Ist es möglich, eine geforkte Version von Ledger Live ohne Recover-Code zu erstellen?

[root_s2yse8vt]

Up

0

Down

::

Ich weiß, dass Recover immer noch Teil der Firmware auf den Geräten ist, aber wenn Ledger Live Open Source ist, kann dann nicht jemand einfach eine Version erstellen, die einfach den Recover-Code blockiert/entfernt? Das würde es zumindest für die Firmware, die Recover enthält, viel schwieriger machen, missbraucht zu werden, wenn sie nicht mit Ledger oder jemand anderem kommunizieren kann.

[the-quibbler]

Up

0

Down

::

At that point, you can just use a different wallet with your ledger. Metamask has a dashboard app that shows similar info.

[NoVegas0]

Up

0

Down

::

Ledger live doesnt matter, its the firmware update for the device that puts the Recovery code on it.

many people say it doesnt matter but it does. just by existing the code creates greater surface area in the device that could be exploited. this unnecessarily adds a new attack vector to the device.

[cryptowalter4572]

Up

0

Down

::

You could write your own code if you wanted to. I’m damn sure I wouldn’t be using some random code written by „someone“.

[r_a_d_]

Up

0

Down

::

You could, or you could simply read the code and understand that it doesn’t matter if you don’t use it.

[moose_boogle]

Up

0

Down

::

Just use the Ledger S. Problem solved. Move on.

[grandphuba]

Up

0

Down

::

The compiled software requires it to be signed so the device can verify if the software legitimately came from Ledger.

This would only be possible if Ledger provides/opens that mechanism of side loading, which is unlikely.

This is a point many supporters and detractors of open sourcing Ledger’s code miss. Simply posting the code on github is not enough.

Being able to verify code/binaries and then sideload that code (even if it’s just Ledger’s), and verifying it is that code that is actually being run on the device is necessary for open source to work on a security standpoint.

[loupiote2]

Up

0

Down

::

Yes, it is possible, ledger Live is open source.

[cryptowalter4572]

Up

0

Down

::

What a red load of it. Dickheads get blocked.

[bears_or_bulls]

Up

0

Down

::

I wish they just had a button on live that asks you if you want to use Recover, is so then it updates and puts the code on your Ledger if you never click it the code never makes it to your wallet.

[selfcustodynerd]

Up

0

Down

::

Theoretically, you can do it. Also, the recovery code is more relevant for the device update rather than a Ledger live update. But the current Ledger live forces you to update to do any Crypto transaction from the Ledger live app. The easier route is to use another software app like Metamask to do the transactions without updating the device.

[pringles_ledger]

Up

0

Down

::

Hey – understand your concerns about the Ledger Recover feature. However, Ledger Live and the firmware on Ledger devices are two separate entities. Ledger Live is indeed open source, and while it’s technically possible to fork it, the Ledger Recover code is part of the device’s firmware, not Ledger Live. Therefore, modifying Ledger Live wouldn’t affect the firmware on the device itself.

We take security very seriously at Ledger and we’re committed to providing the most secure environment for our users. The Ledger Recover feature is designed with multiple layers of security and it’s entirely up to the user to activate it or not.

For more information about Ledger’s open-source roadmap, you can visit this link: https://support.ledger.com/hc/en-us/articles/11132311094813-Ledger-s-open-source-roadmap

And for more details about Ledger Recover, you can refer to this link: https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs

[Autor]

Beiträge