Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
I just saw a local thread, and ran here to see if it was true or not, I thought it was a joke or a misunderstanding
I have a question that might be important about this service:
--> Will this update make Ledger able to extract the seed from the hard wallet? (which I thought was impossible, like you said)
or
--> Will the user have to type the seed to be stored by the ledger?
If it's the second option it wouldn't change much regarding security for those who don't opt for the service
But if it is the first option, it is a tool that can fall into the wrong hands and generate an exploit
I'm worried, since I have a Ledger Nano S
The whole point of a hardware wallet is to store your seed phrase and private keys safely and securely inside and prevent them from being extracted. The whole point of Ledger's secure element is that there is no possible way to extract the seed phrase from it. Now we have just discovered that a simple firmware update will permit the secure element to start sending your seed phrase across the internet. Ledger have just admitted that their entire design is deeply flawed.
I have a question that might be important about this service:
--> Will this update make Ledger able to extract the seed from the hard wallet? (which I thought was impossible, like you said)
or
--> Will the user have to type the seed to be stored by the ledger?
If it's the second option it wouldn't change much regarding security for those who don't opt for the service
But if it is the first option, it is a tool that can fall into the wrong hands and generate an exploit
I'm worried, since I have a Ledger Nano S