Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [ANN][KMD][dPoW] Komodo - Zcash Zero Knowledge Privacy Secured by Bitcoin
by
weryo
on 27/06/2017, 19:20:10 UTC
Quote from: jl777B on June 27, 2017, 06:56:18 PM
Quote from: markj113 on June 27, 2017, 04:18:00 PM
Quote from: jl777B on June 27, 2017, 04:05:14 PM
Quote from: markj113 on June 27, 2017, 04:00:52 PM
Quote from: BadAss.Sx on June 27, 2017, 03:23:21 PM
Ledger is hacked, as also the Trezor. Good luck

Link with the info about the hack?

Have recently ordered a ledger nano s and would like to confirm before using it.
It is an announcement of side channel attacks against hardware wallets, which requires you to lose physical access to the physical wallet.

Under such conditions, the attacker has forever to crack it and forever is enough time to accumulate statistical correlations using many side channel methods.

How long this process takes might be less than expected, but the important point is that if you dont lose your hardware wallet, none of these side channel attacks can be done.

If you want a hardware device that can withstand arbitrary amounts of attack after being physically lost... Well I doubt any such thing was ever possible. Maybe some setup with a deadman switch that pays out to a preset emergency address upon violation of the keepalive protocol, something like that would be needed to make sure funds in a lost device are recovered.


I wouldnt say they had forever, could you just order another nano ledger S then recover using the previous passphrase and send the coins to another secure wallet.

I would say your more likely to get caught with a malware key logger than someone physically stealing your hardware wallet.  May not be perfect but for me its about risk reduction.



OK, for passphrase based privkeys, it isnt forever. Though Murphy's Law will guarantee that you lose the hardware just as you go on a vacation and dont notice until you come back and then you can find any place that sells it in stock, so a couple weeks can easily pass.

My guess is that if any side channel attack is going to be practical, it wont take weeks to perform, but more like many hours or a day or two. Otherwise it is just too long a time and as you say the funds can be transferred out

AFAIK you don't need another Ledger, you can recover the private key with just the 24-word passphrase (not sure about Komodo though).
https://ledger.groovehq.com/knowledge_base/topics/how-to-restore-my-backup-without-a-ledger-wallet