Pages:
Author

Topic: [NOW AVAILABLE] BTChip / Ledger HW1 : Bitcoin Hardware Wallet in a USB smartcard - page 3. (Read 62446 times)

hero member
Activity: 619
Merit: 500
Would it be possible to request a specific address from the Ledger API?
E.g. requesting the address of the path "44'/0'/0'/0/0" and get that specific address back.

I opened an issues describing the details about this on github: https://github.com/LedgerHQ/ledger-wallet-api/issues/2
hero member
Activity: 619
Merit: 500
definitely doable, I'll push that and the other question to the team dealing with Starter
Thanks for taking my feature requests to the team.

Generating the security card will be very trivial, we'll start working on it asap.
Looking forward using the next release.

The two other features are doable but will require more work. The Chrome app team has an idea about that which could be very interesting if we can make it work, so stay tuned!
Hopefully you can do it.
In the mean time I'll reanimate my old notebook with a CD-ROM and update the ledger with a Live-System. :-)
sr. member
Activity: 306
Merit: 250
definitely doable, I'll push that and the other question to the team dealing with Starter

Wow!! Very nice! I'll be looking forward to the new starter!

newbie
Activity: 2
Merit: 0
A short list of features I would like to see in the Ledger Starter distro:

- update the Nano/HW.1 OS
- generate the security card (like on https://www.ledgerwallet.com/wallet/keycard)
- reprogram the Nano/HW.1 with a different security card (so that I could change the security card myself every x days)

Would this be possible?

Hi!

The Starter can already be upgraded very simply: by dropping a new rootfs image on the flash drive. When we'll publish a new version, you will be able to download it (+ match the file with our signature) and then overwrite the previous one.

Generating the security card will be very trivial, we'll start working on it asap.

The two other features are doable but will require more work. The Chrome app team has an idea about that which could be very interesting if we can make it work, so stay tuned!
hero member
Activity: 623
Merit: 500
CTO, Ledger
definitely doable, I'll push that and the other question to the team dealing with Starter
hero member
Activity: 619
Merit: 500
A short list of features I would like to see in the Ledger Starter distro:

- update the Nano/HW.1 OS
- generate the security card (like on https://www.ledgerwallet.com/wallet/keycard)
- reprogram the Nano/HW.1 with a different security card (so that I could change the security card myself every x days)

Would this be possible?
hero member
Activity: 619
Merit: 500
I think it can already do that

Could you tell me how?
I did not find any menu item to initiate the upgrade.
Thanks.
hero member
Activity: 623
Merit: 500
CTO, Ledger
Is there a better way to upgrade?
Could the Ledger Starter be enhanced with the possibility to upgrade?

I think it can already do that
hero member
Activity: 619
Merit: 500
A question regarding the upgrade process.
I'm asked to enter the 32 letters of my security card.

As any computer could be compromised I have to assume that this input is intercepted and thus I loose another layer of security.
The pin code and the security card would be known to the attacker.

Is there a better way to upgrade?
Could the Ledger Starter be enhanced with the possibility to upgrade?
hero member
Activity: 623
Merit: 500
CTO, Ledger
Would it make sense to have this functionality in the Ledger Starter distribution?

I think it does it by default - you can boot starter, plug the device when it's supposed to write something and it'll just write it where the focus is currently set.
hero member
Activity: 619
Merit: 500
if you're signing something critical, that's the best option. Note that you can use anything that recognizes a HID keyboard - it could be a phone or a smart TV or a Windows PC with no session open for example.

Would it make sense to have this functionality in the Ledger Starter distribution?
hero member
Activity: 623
Merit: 500
CTO, Ledger
Could he change the text and trick me in signing a different message?

yes, that's the idea. Nothing else but that's bad enough.

Actually there is no way I can know with certainty if my computer is compromised.
Thus best practice would be to use an air gaped computer to get the 2FA pin, or is this overkill?

if you're signing something critical, that's the best option. Note that you can use anything that recognizes a HID keyboard - it could be a phone or a smart TV or a Windows PC with no session open for example.

The next firmware version will provide an option to verify the message content on the paired smartphone when signing.
hero member
Activity: 619
Merit: 500
When signing a message I'm asked to use a different computer if the current one is compromised.

Let's assume the computer is compromised.
What are the possibilities of a hacker?
Could he change the text and trick me in signing a different message?

Are there other things a hacker could do?


Actually there is no way I can know with certainty if my computer is compromised.
Thus best practice would be to use an air gaped computer to get the 2FA pin, or is this overkill?
hero member
Activity: 623
Merit: 500
CTO, Ledger

On the other hand if my xpubkey is leaked then all the future public keys for all my accounts could be generated by a third party, right?


No, only one account privacy will be compromised as you have to get an xpub per account (the account index being an hardened BIP32 derivation)
hero member
Activity: 619
Merit: 500
Thanks for your replies.

You have a BIP32 xpub, so just use a tool like this: https://bitcore.io/playground/#/hdkeys

This way I can create new pulic keys even without having the ledger wallet with me.
On the other hand if my xpubkey is leaked then all the future public keys for all my accounts could be generated by a third party, right?


you do it on Ledger Wallet Chrome app through the API - https://www.ledgerwallet.com/api/demo.html use "Get Xpub" with the BIP 44 path

(44'/0'/0'/0/x with x being the index, for the first account)

This looks to me as the easiest and safest way to do it for now.
hero member
Activity: 623
Merit: 500
CTO, Ledger
Is there a way to create more than 1 new address (within the same account)?

you do it on Ledger Wallet Chrome app through the API - https://www.ledgerwallet.com/api/demo.html use "Get Xpub" with the BIP 44 path

(44'/0'/0'/0/x with x being the index, for the first account)
legendary
Activity: 3766
Merit: 1742
Join the world-leading crypto sportsbook NOW!
Is there a way to create more than 1 new address (within the same account)?
For example if I want to ask multiple people to pay later with each having his individual address so that I can track who actually paid.

I have tried with the Ledger Wallet Chrome app and Mycelium but they only give me the next address and as long as no transaction is registered on it I can't get a new one.

You have a BIP32 xpub, so just use a tool like this: https://bitcore.io/playground/#/hdkeys
hero member
Activity: 619
Merit: 500
Is there a way to create more than 1 new address (within the same account)?
For example if I want to ask multiple people to pay later with each having his individual address so that I can track who actually paid.

I have tried with the Ledger Wallet Chrome app and Mycelium but they only give me the next address and as long as no transaction is registered on it I can't get a new one.
sr. member
Activity: 394
Merit: 250
Crypto enthusiast
looks like i'm a victim of this malleability i read about here: http://cointelegraph.com/news/115374/the-ongoing-bitcoin-malleability-attack

is there anything i can do to sync my hw1 ledgerwallet to show the correct amount? at the moment I have a transaction that has been duplicated. it was a simple funds movement between accounts on my hw1. one transaction has cleared and the other is unconfirmed. the consequence is one of my wallets reads as balance of 0.5 btc but has a usd balance of -118.38 (because of the duplicate spend) and the other obviously has too much funds in it. but i believe the total funds across all wallets are correct.

looks like an uninstall and reinstall of the ledger chrome app did the trick. thanks eric.
sr. member
Activity: 394
Merit: 250
Crypto enthusiast
looks like i'm a victim of this malleability i read about here: http://cointelegraph.com/news/115374/the-ongoing-bitcoin-malleability-attack

is there anything i can do to sync my hw1 ledgerwallet to show the correct amount? at the moment I have a transaction that has been duplicated. it was a simple funds movement between accounts on my hw1. one transaction has cleared and the other is unconfirmed. the consequence is one of my wallets reads as balance of 0.5 btc but has a usd balance of -118.38 (because of the duplicate spend) and the other obviously has too much funds in it. but i believe the total funds across all wallets are correct.
Pages:
Jump to: