hardware from a random company...ledger is safe until it isnt. u dont need to trust these companies man . i would still use ledger if i needed a hot wallet or to connect to a not safe computer / connection though. not to generate keys and cold store it doesnt make any sense. answer this question to me. can you grab a ledger and change its firmeware ? yes or no ?
Ledgers firware is verified by Ledger each time you use it and downloads are cryptographically signed. Either way, the Keys / seed words never leave the device. An attacker would need physical access to the HW device, some fine soldering skills, and be able to put it back together without you noticing. wallet.fail is a bit outdated, but shows the kind of attacks that HWs are vulnerable to — much harder to do than any software. OTOH Malware attacking the files on your computer that store the seed phrase for your Metamask or Trustwallet etc is rife. Most people's MM password is not very strong. Modern malware include a keylogger so the decrypion is straightforward, but even if they get just the encrypted file, there's no salt, and the software to decrypt is freelay available online — as are lists of millions of the most commpn passwords found in other data breeches. Regardless, by far the most crypto losses we see are when people get conned in to giving up seed words, or private keys — scammers DM claiming to be support and get them to click "export private key" or "reveal recovery phrase" directly from MM — That can NEVER happen with a HW.
Ledgers firware is verified by Ledger each time you use it and downloads are cryptographically signed. nuf said. Keep your verification by a company. and i will keep my audited code.
What audited code are you talking about?, I thought the discussion was about software wallets vs Hardware. You really think Ledger would risk their entire business model on dodgy updates?
many things can happen when u trust other people. in this case u trust company and all their employers. ledger is cool but there are other risks as well
They also publish their code on Github, and a change log so it's not too hard to have a quick read of the diff with each version. Git makes that super easy... but you still didn't answer the question: What audited code are you referring to? Sure there are other ways to stay safe, but all involve too much opSec for most people to maintain.
can a rogue ledger employer install backdoor on ledger ?
Not without it being spotted before harming anyone, Now please for the 3rd time answer the question of what audited code you're referring to
ok so you agree it can. also: can a rogue ledger employer install dodgy firmware on ledger ?
lol, I agree that you're a troll. Good luck.
Обсуждают сегодня