Bitte erklären Sie das Problem der aktuellen Ledger-Seedphrase
- Dieses Thema hat 6 Antworten sowie 1 Teilnehmer und wurde zuletzt vor vor 1 Jahr, 3 Monaten von
aktualisiert.
-
Beiträge
-
-
Hallo zusammen. Ich bin kein Profi in Sachen Krypto, habe aber einen gesunden Menschenverstand und verstehe die ganze Empörung über die OPTION, die Ledger in Bezug auf Seed Recovery bietet, nicht wirklich.
Ich meine, erstens ist es sowieso optional, so dass niemand Ihre Seedphrase haben sollte, wenn Sie nicht opt in und geben Sie Ihre Seed für sie zu haben.
Zweitens verwende ich eine 25. Passphrase, und das sollte an sich meine Gelder sichern, denn wer außer mir kann dieses Wort kennen?
Also bitte helfen Sie mir ein wenig, aber ich verstehe die Empörung in diesem Fall nicht wirklich. Sind das alles Nerds oder übersehe ich etwas?
Ich habe meinen Ledger auf die neueste Firmware aktualisiert, weil ich einfach nicht verstehe, wie diese Option eine Hintertür öffnen kann, um gehackt zu werden, wenn ich mich nicht dafür entscheide und eine Passphrase 25 für meine Konten habe.
Vielen Dank!
-
Seed phrase = the litteral key to your wallet. Ledger, proposing a „option“ to split that seed phrase 3 ways. One piece, with them and the other piece with a „trusted“ 3rd party and the final piece with you.
A party that wishes to access your wallet only needs 2 pieces of the whole seed phrase. Who’s to say ledger themselves or the 3rd party is at all trust worthy?
The thing about closed source software, you don’t need to opt in. They may very well already do it without your knowledge. The very fact they proposed this „option“ degraded the trust that the people had with them. Also, if that 3rd party happens to be a scam/shell company in disguse… you are screwed.
The whole point of the crypto world is, you are the sole holder of your keys. Hence, „not your keys, not your crypto“. If that 3rd party happens to be the government… you get the idea.
All these nuances degrades the confidence in ledger. If there was a way that I could implant my own firmware onto my ledger hardware, I would very much do it in a heart beat. I love the hardware design, just not the company behind it.
The whole cryptocurrency world is built upon, no trust. That is why computers hold all records. Humans make mistakes and we are all bias in some way shape or form.
Trust, easy to earn. Hard to get back.
-
Most objections are to some incorrect tweet that stated that the seed could not be extracted even through a firmware modification, or the general belief of this concept even without having seen that tweet.
If you dig deeper in Ledger’s documentation, it’s evident that this was all along possible through firmware, and it’s the firmware itself that makes it „impossible“ since it did not provide apps a way to obtain the seed. However, it always allowed apps to obtain BIP44 private keys so that multiple blockchains could be supported. This is not exactly the seed, but it practically gives you the same level of access, but for each coin.
Now Ledger offers a way for you to backup your seed to some third party HSMs. This means that the firmware now supports a way to divulge the seed outside of the secure element. Despite knee jerk objections to the principle, a deeper look shows that it has no impact on security, if you don’t opt in. Since to enable it, you need to authenticate on the device to the level that would have allowed you to extract the above private keys or perform arbitrary transactions.
As far as it being enabled, you need to evaluate yourself if the increased risk is acceptable for your use case.
-
Many people lost trust in Ledger due to the way the situation was handled poorly and subsequent miscommunications.
Even beyond the incorrect tweet about the impossibility of the seed phrase leaving the device, Ledger often pointed to „keys never leaving the device“ as a key design element.
The change in direction has Ledger editing dozens of references to this key feature across their website. There was a post some time ago enumerating the changes in messaging and language, particularly in Ledger Academy articles, required to accommodate the shift.
And you have, no doubt, seen the polls posted here indicating that most users simply aren’t comfortable with the existence of a key exfiltration mechanism in the firmware and Ledger Live, regardless of whether it is opt-in or not.
Paranoia or uncompromising security?
You decide.
-
The security layers in the Ledger exist as follows:
1. Secure Element – Where the mnemonic is created and kept
2. Device Firmware – What interfaces with the Secure Element to make requests
3. Ledger Live Software – Interfaces with Firmware to shuffle TXNs back and forth
4. Backend Servers – Used by Ledger Live to get blockchain dataThe initial Ledger design only had key export code in level #1, though some users didn’t realize this. The NEW feature would have added key export code to levels #2 and #3. After blowback, Ledger re-evaluated and halted the scheduled key export code in level #3, but since the new firmware was already released, they left the UNUSED key export code in level #2
The principle complaint is that even without subscribing to the new feature, the latest firmware has (in theory) key export code in level #2 (device firmware). This means that if any software (Electrum) determines how to make they call into firmware for the key export, then software could ask firmware for the key.
It is assumed that this new firmware key export call is hardened so that privileges and tokens are required to make the call, but it does represent a NEW security model.
It should be noted that this change was announced beforehand and the calls for key export were public in the Ledger Live github repository dating back to 90 days before the news broke in Wired Magazine.
-
It’s all hype and hysteria with virtually no substance. A Ledger officer tweeted way back when, that seed phrase extraction was not possible through the security chip. Later Ledger offers encryption, breaking into three parts and offloaded to 3rd parties of your seed phrase for a fee. This is available with new firmware for all current models except nano s. You have to opt in and manually approve each step of the transfer. Hysteria ensued claiming Ledger lied, imo it was more a misunderstanding. The fact remains that any and all HW devices can do the same. I choose to trust Ledger.
-
Hey – You’re correct in your understanding. The seed recovery option is indeed optional and is not a requirement for Ledger users. It’s designed to provide an additional layer of security and convenience for those who choose to use it.
The 25th passphrase you mentioned is another excellent security measure. It acts as an additional word to your 24-word recovery phrase, and only you should know this word. It provides an extra layer of security and plausible deniability, which can be particularly useful in extreme circumstances.
The outrage you’re referring to might stem from misunderstandings or concerns about potential vulnerabilities. However, Ledger places a high priority on security and any feature it offers is thoroughly tested to ensure it doesn’t introduce any security risks.
Updating your Ledger device to the latest firmware is always a good practice as it ensures you have the latest security updates and features. Lastly, the Ledger Recover service, even if used, does not back up your passphrase, so it indeed can be used as an additional layer of security. You can find more info here:
https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs?docs=trueAnd you can set up a Passphrase using the instructions mentioned in our article:
https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs?docs=trueLet us know if you’ve any other questions for us.
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.