You are viewing a single comment's thread from:
RE: AMAZING NEW VERSION OF LEDGER HARDWARE WALLET IS OUT!
The greater app limit is the best thing about this!
In answer to your question, there was an interview with the head of Ledger on Unchained recently. In it, he says the bluetooth has the same security as the Usb connection, as it only acts as a transfer of the encrypted transaction information. The signing and private keys remain on the secure enclave, so it is appears to equivalent to using Ledger Live. If the the Bluetooth connection is compromised, it seems like it is only the transaction information (after de-encryption!) is visible (public addresses and amount).
The more powerful secure enclave means previously critical attacks on the unsecured micro controller can be moved to a better protected area.
I don't believe that for a second. What if someone intercepts the encryption / de-encryption and it's a big movement of cash? At some point that device is communicating that its okay to go ahead, or its accepting the private keys. The point I'm making is wireless wallets make the possibility of remote theft much greater. I know what's on my computer, I don't know what's in the room next door or your pocket.
Yes... in principle, yes, I agree that the idea of wireless wallets is unsettling... but specifically for the Ledger, the signing of the transaction is done on the secure enclave, and so it doesn't matter. The transaction that can be intercepted (and decoded if you have enough power, but that is a seriously difficult task in the time that you have, and if you can do that, you may as well take down the entire chain!) is the same as what is published on the public blockchain anyway, as far as I understand.
It is the same principle that lies behind the security of being able to use a Ledger on any computer, network and USB connection, even ones that aren't hyper secured. The signing is still tied to the secured section of the physical Ledger.
A vault with two different doors with two different types of locks is less secure than just one of the doors. That being said, I think the wireless aspect will be safe and nearly impossible to hack.
My main concern is people taking advantage of the convenient features and using this thing in public.
Ohh the restaurant down the street just got a payment from an account with 10000eth. I bet it's the dude who will be walking to the lambo parked out front.
Don't keep your investments in your public wallet. Fill the thing up from an exchange only and in reasonable amounts if you plan on using it in public.
Sure you can always enable passphrase and use the lesser account. People are dumb though. Don't get me wrong idiots can already keep 10000eth in a software wallet, but Ledger may give more of them confidence to forget the world is filed with bad guys. Same issue I have with serin labs phone. Its obvious people with these have crypto.