Post
Topic
Board Hardware wallets
Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
by
FatFork
on 07/06/2023, 10:39:38 UTC
Theoretically, hackers can make a patch for Ledger Live to intercept the encrypted Seed, which is divided into 3 parts. Of course, without the decryption key stored on the Ledger, they can't do anything.
How can the encryption key be stored on your Ledger device, if you can recover your crypto on any other Ledger HW of your choosing? The other devices can't hold your encryption key. The original hardware device maybe, but it looks like Ledger gets a copy of it. How else do you explain recovering crypto on Ledger #2 if Ledger #1 that encrypted the shards is no longer working/in your possession? Either Ledger has the keys or the encryption key is also somehow shared among all custodians.


Each Ledger has a security chip that can have a unique private and public key. All Ledger needs is to get your seed from two sources, decrypt it at home, then read the unique public key from your new Ledger and re-encrypt the seed individually for your instance. I don't see any difficulties here.

But that's not how it's supposed to work, according to Ledger. They state that the seed phrase undergoes encryption and is divided into three shreds. These shreds are then directly sent to the three custodians from the Ledger device itself. When a recovery is requested, these encrypted parts are sent back to the new or old hardware device and decrypted back in the recovery seed. Nowhere does it mention that the shreds must pass through any Ledger server for encryption or decryption during recovery. Additionally, the process you described would imply that Ledger stores all private encryption keys from every device they have ever produced on their servers, which would create a single point of failure. It wouldn't make sense to keep such a system in place, and the entire process of splitting the recovery seed into shreds and distributing them to three different custodians wouldn't make sense in that case.