Ziemlich verrückt – ich wurde bei Ledger gebannt, weil ich nach Hintertüren mit mehreren Unterschriften gefragt habe…

[root_s2yse8vt]

Up

-1

Down

::

Hier ist, was ich fragte- Völlig paranoid. Ich bin also Casa beigetreten und um eine Multi-Sig-VAULT einzurichten, habe ich Ledger (und Trezor) als mein Hardware-Gerät 2 von 3 verwendet. Ich habe den Prozess mit Ledger durchlaufen, wo es sagt, dass es mein Gerät synchronisieren will, dann will es, dass ich meinen Ledger-Pin eingebe, um „meinen PUBLIC-Schlüssel zu exportieren“. Woher weiß ich, dass ich nicht unwissentlich meinen 24-Wort-Seed exportiert habe? Ich brauche Antworten, bevor ich das mit meinem Trezor mache.
Zum Wohl,
S.
EDIT: Dieser Beitrag ist auf der Ledger-Website gelandet, also nicht schattenverboten.

[Infinite-Raspberry-6]

Up

0

Down

::

you can’t know that , ledger uses closed source firmware. you need to trust them not to extract the seedphrase

[BTCMachineElf]

Up

0

Down

::

All hardware wallets share their public key after the pin is entered. That’s normal operation. They absolutely should not be programmed to share your private key, and honestly there’s no indication that they do, just that they could with a firmware update. Still there is trust involved there. Trust in a greedy corporation.

But you’ve always trusted that your device isn’t sharing your private key (it wouldn’t be your seed, but same result), as the software is closed-source. Even before, people just ‚trusted‘ ledger that it wasn’t possible. The only difference now is that Ledge admits it is possible.

I’m not surprised you were banned. Ledger is taking a huge beating over this and doing major damage control.

But that is reason for doing multi-vendor multisig, right? Still, you’d be better off pairing that trezor with a coldcard or blockstream jade, as all those devices do use open-source peer-reviewed software.

[drfederation]

Up

0

Down

::

Ledger is full of shit. Their software bug cost me close to 25k in Bitcoin and they claimed it was user error. Thieves

[Zatouroffski]

Up

0

Down

::

1- No channel mod can shadowban you. And we can see your messages.

2- Exporting master public key is a casual thing to monitor your wallet and your new derivated addresses. If you don’t export the xpub and enter it to an app (or adding your account to your Ledger Live or any other app that shows you your balance), you cannot see your balance on your computer. It has no control over your addresses.

3- You cannot know. And being opensource doesn’t guarantee everything is working fine. People lose their balances over opensource software because of undiscovered bugs vice versa. Humans make mistakes.

You see the device’s API output when you request your xPub. If you are too paranoid about it, go buy a cheap 2nd hand computer, install ledger live, disconnect from everywhere else, export your master public key, take a note, and destroy that computer. Or you can do it on a spare offline raspberry pi device with your own master seed, then destroy the SD card (and the RPI to guarantee you are safe).

[Autor]

Beiträge