They state that the seed phrase undergoes encryption and is divided into three shreds. These shreds are then directly sent to the three custodians from the Ledger device itself. When a recovery is requested, these encrypted parts are sent back to the new or old hardware device and decrypted back in the recovery seed. Nowhere does it mention that the shreds must pass through any Ledger server for encryption or decryption during recovery.
This means all shreds pass through your computer, and through Ledger Live. If Ledger Live gets compromised, your seed can get compromised.
I agree. I was trying to explain to tenant48 that his idea about each Ledger device having a unique key pair doesn't hold up because it would render the decryption of shreds on a new device impossible. It just doesn't make logical sense in that context.
The whole point of a hardware wallet used to be that your security doesn't depend on the security of the computer you're using.
Absolutely! The whole idea behind a hardware wallet is to eliminate as many potential attack points as you can, not to introduce new ones, no matter how insignificant they might seem. Safety first, no compromises!