209 похожих чатов

I'D rather trust software which can be audited than trusting

hardware from a random company...ledger is safe until it isnt. u dont need to trust these companies man . i would still use ledger if i needed a hot wallet or to connect to a not safe computer / connection though. not to generate keys and cold store it doesnt make any sense. answer this question to me. can you grab a ledger and change its firmeware ? yes or no ?

9 ответов

28 просмотров

Ledgers firware is verified by Ledger each time you use it and downloads are cryptographically signed. Either way, the Keys / seed words never leave the device. An attacker would need physical access to the HW device, some fine soldering skills, and be able to put it back together without you noticing. wallet.fail is a bit outdated, but shows the kind of attacks that HWs are vulnerable to — much harder to do than any software. OTOH Malware attacking the files on your computer that store the seed phrase for your Metamask or Trustwallet etc is rife. Most people's MM password is not very strong. Modern malware include a keylogger so the decrypion is straightforward, but even if they get just the encrypted file, there's no salt, and the software to decrypt is freelay available online — as are lists of millions of the most commpn passwords found in other data breeches. Regardless, by far the most crypto losses we see are when people get conned in to giving up seed words, or private keys — scammers DM claiming to be support and get them to click "export private key" or "reveal recovery phrase" directly from MM — That can NEVER happen with a HW.

Patinhas 🐾- Автор вопроса
𝙇𝙤𝙯ᵘᵏ [I Never DM You • Beware Of Scams]
Ledgers firware is verified by Ledger each time yo...

Ledgers firware is verified by Ledger each time you use it and downloads are cryptographically signed. nuf said. Keep your verification by a company. and i will keep my audited code.

Patinhas 🐾
Ledgers firware is verified by Ledger each time yo...

What audited code are you talking about?, I thought the discussion was about software wallets vs Hardware. You really think Ledger would risk their entire business model on dodgy updates?

Patinhas 🐾- Автор вопроса
𝙇𝙤𝙯ᵘᵏ [I Never DM You • Beware Of Scams]
What audited code are you talking about?, I though...

many things can happen when u trust other people. in this case u trust company and all their employers. ledger is cool but there are other risks as well

Patinhas 🐾
many things can happen when u trust other people. ...

They also publish their code on Github, and a change log so it's not too hard to have a quick read of the diff with each version. Git makes that super easy... but you still didn't answer the question: What audited code are you referring to? Sure there are other ways to stay safe, but all involve too much opSec for most people to maintain.

Patinhas 🐾- Автор вопроса
Patinhas 🐾
can a rogue ledger employer install backdoor on le...

Not without it being spotted before harming anyone, Now please for the 3rd time answer the question of what audited code you're referring to

Patinhas 🐾- Автор вопроса
𝙇𝙤𝙯ᵘᵏ [I Never DM You • Beware Of Scams]
Not without it being spotted before harming anyone...

ok so you agree it can. also: can a rogue ledger employer install dodgy firmware on ledger ?

Похожие вопросы

Обсуждают сегодня

@Benzenoid can you tell me the easiest, and safest way to bu.y HEX now?
Živa Žena
20
This is a question from my wife who make a fortune with memes 😂😂 About the Migration and Tokens: 1. How will the old tokens be migrated to the new $LGCYX network? What is th...
🍿 °anton°
2
What is the Dex situation? Agora team started with the Pnetwork for their dex which helped them both with integration. It’s completed but as you can see from the Pnetwork ann...
Ben
1
Anyone knows where there are some instructions or discort about failed bridge transactions ?
Jochem
21
@lozuk how do I get my phex copies of my ehex from a atomic wallet, to move to my rabby?
Justfrontin 👀
11
Hello, Is iExec also part of the "inception program" or another one ? Would it be a name to qualified the nature of the relationship between iExec and Nvidia? And does Secret ...
Ñïķøłäś
8
Ready for some fun AND a chance to win TKO Tokens? Join us for exciting minigames in our Telegram group! 🕒 Don’t miss out—games start on today 25 October 2024, at 8 PM! Ge...
Milkyway | Tokocrypto
255
any reference of this implementation?
BitBuddha
29
Also, why can’t the community have a vote/ say when it comes to initiatives like buybacks. Isn’t the point of crypto decentralisation? Don’t we deserve input as long term supp...
👨🏽‍🦰
13
Hi guys, any problem with Pulsebrige? Trying to transfer from wETH to ETH. First it tells me to connect my metamask "through mobile app" not desktop. Then I did and confirmed ...
Snowflakecrypto
13
Карта сайта