Just read the Ledger Recover technical white paper, and it makes clear that the company just made their device irrelevant. What? Let me explain.
An attacker would have to steal your recovery key(s) from your Ledger Live (on your computer or phone), not easy but easier than getting anything off the hardware device. The attacker then spoofs a request from you (using the device or account ID, Ledger doesn't make it clear what it uses to authenticate the request), but this is not likely to be more difficult than getting the key(s). That's it. Your device is irrelevant. Wait, what happened?
Yes, all the TLS tunnels and splitting the keys into three parts are all security best practices but are completely irrelevant if someone just goes for the jewels. In other words, by subscribing to Ledger Recover, you are now relying on the security of the Ledger Live app, or whatever recover software Ledger implements. You have given up on the safety of your hardware chip(s). There is no difference in this and just having a software wallet.
So, if you plan on buying a Ledger device and then implementing Ledger Recover - I'm sorry, but you are an idiot. Maybe Ledger will stop making hardware devices and just become a SaaS? No matter how you slice it, the company is making a huge security compromise with this service. By converting to software controls, it increases attack surface and reduces the main controls/risk mitigation the company was founded on, which are hardware controls.
poison dans le chocolat
SEΔHΔWK /
npub1g2h…mtnh
2023-07-30 18:12:02
Author Public Key
npub1g2h57pyd053k9qg834907y4m5gpsu2pf2c86kxn2eaf87v2zujusq0mtnhPublished at
2023-07-30 18:12:02Event JSON
{
"id": "ad1ed070ffd442787d4add5ee17e482a8e67a330652a549f13176ec52308c759",
"pubkey": "42af4f048d7d236281078d4aff12bba2030e2829560fab1a6acf527f3142e4b9",
"created_at": 1690733522,
"kind": 1,
"tags": [],
"content": "Just read the Ledger Recover technical white paper, and it makes clear that the company just made their device irrelevant. What? Let me explain.\n\nAn attacker would have to steal your recovery key(s) from your Ledger Live (on your computer or phone), not easy but easier than getting anything off the hardware device. The attacker then spoofs a request from you (using the device or account ID, Ledger doesn't make it clear what it uses to authenticate the request), but this is not likely to be more difficult than getting the key(s). That's it. Your device is irrelevant. Wait, what happened?\n\nYes, all the TLS tunnels and splitting the keys into three parts are all security best practices but are completely irrelevant if someone just goes for the jewels. In other words, by subscribing to Ledger Recover, you are now relying on the security of the Ledger Live app, or whatever recover software Ledger implements. You have given up on the safety of your hardware chip(s). There is no difference in this and just having a software wallet. \n\nSo, if you plan on buying a Ledger device and then implementing Ledger Recover - I'm sorry, but you are an idiot. Maybe Ledger will stop making hardware devices and just become a SaaS? No matter how you slice it, the company is making a huge security compromise with this service. By converting to software controls, it increases attack surface and reduces the main controls/risk mitigation the company was founded on, which are hardware controls.\n\npoison dans le chocolat",
"sig": "04cedf362e646f74091736e54557a573b454ecaa758c9b1f2ec4563804275ff591895cf7e3d3ce86ca0ed925c7cca748c541dc866c53b411c68aa2e78e0ff0f2"
}