. If you make a mistake in the optional mnemonic passphrase you get an empty wallet, if you get it right, you get your "hidden" wallet with your coins if you have transfered some coins on this "hidden" wallet's addresses.

Please ELI5. What I have learned is that the added passphrase, or the "25th seed word", is a feature all BIP-39 compliant wallets have that generates a new set of keys. It's doesn't matter if the user owns/uses a Trezor, a Ledger, or any kind of hardware or software wallet. If the user enters his 24 seeds + his passphrase, the output will always be his/her "hidden wallet". Are you saying it's not?

When setting up a passphrase for your Ledger hardware wallet, you basically have two options: insert a passphrase every time you want to get access to "hidden" wallets or attach it to a PIN code, meaning that your passphrase will be recorded somewhere in a hardware wallet's memory and may be extracted and used after a PIN code was entered. In other words, Ledger adds a "Remember me" button for passphrases that essentially negates all the benefits of "25th word" and hidden wallets by making them publicly available for anyone knowing a short PIN code. Given that the Recovery feature doesn't make sense in cases where a user has set up a passphrase since a seed phrase alone is insufficient to get access to coins, it would make sense for Ledger developers to include a passphrase into this encrypted transfer scheme, especially considering the fact that it is equally important for a successful recovery and already sitting in a device's memory. Ledger developers could have issued malicious firmware stealing users' seed phrases and passphrases, but finally decided it would be more beneficial to create a service that people subscribe to and share private keys and identity information with absolutely voluntarily.

More information:

https://support.ledger.com/hc/en-us/articles/4983095135261-How-to-recover-your-passphrase-accounts-?support=true
https://support.ledger.com/hc/en-us/articles/115005214529-How-to-set-up-a-passphrase-?docs=true
https://m.youtube.com/watch?v=8jiqFYFi698

Here is what Ledger say on the issue:


So in theory, no, the third parties would not know if you are using one or more passphrases. But this all depends on whether you trust what Ledger are saying, since I'm sure there will be zero way for the user to actually verify this.

OK, another shower thought. Would third parties know if I have my real wallet secured behind a passphrase? To illustrate, what if I enable Ledger's recovery feature and make that my "fake wallet", but the real wallet is the wallet that uses the same seed phrase BUT hidden behind a passphrase.

It could be useful if you need a wallet to use for plausible deniability.

 

This roadmap is just laughable at this point. I don't know the concept that they have for "in the coming days" regarding releasing the Whitepaper of this procedure, but I'm sure I'm not the only one thinking that "days" would mean that something would be released rather quickly. Soon this tweet will celebrate its 3rd birthday and so far nothing has been released concerning Ledger Recover (other than the FAQ). The posture changed as well, specifically from Ledger Co-Funder (u/btchip), shifting from "we have to act quickly" to "it'll be posted here when it's available"[1]. Outraging how they keep treating their customers.

---

[1]https://safereddit.com/r/ledgerwallet/comments/1464ocs/my_post_was_removed_for_some_reason/jnpgckh/

We can complain and yell at Ledger in our ivory tower of knowledge and understanding of hardware wallets. We aren't the target users for Ledger, Paris with their opaque "you have to trust us" firmware. It's been said before, Ledger has good marketing and established a mantra that their obscurity model is something good, at least to an audience and user base who is too lazy to learn or understand the basics.

Ledger provoced a shitstorm and does now the sole thing they do well, a lot of bullshit marketing and throwing fog candles to blind the masses. Their eulogy and "dedication" for open-source is a joke and double slap in the face. Their timeline is pure bullshit and fog-in-the-air to delude and calm down opposers.

If someone still thinks the user has everything under control with the buttons on your Ledger NoNo, well good luck with your illusion. You might now have the control, but that must not be the case in the future when Ledger Live nags you to perform a firmware update or nothing will work until you obey.
The opaque firmware controls the MCU and secure element, the MCU controls the display and the buttons AND communicates with the secure element. The hardware buttons aren't wired directly in any way to the secure element where most important magic happens. The secure element runs firmware under control of Ledger and does only what the MCU tells the secure element to execute. The firmware is a black box and Ledger can program whatever they like. That is mostly the reality of Ledger f***ing NoNos. And if Ledger users would put a few brain cells together they could've know this even before the Recovery service debacle. Oh, wait, "You have to trust us"-Ledger lied all the time... too bad.



Don't give 'em ideas. Or paid Ledger Live & firmware updates. Or new Ledger NoNo Rec(t) for a symbolic single figure price but with mandatory Recovery service paid monthly^* (I reuse your starred legend, hehe)

The sad thing is, it works. Turns out they really do know their target audience. I guess crypto is in a pretty cursed state right now -- too niche for everyday use, too mainstream for the crypto-literate people to stay in the majority.



inb4 the introduction of Ledger Autopilot™ -- Keep your hardware wallet automatically updated without any hassle for just $19.99,- a month!*

*subscription fee withdrawn automatically for your convenience

He should keep his mouth shut and worry about how he will save his company, and after all, it is hypocritical of him to criticize any HW at all, because what he really wants is for everyone to use his CEX as a storage wallet. In fact, there is no difference between what Pascal thinks about Ledger HW users and what CZ thinks about the majority of those who own cryptocurrencies.

Whenever I search for "Recover" in either r/ledgerwaller or in Twitter, I'm seeing less and less people asking/talking about it. On the other hand, there are tons of questions regarding when will shitcoin be implemented or why are they unable to trade their shitcoins. They currently don't need to rush the deliverable of their roadmap simply because most of their clients have forgotten that this issue ever started with. And the few that still care are a minority. I just hope that part of this "lack of discussion" is also due to the fact that some clients totally jumped out of that burning ship to other open-sourced wallets.

This thread has a ton of information and statements from almost every high-level person in Ledger (namely CTO and their CEO) regarding their vision of the product. I think the last mention of this mess was this[1] french interview that the CTO gave.

---

[1]https://www.thebigwhale.io/article/charles-guillemet-ledger-la-peur-autour-de-ledger-recover-est-totalement-irrationnelle

I won't mind having a Ledger hardware wallet if they pay me $9.99 monthly for the next 20 months  . I will share my seed phrase with them, but I won't share my identity. I mean, this is not a bad business Idea. I can buy a ledger nano x for $149 at my place, and if I get $10 monthly for the next 20 months, I will have $50 in profits after 20 months. Sounds great. I won't pay them a single penny even if they offer me a free hardware wallet right now. Sometimes companies ruin their user's trust, and it's impossible to build again.

All they want is to make money. They were criticized after the 3rd party seed phrase drama. But does anybody see any comment from them about this matter? The only thing I found is this; Pascal Gauthier, Ledger’s CEO and chairman, pushed back against the critiques on Twitter.

“Backdoor would mean that we control all ledger devices and could run automated updates for example… That’s not the case. Will never be the case. Only you can use functions on your ledger. No one else can enter your pin code and press those buttons…”^[1]

However, CZ criticized them as well ^[2]

---

[1] https://dailyhodl.com/2023/05/18/crypto-hardware-wallet-ledger-responds-to-criticism-of-new-id-based-seed-phrase-recovery-solution/
[2] https://twitter.com/cz_binance/status/1658453341339283457