Pages:
Author

Topic: OVERVIEW: BITCOIN HARDWARE WALLETS █████████████████ Secure your Coins - page 3. (Read 122464 times)

hero member
Activity: 623
Merit: 500
CTO, Ledger

Why did Ledger decide to limit PIN to four digits? I bet many users will use the same PIN as one of their credit cards. Increasing the PIN to five digits would be so much more secure. I hate the idea of a thief getting even a one in a thousand chance to guess the PIN.

that's pretty arbitrary - it'd be fairly easy to support a dynamic size, especially with no modification on the application logic since everything is done on device. I'll see if we can push this in the first firmware release.

Down on the to-do list, any chance of seeing the distress wipe PIN return for the command line script

Not for the time being, but I think it'd make more sense to support it as an alternate derivation path PIN rather than a wipe PIN when considering reimplementing it.
hero member
Activity: 692
Merit: 500

Why did Ledger decide to limit PIN to four digits? I bet many users will use the same PIN as one of their credit cards. Increasing the PIN to five digits would be so much more secure. I hate the idea of a thief getting even a one in a thousand chance to guess the PIN.

that's pretty arbitrary - it'd be fairly easy to support a dynamic size, especially with no modification on the application logic since everything is done on device. I'll see if we can push this in the first firmware release.

Down on the to-do list, any chance of seeing the distress wipe PIN return for the command line script
hero member
Activity: 623
Merit: 500
CTO, Ledger
@btchip I have a couple of Nano S on back order and look forward to writing up a hands on review as soon as I receive. I am very comfortable with my Trezors but really need a hardware wallet for Ether, and using more than one brand of hardware wallet never hurts. At $66 buying a Nano S is a no brainer.

sounds great, thanks

I am a big fan of passphrases. I like using a PIN and a passphrase protected seed but realize the secure element used by Ledger is more resistant to brute force attacks, so a passphrase is not essential though the option would be welcome.

we'll very likely support it, it's less a hassle on the Nano S than the Blue because the device stays on longer - so even if the derivation takes a long time (about 11 seconds, we're trying to optimize that, but in the end it's still a 30 MHz M0 vs a 80 MHz M4 for TREZOR/KeepKey) that's acceptable.

Why did Ledger decide to limit PIN to four digits? I bet many users will use the same PIN as one of their credit cards. Increasing the PIN to five digits would be so much more secure. I hate the idea of a thief getting even a one in a thousand chance to guess the PIN.

that's pretty arbitrary - it'd be fairly easy to support a dynamic size, especially with no modification on the application logic since everything is done on device. I'll see if we can push this in the first firmware release.
legendary
Activity: 1806
Merit: 1164
@btchip I have a couple of Nano S on back order and look forward to writing up a hands on review as soon as I receive. I am very comfortable with my Trezors but really need a hardware wallet for Ether, and using more than one brand of hardware wallet never hurts. At $66 buying a Nano S is a no brainer.

I am a big fan of passphrases. I like using a PIN and a passphrase protected seed but realize the secure element used by Ledger is more resistant to brute force attacks, so a passphrase is not essential though the option would be welcome.

Why did Ledger decide to limit PIN to four digits? I bet many users will use the same PIN as one of their credit cards. Increasing the PIN to five digits would be so much more secure. I hate the idea of a thief getting even a one in a thousand chance to guess the PIN.
legendary
Activity: 1232
Merit: 1030
give me your cryptos
Snip

Got any promo codes? I'm interested in buying a Nano S, but the recent drop in the bitcoin price has caused me some strife.
legendary
Activity: 1806
Merit: 1164
Good to know thanks for taking the time. I think you will sell all the Nano S you can make.
hero member
Activity: 623
Merit: 500
CTO, Ledger
Reported on reddit that the Nano S will work with Mycelium on Android. Could you guys please consider selling a decent OTG adaptor for newer phones that use USB C? I am aware there are adaptors for sale on Amazon but they are crap, do not work.

yes, we're considering that

How does PIN entry work ? Like setting the time on your oven ?
pretty much, you scroll through the numbers with the up/down keys and validate each digit by pressing both simultaneously
Are passphrases supported ?
they are but not enabled yet as the stretching still takes about 10 seconds
How are seeds generated ? Just like HW.1 by the chrome app ?
Seeds are generated by the device on this hardware
Does seed generation use 2 sources of entropy ?
It just uses the chip entropy for the time being but that's quite easy to change (we started with that because the Blue can be set up without being connected to anything)
Is the mnemonic seed generated on the hardware wallet and exclusively displayed on the OLED screen ? Or on the chrome wallet extension like HW.1 ?
It's only displayed on the device screen
How does mnemonic seed recovery work ?
You enter the mnemonic words on device - same than with the PIN. It's a bit painful but still usable as we can suggest auto completion after we get the first 3-4 letters of each word.
Out of the box does Ledger S work with mycelium/electrum or will they need updates ?
they need an update which is basically just changing the USB device ID. It should be published when the device is out.
Will a new udev rule be required for *nix ?
Yes because the device ID changed
What happens after 3 incorrect PIN attempts ? Will Ledger S share the power cycle requirement between PIN attempts ?
The device seed is wiped after 3 wrong PINs. Since the PIN is entered on device, we don't have that power cycle requirement as a malware cannot wipe the device on its own.
What are the specs of the STM chip ?
The Secure Element is an ST31H320, the generic MCU is an STM32F042
Where are the apps stored ? On the STM ?
Applications are stored on the Secure Element.
What source code of Ledger S is available to review ? What's closed source/NDA and unavailable ?
The code will be available on https://github.com/LedgerHQ - it will include all high level applications and the STM32 firmware.

The ST31 kernel (bootloader, isolation, implementation of the SDK APIs) is unavailable right now but will be over time as we figure a way to properly isolate the Hardware Abstraction Layer that we cannot release and have something users can build and link against. We described the way forward in a Medium post earlier.
The rough roadmap looks like :
* Provide more code as read-only material (you can compile chunks into the apps, but not verify what's on device)
* Provide an Open Source version of the isolation kernel that can work on a generic MCU with MPU/MMU support
* Provide a version of the above that can be compiled, linked against an encrypted binary blob implementing the NDA-ed parts (mostly related to chip initialization, memory & I/O), loaded and verified on device
When's shipping?
29th of July
Do you have a video of S in action ?
Coming soon, in a couple weeks
Do you need a reviewer ? :-)
Of course you'll get one Smiley
I think they had to add a screen in order to compete with Trezor and KeepKey both at $99 now
I think the most distinctive feature of the Nano S (not considering the screen or the Secure Element) is the ability to write your own applications and load them on demand
I do note they only allow for a four digit PIN though. I would feel more comfortable with a longer PIN.
That would be easy to tweak, but we tried to pick something convenient for the user experience first.
hero member
Activity: 700
Merit: 500
Thanks. This is really great stuff of having all under one roof. This will help while thinking which one is a better wallet and what distinguishes one from another. A must read .
legendary
Activity: 1806
Merit: 1164
I think they had to add a screen in order to compete with Trezor and KeepKey both at $99 now. Smart move. If I read the specs right they have fixed the problems people complained about: you can now initialize a Nano S on an infected computer and no more security card to bother with. I do note they only allow for a four digit PIN though. I would feel more comfortable with a longer PIN. And they beat both Trezor and KeepKey to be the first to offer a hardware wallet for Ether looks like and at a cheaper price. I look forward to buying one.
hero member
Activity: 692
Merit: 500

How does PIN entry work ? Like setting the time on your oven ?
Are passphrases supported ?
How are seeds generated ? Just like HW.1 by the chrome app ?
Does seed generation use 2 sources of entropy ?
Is the mnemonic seed generated on the hardware wallet and exclusively displayed on the OLED screen ? Or on the chrome wallet extension like HW.1 ?
How does mnemonic seed recovery work ?
Out of the box does Ledger S work with mycelium/electrum or will they need updates ?
Will a new udev rule be required for *nix ?
What happens after 3 incorrect PIN attempts ? Will Ledger S share the power cycle requirement between PIN attempts ?
What are the specs of the STM chip ?
Where are the apps stored ? On the STM ?
What source code of Ledger S is available to review ? What's closed source/NDA and unavailable ?
When's shipping?
Do you have a video of S in action ?
Do you need a reviewer ? :-)
legendary
Activity: 1806
Merit: 1164

Reported on reddit that the Nano S will work with Mycelium on Android. Could you guys please consider selling a decent OTG adaptor for newer phones that use USB C? I am aware there are adaptors for sale on Amazon but they are crap, do not work.
legendary
Activity: 1806
Merit: 1164
Anyone have any information on the Ledger Nano S? I've only seen a small tease of a post on Reddit. Looks like it will be officially announced soon. The tiny screen should make some people happy. I'll pick one up when available. I'm still waiting on the Blue though.

https://www.ledger.co/#products

I'll sure get a Nano S to review when it comes out, but you have two good options you can buy right now, Trezor and KeepKey. Darin finally enabled passphrases in Chrome making KeepKey a good alternative to Trezor. Trezor still has the edge over KeepKey for usability with other wallets and your Android phone but nice to see progress. Choices are good to have.
newbie
Activity: 28
Merit: 0
Considered getting an opendime but they dont even have a btc payment option... Sigh

It's very strange indeed.

Is this opendime thing really working?

If it's working as it should why don't they mass produce this thing taking the advantage of being the first in the market. There are any technical struggles?

It's a very good idea and seems very simple to implement so it should be easy for the chinese to copy and flood the market.

newbie
Activity: 14
Merit: 0
Anyone have any information on the Ledger Nano S? I've only seen a small tease of a post on Reddit. Looks like it will be officially announced soon. The tiny screen should make some people happy. I'll pick one up when available. I'm still waiting on the Blue though.

https://www.ledger.co/#products
hero member
Activity: 826
Merit: 1000
Considered getting an opendime but they dont even have a btc payment option... Sigh
Pages:
Jump to: