Ninjastic
PostEdited versionsQuotes to this post
Post was edited
 3 days ago (view)
Post
Topic
Board Hardware wallets
Merits 2 from 2 users
Re: Ledger Recovery Key: Ledger Recover 2.0?!
by
Cricktor
on 11/07/2025, 18:52:39 UTC
⭐ Merited by satscraper (1) ,Lucius (1)
Frankly, I don't remember if I read it somewhere here in the forum or more likely when it struck me when I saw some interview of Pascal Gauthier around the time when they first introduced their Ledger Recovery subscription service stupidity. This french dude showed off with probably at least one or more rings at virtually any of his fingers, had a quite arrogant stance and I perceived him equally evil as Tolkien's Sauron.

What a douche, I was so disgusted by his behavior that how I like to call him stuck. Anyway, whoever called him that way first, made a point.


Quote from: satscraper on Today at 07:50:43 AM
However, it seems to me that even Passport Core includes such code, as it has the ability to display SEED on its screen upon user request. I believe hardware wallets that offer the same functionality have also this part of code as well. What are your thoughts on this?

That's an interesting question, indeed. I thought that most decent hardware wallets would display the mnemonic recovery words (which are just a human-friendly representation of the wallet's initial entropy secret) only once when the entropy has been created and the user is tasked to back it up.

After backup, this secret shall be secured in the secure element and there's no need to extract it from there anymore. Further cryptographic operation should happen in the secure element and ideally not outside of it. I might be wrong with this assumption and I might have forgotten some details of different hardware wallets.

Before Ledger Recovery, Ledger wouldn't display you the mnemonic recovery words again. To verify your backup words you needed to install the verification app where you can enter the backup words and the app would tell you if your entered words match the wallet's stored entropy or anything uniquely derived from it.

To verify you don't need to have the entropy leave the secure element. Your input is processed to the entropy secret or anything closely and uniquely derived from it and stored and processed secret can be compared inside the secure element. The secure element only needs to answer if there's a match or not.

Hm, I've to check how my BitBox02 handles this. Can't remember it'll ever show me the wallet's recovery words again.

And yes, what Pmalek mentions and what I tried to highlight as a quite despicable part of firmware is code that's there to have the main secret leave the hardware device completely. Oh boy, this is a can of worms and we kicked it. Yes, I'm aware, my BitBox02 allows a backup on a microSD card. Is this equally wrong as Ledger's Recovery service crap? You judge!

Displaying the wallet's recovery words again on demand feels kind of wrong to me, too.