Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 9.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: o_e_l_e_o on July 07, 2023, 03:43:02 AM

It is hypocritical and dishonest at best, and dangerous at worst. If no one is allowed to build on your code or use your code for anything, then you are going to have far fewer people looking at it, examining it, testing it, using it. As you say, few people can actually interrogate the code themselves, and most users rely on independent developers or power users examining the code of open source projects on their behalf. If you aren't actually allowed to do anything with the code, then there is far less incentive to spend your time going through it.

No one can prevent you from looking at the code and testing it for security vulnerabilities. It's public, go ahead. But you can't use it as a base to build your own software. Whether the code is open-source or not and someone finds bugs or vulnerabilities in it, you can only do one thing. You open an issue about it on GitHub and inform the team. It's the devs who need to patch it up, change it, or get rid of the faulty code. You might say, the software is open-source, I can do it myself. In that case we are going back to the verifiability dilemma. The most important thing is that the necessary code is public so you can go through it and change it according to your needs. In case of the Coldcard, it's equally public as Trezor or Passport. nvK doesn't know what is running on your local machine. Wink

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: LoyceV on July 07, 2023, 07:24:25 AM

Are they even allowed to change from GPL to MIT license?

I have been asking this myself almost all the time when the drama with nvK and his policies came up. I didn't want to follow it closely, therefore I don't know much about the details of licenses of the source code nvK's company used when they built ColdCard firmware.

In my opinion it's a shitshow and an embarrassingly bad one, too. You simply can't argue that you have heavily modified the original code and made your version much much better. It still originates from some license and you have to follow that. It defies the purpose of open-source if you change the license at your personal ego will.

But frankly I lack the knowledge of all the shitshow's details as I don't want to devote time of my life to it.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: o_e_l_e_o on July 04, 2023, 01:24:34 AM

Coldcard also built on many open source libraries (not just Trezor's) when they designed their product. For them to start whining about people building up their open source library is just pure hypocrisy.

Are they even allowed to change from GPL to MIT license?
If they're building on other GPL software, they have to keep the same license for their own software:

Quote from: https://www.endorlabs.com/blog/open-source-licensing-simplified-a-comparative-overview-of-popular-licenses

GNU General Public License (GPL): The GPL is one of the most well-known open source licenses. It is considered a restrictive license, as it requires that any changes made to the code must be released under the same GPL license, and any software that uses the code must also be released under the same GPL license. Additionally, if a user distributes the software, they must also provide the source code and any changes they made to it.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: Pmalek on July 06, 2023, 01:15:06 PM

I called it politics in the past, and I am not interested in it.

It is hypocritical and dishonest at best, and dangerous at worst. If no one is allowed to build on your code or use your code for anything, then you are going to have far fewer people looking at it, examining it, testing it, using it. As you say, few people can actually interrogate the code themselves, and most users rely on independent developers or power users examining the code of open source projects on their behalf. If you aren't actually allowed to do anything with the code, then there is far less incentive to spend your time going through it.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: Synchronice on July 06, 2023, 12:08:06 PM

Quote from: o_e_l_e_o on July 04, 2023, 01:24:34 AM

The code is verifiable, not open source.

I think that's what matters the most, well, at least for me.

If I was looking exclusively for open-source products, I wouldn't let Coldcard's change of license stop me from purchasing their hardware wallet. I called it politics in the past, and I am not interested in it. I certainly don't agree with their development team building on freely available code only to make it unavailable to others once they considered it a finished product. A bitch move! But when people preach the importance of open-source, it's mostly about being able to verify that everything functions as advertised. Even that's something that most people can't do, let alone build upon the code.

Synchronice

hero member

Activity: 882

Merit: 792

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: o_e_l_e_o on July 04, 2023, 01:24:34 AM

Quote from: Synchronice on July 03, 2023, 03:42:47 PM

The fact is, Coldcard is the true creator of the most secure firmware model.

Coldcard also built on many open source libraries (not just Trezor's) when they designed their product. For them to start whining about people building up their open source library is just pure hypocrisy.

That's right, they took an advantage of someone else's work, then built a better one but now they don't want others to take an advantage of their work. Definitely, that's not an ethical way to act.

Quote from: o_e_l_e_o on July 04, 2023, 01:24:34 AM

The code is verifiable, not open source.

I think that's what matters the most, well, at least for me.
By the way, I am slightly out of smerits, so can't reward you but I want to say that you truly are one of the best user on this forum. Thank you for all the effort you put on this forum!

Quote from: RickDeckard on July 04, 2023, 04:09:44 PM

I'm really considering creating an account for Twitter (since I'm not able to use nitter[2] ever since Twitter blocked people from browsing unless they are signed in[3]) just to be able to follow the discussion regarding Ledger in that particular social network and see how people continue to react to the deployment of Ledger Roadmap...

That's the reason why I have never look at Pinterest but I have twitter account Cheesy

Idk if I am late there but you can view Twitter tweets without registration if you see them through google cache.

RickDeckard

legendary

Activity: 1148

Merit: 3117

Quote from: o_e_l_e_o on July 04, 2023, 01:24:34 AM

Here's a post from the CEO of Passport about this: https://www.zherbert.com/an-open-letter-to-nvk-and-coldcard/

A bit off-topic but to add to this story, I recently tried to summarize in a post[1] some background that led to that discussion:

Quote from: RickDeckard on June 22, 2023, 01:57:57 PM

There was a clash between the two some time ago. Zach (Foundation CEO and Co-founder) even made a post in his own blog about it[1]. It mostly started when Matt Odell (seen as an influencer within the crypto community I assume) posted a tweet[2] claiming that all what Foundation did was to clone NVK source code into their product. Besides Matt, even the co-founder and CEO of CoinKite (@nvk[3]) - the producers of Coldcard - was spreading that same information on their Discord channel - that not only did Foundation copied their code but that they were also closed source (you can read more about it on Zack open letter).

I don't know how the situation ended between the two, but I wouldn't be surprised if Foundation (and Zach team) ended up a bit frustrated against this "attack" by nvk and would keep communication on strictly what was needed. You can feel that on Zach closing remarks on his letter:

Quote

Our team would appreciate if you lay off the character attacks and untrue statements. Let us know if we’ve done something wrong. But in an open source world, we need to build on each other’s work in order to bring Bitcoin to the masses.

[1]https://www.zherbert.com/an-open-letter-to-nvk-and-coldcard/
[2]https://nitter.it/ODELL/status/1651220101721358336
[3]https://nitter.it/nvk

I think it is always good to understand both sides of the story in every scenario and this is also an example of that. Sadly, on Ledger case, there isn't anything that they could do to salvage the current implementation of their new feature. I'm really considering creating an account for Twitter (since I'm not able to use nitter[2] ever since Twitter blocked people from browsing unless they are signed in[3]) just to be able to follow the discussion regarding Ledger in that particular social network and see how people continue to react to the deployment of Ledger Roadmap...

[1]https://bitcointalksearch.org/topic/m.62445559
[2]https://github.com/zedeus/nitter/issues/919
[3]https://www.bloomberg.com/news/articles/2023-06-30/twitter-blocks-people-from-seeing-tweets-unless-registered

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: Synchronice on July 03, 2023, 03:42:47 PM

The fact is, Coldcard is the true creator of the most secure firmware model.

Coldcard also built on many open source libraries (not just Trezor's) when they designed their product. For them to start whining about people building up their open source library is just pure hypocrisy.

Quote from: Synchronice on July 03, 2023, 03:42:47 PM

Coldcard is not FOSS but it's still open source, anyone can view the code.

The code is verifiable, not open source. Open source code is freely available to be used, built upon, modified, etc. Coldcard code is no longer open source.

Here's a post from the CEO of Passport about this: https://www.zherbert.com/an-open-letter-to-nvk-and-coldcard/

Synchronice

hero member

Activity: 882

Merit: 792

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: o_e_l_e_o on May 28, 2023, 07:28:29 AM

Quote from: Synchronice on May 28, 2023, 05:47:50 AM

That has happened in 2019, do they still suffer from the same problem? Btw they removed the support of AOPP but yeah, what you say about them is true.
It's interesting to know what you think about Coldcard or do you think that no hardware wallet is trustable and airgapped encrypted devices are the only last and one devices to use.

As I said, the vulnerability is unfixable. It still exists and will always exist on these devices. Coldcard is certainly airgapped, but it is not open source as Pmalek points out and the company behind it spread lies about competitors for their own gain. I personally wouldn't use it.

If I had to buy a hardware wallet right now, I would buy a Passport. But I'd much rather continue to use a separate airgapped, encrypted device, running a FOSS OS and wallet.

Coldcard changed their license from GPL to MIT+CC because The passport foundation forked a FOSS firmware base from Coldcard and this made them very upset. The fact is, Coldcard is the true creator of the most secure firmware model. Coldcard is not FOSS but it's still open source, anyone can view the code. While Passport did everything legally, I totally understand the anger from Coldcard's side but for justice, it should be said: Coldcard copied Trezor too when they appeared on the market.

By the way, I would stick with Coldcard. For people that want more user-friendly device, PP can be an option.

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: Pmalek on June 25, 2023, 02:23:03 AM

You name it. The security of your Ledger wallet, more accurately your Ledger seed, for a user who is crazy enough to buy this recovery service is now tied to a KYC process. It will likely be some sort of remote check or do you earn some public transport ticket to Ledger, Paris with your monthly subscription fees to show up in person? I have my doubts... And yes, with AI video and audio tools they're gonna have a hard time in a remote check. I have no idea how they want to play this safely and reliably.

The more details emerge, the more this recovery service by f***in' Ledger is an abomination and insult. What kind of drugs do they consume at Ledger, Paris, seriously?! This recovery service is so wrong in every aspect.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: o_e_l_e_o on June 24, 2023, 12:46:58 PM

Yes, I mean the same key is on their device, but the distinction is irrelevant. If someone gains access to 2 of your shares, then it is trivial for them to access the decryption key even if they don't actually know what it is (by simply using any Ledger device).

I don't think the decryption key is that important in a recovery scenario because it's the same one for everyone. What's important are the shards and the KYC tied to them. If they go ahead with this craziness, the KYC process most be set up in a way that there can't be any doubt if it's the lawful person that is trying to recover their crypto or someone else. With the way AI and audio & video technology is developing, that's becoming a difficult task. I am not going to get into how dangerous it is for such data to be stored online anywhere because that's already been covered extensively.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: Pmalek on June 24, 2023, 06:28:16 AM

When you say they know the key, I assume you mean the same key is also used in their hardware device, and not that they actually know and can see the key. How could I (who own a Ledger Nano S) see that decryption key in my device?

Yes, I mean the same key is on their device, but the distinction is irrelevant. If someone gains access to 2 of your shares, then it is trivial for them to access the decryption key even if they don't actually know what it is (by simply using any Ledger device).

Although given that Ledger have said it will be possible for users to replace Ledger and perform the entire process manually so as to not rely on any third parties, I presume the decryption key will have to be made public knowledge at some point (if someone doesn't extract and publish it before then).

joker_josue

legendary

Activity: 1890

Merit: 5197

**In BTC since 2013**

Quote from: LoyceV on June 24, 2023, 03:35:01 AM

Quote from: o_e_l_e_o on June 24, 2023, 03:01:50 AM

If it's an inside job at one of the three companies, they only need a shard from one other company. That's a very low bar to clear.

Potential scammers can apply at ledger.com/jobs Tongue

There is no offer in my city. I don't want to change cities, I'm fine where I am. Roll Eyes

I will pass this opportunity. Cool

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: o_e_l_e_o on June 24, 2023, 03:01:50 AM

Every Ledger owner in the world already knows your decryption key.

When you say they know the key, I assume you mean the same key is also used in their hardware device, and not that they actually know and can see the key. How could I (who own a Ledger Nano S) see that decryption key in my device?

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: o_e_l_e_o on June 24, 2023, 03:01:50 AM

If it's an inside job at one of the three companies, they only need a shard from one other company. That's a very low bar to clear.

Potential scammers can apply at ledger.com/jobs Tongue

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: Cricktor on June 21, 2023, 02:47:59 PM

(encryption key is common to Ledger hardware devices; let's see how long it takes that this key gets disclosed or peeled out of firmware)

This is something I theorized earlier and have obviously now been proven right. Given that you can recover your seed phrase on a brand new device, the key either had to be common to all devices or backed up alongside the shares. Turns out it is common to all devices, meaning the encryption is utterly useless. Any attacker can trivially access your decryption key. Every Ledger owner in the world already knows your decryption key. The encryption adds nothing and the safety of your coins is completely dependent on trusting the third parties.

Quote from: LoyceV on June 23, 2023, 12:25:40 PM

Even easier if the identity theft is an inside job at one of the three seed storage companies, they'll know exactly who to target and can request the other shards from the other two seed storage companies.

If it's an inside job at one of the three companies, they only need a shard from one other company. That's a very low bar to clear.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: LoyceV on June 24, 2023, 02:21:56 AM

Hardware wallets, like mixers, are in what I like to call "the trust business". They should never lie, because if they lie once about something you can verify, you should assume they also lie about things you can't verify.
So basically, this should be the end of Ledger.

You are forgetting the bigger picture here. The secure elements in popular hardware wallets aren't 'secure'. This should be the end of all hardware wallets with such secure elements. But it's not going to be. I don't think it's going to be the end of Ledger either. Hardware wallets are not what they were marketed to us to be. That's the takeaway from the Ledger fiasco. Ledger were just the first to shoot themselves in the knee. The bigger problem is that hardware wallets with secure elements don't protect users against remote access as long as there is a possibility of sharing the data stored on them over the internet.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Pmalek on June 24, 2023, 02:02:43 AM

Well, there was no way of accessing sensitive data on the secure element chips either. They have been telling us for years that it's impossible. Turns out, it's quite possible if they integrate the right code.

Hardware wallets, like mixers, are in what I like to call "the trust business". They should never lie, because if they lie once about something you can verify, you should assume they also lie about things you can't verify.
So basically, this should be the end of Ledger. If nobody buys anything from them ever again, that would be the best way to punish them and deter other hardware wallet manufacturers from doing the same.
But we don't live in a perfect world, so they'll probably just get away with it. Again.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: John Abraham on June 10, 2023, 04:50:56 AM

“Backdoor would mean that we control all ledger devices and could run automated updates for example… That’s not the case. Will never be the case. Only you can use functions on your ledger. No one else can enter your pin code and press those buttons…”^[1]

Well, there was no way of accessing sensitive data on the secure element chips either. They have been telling us for years that it's impossible. Turns out, it's quite possible if they integrate the right code. If one day they go real evil, that code would not need your physical button presses at all. No one can verify how the system works, and the trust is gone following their public suicide.

Quote from: witcher_sense on June 12, 2023, 02:43:35 AM

Given that the Recovery feature doesn't make sense in cases where a user has set up a passphrase since a seed phrase alone is insufficient to get access to coins, it would make sense for Ledger developers to include a passphrase into this encrypted transfer scheme, especially considering the fact that it is equally important for a successful recovery and already sitting in a device's memory.

Do you think the target audience who can't store their seed safely and need Ledger Recover to do it for them (or think it's a good idea) use passphrases? I don't.

m2017

legendary

Activity: 1792

Merit: 1296

Playbet.io - Crypto Casino and Sportsbook

Quote from: LoyceV on June 23, 2023, 12:25:40 PM

Quote from: Cricktor on June 21, 2023, 02:47:59 PM

KYC with full name, date of birth, location of birth both as in id document (Ledger has some experience with leaks, this is going to be some fun as such identity data needs to be kept safe by three companies involved, good luck with that)
you have to identify yourself to every backup provider (not bad in terms of security as an attacker might not can fool every provider, but still leaves room to verification issues)

So identity theft is now enough to steal your Bitcoins? Even easier if the identity theft is an inside job at one of the three seed storage companies, they'll know exactly who to target and can request the other shards from the other two seed storage companies.

The more companies that store this data, the more likely it is that one of them will screw up on keeping that data safe.

Be it attackers from outside or inside the three companies. Will enough problems with just one company.

Under what pretext can they request shards from two other companies? Will they have such functions by default (in order to restore access to users) or do you mean after gaining unauthorized access to the personal data of a conditional user and then requesting shards on his behalf?

Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities - page 9. (Read 5423 times)