Post
Topic
Board Hardware wallets
Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
by
Pmalek
on 07/06/2023, 13:21:54 UTC
For Ledger Recover, even if we assume that the Nano S/X hardware device itself is secure, the only way for those shares and the associated decryption key to leave the Nano device and reach the third party custodians is via your computer. Therefore, your computer must receive, store, process, and transmit all the information necessary to empty your wallets. If your computer is compromised while you do this, or if the data is stored in memory and recoverable, then your coins can be stolen by compromise of your computer alone. This is the exact same situation as any hot wallet.
I have no reason to doubt your words, but maybe we should wait for Ledger to release how exactly they envision this system of theirs is supposed to work. More importantly, how and when the encryption will take place. Does the Secure Element have the capacity to encrypt everything on the chip before taking any further actions? Or does the encryption take place in Ledger Live where it could become vulnerable to various attack models?