Ledger-Recocer & Passphrase

Home Foren Ledger Wallet Ledger-Recocer & Passphrase

  • Dieses Thema hat 3 Antworten sowie 1 Teilnehmer und wurde zuletzt vor vor 1 Jahr, 4 Monaten von pringles_ledger aktualisiert.
Ansicht von 3 Antwort-Themen
  • Autor
    Beiträge
    • 8. Oktober 2023 um 06:11 Uhr #3020807
      root_s2yse8vt
      Administrator
      Up
      0
      Down
      ::

      Hallo, ich habe eine technische Frage zur Passphrase im Zusammenhang mit dem Ledger Recover-Dienst.

      Laut Ledger sollte die Passphrase nicht mit Ledger Recover verwendet/übertragen werden können. Oft lese ich Beiträge, in denen empfohlen wird, die Passphrase nicht mit einer PIN zu verknüpfen, da die Passphrase dann auf dem Gerät gespeichert wird. Dazu habe ich zwei Fragen:

      1) Wenn die Passphrase gespeichert wird, wo und wie? Analog zur Seedphrase?

      2) Angenommen, die Passphrase ist nicht mit der PIN verknüpft, besteht dann nicht trotzdem das Risiko, dass die Passphrase bei jeder Transaktion oder Verbindung mit Ledger-Live von der Software abgegriffen wird? (Vorausgesetzt, dass die Passphrase-Wallet „aktiviert“ ist).

      Vielen Dank für die „technische“ Klärung!

    • 8. Oktober 2023 um 06:11 Uhr #3020808
      loupiote2
      Gast
      Up
      0
      Down
      ::

      Your questions have already been answered multiple times on this forum.

      > 1) if the passphrase is stored, where and how? Analogous to the seed phrase?

      If you associate a PIN to a passphrase, the ledger stores in the FLASH memory the 512-bit bip39 seed that is the result of „hashing“ the bip39 mnemonic i.e. recovery seed phrase with the bip39 passphrase. The bip39 passphrase itself is not stored in the ledger.

      > 2) Assuming that the passphrase is not attached to PIN, isn’t there still a risk that the passphrase will be tapped by the software for every transaction or connection with Ledger-Live? (Provided that the passphrase wallet is „activated“).

      If you do not associate the oassphrase with a PIN, then rhe 512-bit bip39 seed (that is the result of „hashing“ the bip39 mnemonic i.e. recovery seed phrase with the bip39 passphrase) is stored in RAM memory, instead of FLASH memory.

      In both cases, rhe BIP39 passphrase itself is not stored on the device.

      The ledger recover service, if you sign up fot it, will only backup your recovery seed phrase (aja bip39 mnemonic), it will not backup your passphrase if you use one.

      The 512-bit bip39 seed is used for deriving addresses and signing transactions on every type and brand of hardware wallet, therefore the firmware has access to your 512-bit bip39 seed (after hashing with the passphrase), and conceptually the firmware has the capability to leak it (that’s true with any brand of hardware wallet).

      But unless it is malicious, the firmware will not export your seed or private keys without your knowledge. You must trust the firmware to not be malicious if you use a hardware wallet, regardless of its brand.

    • 8. Oktober 2023 um 06:11 Uhr #3020809
      Ant1sociaI
      Gast
      Up
      0
      Down
      ::

      Following

    • 8. Oktober 2023 um 06:11 Uhr #3020810
      pringles_ledger
      Gast
      Up
      0
      Down
      ::

      Hey – the passphrase is an optional security feature that adds an extra layer of protection to your Ledger device. It’s essentially a password added to your 24-word recovery phrase that provides access to a whole new set of accounts.

      1. If you choose to attach a passphrase to a PIN code, it creates a new set of accounts on your Ledger device based on the secret passphrase of your choice. You can access the accounts protected by this passphrase by entering a secondary PIN code. The passphrase will be stored on the device until you overwrite it with another passphrase or until the device is reset. It’s important to note that the device cannot display the passphrase after you’ve set it, so it’s crucial to store a physical backup of the secret passphrase in a secure place.

      2. If the passphrase is not linked to a PIN, you would need to enter the passphrase each time you wish to access passphrase-protected accounts. This is known as setting a temporary passphrase. As long as you’re using a legitimate Ledger device and the official Ledger Live software, your passphrase should be secure. However, it’s always important to ensure your computer is free of malware, as malware can potentially compromise your security.

      Regarding Ledger Recover, it’s not yet available. When it does launch, it will be entirely optional. Ledger Recover does not support the use of passphrases. Users can only back up their recovery phrase instead. The responsibility for securing and correctly remembering the passphrase lies with the user. The passphrase is not shared or distributed to any other party. If you have any further questions, please feel free to ask. We’re here to assist you.

      More info here: https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs?docs=true

  • Autor
    Beiträge
Ansicht von 3 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.