https://youtu.be/M3VjQUcyZSY?t=1285 - Apparently the shards aren't encrypted at all, despite Ledger previously stating this. It's literally just Shamir's. So there is no decryption key to be stored on the device or by Ledger themselves, making it even easier than thought to compromise the set up.
I want to clarify a little.
Shards aren't encrypted, but as tenant48 pointed out in the post above are transmitted over an encrypted channel using ephimeral symmetric key.
During the process, the secure channel uses an ephemeral symmetric key to securely transport the fragments.
Such keys are negotiated by both parties using
asymmetric cryptography.For asymmetric crypto to work, each Ledger wallet must have a unique private/public key pair, which was also mentioned earlier in this thread. Ledger does not need to store databases with these keys or do intermediate re-encryptions.
Thus, it is absolutely safe to transfer the seed to a completely new wallet. The attacker will not have a chance to intercept the seed or its fragments during transmission or receipt.