Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Merits 3 from 2 users
Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
by
satscraper
on 17/05/2023, 18:39:00 UTC
⭐ Merited by vapourminer (2) ,RickDeckard (1)
Quote from: o_e_l_e_o on Today at 05:37:48 PM
Quote from: tabas on Today at 05:34:42 PM
Say that even if we've got the old nano s but they can still try to do something and update and force an update for its firmware, is that right?
An update is irrelevant. As I explained earlier in this thread and in the tweet just above, the whole point of Ledger's Secure Element was that the private keys could never leave the Secure Element. We now know that claim is a lie, and has therefore been a lie since day one. A simple piece of code is all that is required to extract your private keys. All Ledger devices are vulnerable whether or not you opt in to this or update to the latest firmware.

According to ANSSI  their devices where always vulnerable  in this respect:


Quote from: https://www.ssi.gouv.fr/uploads/2019/02/anssi-cible-cspn-2019_03en.pdf

That is why I have bought Passport 2 and moved my stash there.