A leak of a forthcoming update has cryptonians up in arms about a revelation of sorts from Ledger, the French hardware wallet company.
You can subscribe to Ledger Recover, it says, “an ID-based key recovery service that provides a backup for your Secret Recovery Phrase.”
To spice it up a bit more, you’ll need a passport or driving license to actually use the recovery service later on if needed, sending up the antennas.
“So even if I don’t use this service my ledger Nano X is now able to send out my secret recovery phrase?” – a ledger holder publicly asked.
The initial answer by Nicolas Bacca, the CTO of Ledger, sidestepped the issue:
“You’re already using the device agreeing with the fact that Ledger cannot update the firmware without your consent – it’s the same mechanism for Recover, which is locked behind ownership of your device, knowledge of your pin, and finally your consent on device.”
The question however is how exactly is the private key given to companies. Pressed further, Bacca stated:
“The device sends encrypted shards of your seed to different companies if you decide to use the service. You can of course still choose to backup it yourself.”
Earlier this month Pascal Gauthier, the CEO of Ledger, revealed to Wired they were working on making private key ownership more accessible:
“Ledger is preparing to launch a new service called Ledger Recover that splits a wallet recovery phrase—basically, a human-readable form of the private key—into three encrypted shards and distributes them to three custodians: Ledger, crypto custody firm Coincover, and code escrow company EscrowTech.
If somebody loses their recovery phrase, two of the three shards can be combined—pending an ID check—to regain access to the locked funds.
Essentially, Ledger Recover is an additional safety net; for the price of $9.99 a month, it takes the jeopardy out of crypto’s version of stuffing dollars under the mattress.”
Shamir secrets are a somewhat old tool in crypto. Instead of having one long string as the private key, you chop it up into three or more so if you lose one, you can still combine the other two to get your private key.
Here Ledger goes further. After chopping up the private key, it then sends one piece to itself, Ledger the company, one to Coincover and another to EscrowTech. So if you lose the device, you can show your ID and the three combine to give you your private key.
The big problem is about how this is being done. If it was chopped up within Ledger or somehow between two or three Ledger devices, then its a nice new feature for those that want even more security.
Here instead the hardware wallet sends it off to these companies, and that means your private key is not quite private anymore.
“No single company knows your seed if you decide to use it,” Bacca says and that’s because no single company has the full seed, just parts of it. It is also encrypted.
But the main point of contention is that as a hardware wallet, this shouldn’t be able to send out the private key. It should be offline and inaccessible.
“This doesn’t change the security assumptions compared to a firmware update,” Bacca says.
For that he relies on the fact that you have to press a button to agree to send out the phase to these companies through Recovery, just as you have to press a button to agree to a firmware update.
The seed isn’t being sent out by itself, or at least that’s the suggestion, although it is the device itself that sends it if you confirm.
Almost Offline?
For those that want even more security, the fact this device can communicate the seed phase at all is a problem because if it can, then it is not quite offline and doesn’t do what Ledger publicly said just last week:
“We get it – your device keeps your private keys offline for you. The thing is, you can do more with your Ledger.”
As this update suggests the private key is not quite walled off within a cold enclave, but can be sent off to these companies, albeit with your consent, there’s an uproar on social media among Ledger holders.
The company has sold six million units of the hardware, but its setup ultimately always required some level of trust, some tradeoff between convenience and security.
If you want your own security, then you generate the private key in a brand new laptop that you didn’t connect to the internet, print off the private key or take a picture of it on a phone that also does not connect to the internet, and if you need access to the funds, then start all over again for the remaining balance by creating a new address.
Just buying a little device instead is more convenient, but ultimately you never know what’s in it unless you manufacture it yourself.
This can potentially give a push to open source hardware, an idea that has been suggested now and then in the crypto space for years, yet hasn’t quite gone anywhere because it is a huge effort.
Until then, it’s more a matter of tradeoffs and just how much security. Since in the case of Ledger you need to consent to give out the private key, it’s a bit better than an online wallet but the fact the device can send the key contradicts their literature which says:
“Ledger devices generate your private keys in a completely offline environment – and keep them there, always. With your private keys isolated from an internet connection, they’ll stay protected from hackers and malware.”
Following the firmware update they presumably won’t quite be fully isolated. Ledger has stated they will provide further documentation to explain how the new firmware update works, but the current ledgers continue to work as before and you don’t necessarily have to update them.
Although of course there’s the conceptual matter for potentially all Ledgers regarding just how this offline private key on the device can be sent. As it is not by manually inputing it, based on Bacca’s statement that the device sends it, then presumably the setup isn’t quite fully offline.
That said, Ledger has been operating for years without any hacks, yet their focus for years has been on providing an offline wallet, rather than backing it up online as well as the update plans to offer.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoAiStream. Web3 Data Intelligence. Knowledge Amplified. Access Here.
- Minting the Future w Adryenn Ashley. Access Here.
- Buy and Sell Shares in PRE-IPO Companies with PREIPO®. Access Here.
- Source: https://www.trustnodes.com/2023/05/16/ledger-update-will-send-out-the-private-key
- :has
- :is
- :not
- $UP
- a
- Able
- About
- access
- accessible
- actually
- Additional
- address
- After
- again
- agreeing
- All
- already
- also
- Although
- always
- among
- an
- and
- Another
- answer
- any
- anymore
- anywhere
- ARE
- arms
- AS
- At
- backing
- Backup
- Balance
- based
- BE
- because
- been
- before
- behind
- being
- Better
- between
- Big
- Bit
- brand
- Brand New
- but
- button
- Buying
- by
- called
- CAN
- cannot
- case
- ceo
- change
- Choose
- chopping
- CO
- code
- Coincover
- cold
- combine
- communicate
- Companies
- company
- compared
- completely
- conceptual
- Confirm
- Connect
- connection
- consent
- continue
- convenience
- Convenient
- course
- Creating
- crypto
- crypto custody
- crypto space
- CTO
- Current
- custodians
- Custody
- decide
- device
- Devices
- different
- do
- documentation
- does
- Doesn’t
- dollars
- done
- Dont
- driving
- effort
- encrypted
- Environment
- escrow
- Even
- exactly
- Explain
- fact
- Feature
- Finally
- Firm
- Focus
- For
- form
- forthcoming
- French
- from
- full
- fully
- funds
- further
- generate
- get
- Give
- given
- Goes
- hackers
- hacks
- Hardware
- Hardware Wallet
- Have
- having
- he
- High
- holder
- holders
- How
- However
- HTTPS
- huge
- human-readable
- i
- ID
- idea
- if
- in
- inaccessible
- initial
- instead
- Internet
- internet connection
- into
- isolated
- issue
- IT
- ITS
- itself
- just
- Keep
- Key
- keys
- Know
- knowledge
- laptop
- Last
- later
- launch
- leak
- least
- Ledger
- Ledger Nano
- Ledger Nano X
- ledgers
- Level
- License
- literature
- little
- locked
- Long
- lose
- Loses
- Main
- Making
- malware
- manually
- Matter
- max-width
- May..
- means
- mechanism
- Media
- million
- Month
- more
- much
- my
- nano
- necessarily
- Need
- needed
- net
- never
- New
- new feature
- nice
- Nicolas
- no
- now
- of
- off
- offer
- offline
- Old
- on
- ONE
- online
- online wallet
- open
- open source
- operating
- or
- Other
- out
- over
- own
- ownership
- parts
- Pascal Gauthier
- passport
- phase
- phone
- picture
- piece
- plans
- plato
- Plato Data Intelligence
- PlatoData
- Point
- potentially
- preparing
- press
- price
- private
- Private Key
- Private Keys
- Problem
- protected
- provide
- provides
- providing
- publicly
- Push
- question
- rather
- Recover
- recovery
- regain
- regarding
- remaining
- required
- Safety
- Said
- same
- says
- Secret
- security
- seed
- send
- sending
- sends
- sent
- service
- setup
- should
- show
- since
- single
- SIX
- So
- Social
- social media
- sold
- some
- somewhat
- Source
- Space
- spice
- Splits
- start
- stated
- Statement
- stay
- Still
- String
- stuffing
- subscribe
- Suggests
- Take
- takes
- than
- that
- The
- their
- Them
- then
- There.
- These
- they
- thing
- this
- those
- three
- Through
- to
- tool
- Trust
- Trustnodes
- two
- Ultimately
- under
- units
- Update
- use
- using
- version
- Walled
- Wallet
- want
- was
- webp
- week
- WELL
- were
- What
- which
- will
- with
- within
- without
- Work
- working
- works
- X
- years
- yet
- you
- Your
- yourself
- zephyrnet
