man ledger really fucked things this time
after that data breach, this is the last straw
time to go be a coinkite patron
Discussion
what happened now ðŸ˜
newest firmware update adds a seed phrase recovery feature that is based off secret sharing
effectively it adds an opt-in backdoor to your seed phrase that requires 2 custodians
the bad part, is that if I firmware update was all it took to access your seed phrase, was ledger ever secure in the first place?
well, 2/3 custodians to recover
if you're interested in secret sharing, check out
https://en.m.wikipedia.org/wiki/Secret_sharing
Shamir's Secret Sharing is one of the better known schemes
we talked about this in cryptography !🤗
AFAIK, the data breach at Ledger concerned their customer database and had nothing to do with their products themselves.
The beauty of Ledger (and Trezor, if I‘m not mistaken) is that you can use it to store a spectrum of crypto currencies on one device. Coldcard is only for BTC AFAIK, so it’s only partially a good alternative. What would you suggest as a true alternative to Ledger with even fewer drawbacks?
you are correct with regards to the data breach, however a breach of a companies internal security reflects poorly on the security of their devices.
I will likely use ledger to store what small amounts of other coins I hold, but I am considering moving my comparatively large stack of #bitcoin to another device.
Admittedly, it reflects badly on overall security. On the other hand, we all know that focussing on one aspect (the product) can lead to underperformance in another (customer database). It‘s not my intent to defend them, but IMHO too many ppl mix up facts which have no causal connection.
Sounds sensible to me. I‘ve had my eye on a coldcard for some time, so maybe this is the moment to take action. And I heard they even have a promo going on currently!
It will be interesting to see what the next move of Ledger will be. My impression from the discussions on nostr today is that there will be a backlash from the OG crypto community, that alone should make Ledger think really hard about whether this was a sensible update.
ledger recover happened
Appears that it’s only an issue if you opt into the Recovery feature
Yep, last straw. I’m out.