I know theres threads about this often, but I never hear this asked; How can we trust the integrity of ledgers custom OS when the devs don't open-source their software?
They claim its to improve security so hackers can't find flaws, but ideally it should be open source so white-hat hackers can find flaws. They don't even do third party security audits. Secure hardware means shit if theres backdoors already programmed into the software at the root level.
Other urls found in this thread:
ledger.com
twitter.com
Then stick it in your ass
>They claim its to improve security so hackers can't find flaws
snake oil security it is called.
Trezor is open source and all vulnerabilities found on it have been related to memory and could only be exploited by some hacker stealing your hardware and inmediately viewing info in the temporal memory.
No , the only thing that harware wallets do is encrypt when you enter your wallet so basically you only click random shit on the screen so if you have a keylogger nothing is seen as there is a physical and software factor combined together.
dno man shit works fine you know man, got mine on ebay for like 10 usd. fekking bargain if you ask me man. hardware wallet is a nobrainer.
Your private keys are encrypted in their cloud. If they go out of business or get hacked you are screwed. Hardware wallets are not to be trusted, paper wallets with offline key generation are the way to go.
dude i will trust bruce schneier on this one. in cryptography only opensource is acceptable if a code does not stand up for open scrutiny it's not to be trusted.
the issue with the os not being opensource is you (and thousands of other devs more importantly) can't check for backdoors and obvious coding mistakes leading to leaks and other exploits. which may allow to install malware on the device if connected to your pc.
exactly
you are stupid that's not how hw work. and the app that runs on the pc is opensource so you can check it out.
We're not talking about the computer itself, I'm talking about a rootkit preprogrammed into the ledger OS.
You realize they built their own OS for this right? Why didn't they just make a custom Linux distro built off bsd or something. I understand making your own may improve security but it also means now we have to trust them instead of the tens of thousands open-source devs worldwide building on Linux
>I understand making your own may improve security
almost never really does
Nice digits fren and thanks. I was actually considering the move from paper wallets to hardware because eventually we have to spend or crypto, I can do offline transactions into hot wallets however so thats ok.
Wanted to see if my paranoia was based.
Trezor is open source and real niggas use it
no don't listen to that idiot! hw wallets have totally different vulnerabilities.
hardware wallets are not durable
just like any flahdrive the data can disappear over time
also the unencrypted recovery words pose a great risk of getting your private key stolen
Private keys are stored in the hardware thats literally the point, so if they've preprogrammed the ledger os to have a backdoor, nothing you can do. Open sourcing the apps means nothing, we need to open source the OS to verify its security
got tha bitty coins on tha trezzie my nigga aint lettin no ching chow chong donut glazer have my privey keys breh
bitches see the trez? cheeks clapped. on-site my nigga
this also add that the device itself if the attacker get physical access to it is a great vulnerability. slightly better than if he finds your seed words and i'm not talking about your kids or wife i'm talking about a capable and prepared attacker the fence passes it to after jamal lifts it.
never ever write down all the seed words and keep them in one place! that's no1 priority with a hw wallet, you can group the seed words and store them at multiple locations, or use shamirs which does not actually decrease the security it's just a bit more complicated and needs a script.
also do not ever fucking leave your private keys to your cold storeage on the device!! only a decoy/spend wallet!
Curious to hear your thoughts?
now you are getting it, but only the surface
the devices are not cryptographically secure. they can't be. they rely on soft security measures like secure element chips and pin codes.
not your keys not your coins, that's why I'm bullish on Resistance dex
Ledger has been open source for a while now.
but the hardware isn't
as far as i know only parts of it. the recovery software and the pc client and part of the embedded code. but they are pledged to decrease the closed source components as they should.
in the meantime i recommend you use it as part of a 2 out of 3 multisig wallet scheme but even then you may face problems like altered transactions unless you are super careful (which is tiresome)
they obviously meant the propertiarty tamper resistant chip nigga
My seed phrase is just the cost of a large pizza and a coke from my old work, Panucci's pizza.
yup it's hardened against side channel attacks and intrusive attacks, but it only really raises the bar a little. your average 8yo geek won't be able to crack one open as the cost of the attack ranges from a grand to a few 10 grands (but for as many devices as you want).
one hundred thousand sweaty nerds have been working tirelessly 24/7 to hack it for the past decade straight, and still haven't been able to compromise it, just chill bros
isn't it a 2018 development? i do not really keep a close track of these gadgets i'm gonna wait until someone gets it right.
Ledgers are open source
Based and Frypilled
