Bitcoin Forum
September 19, 2018, 04:02:44 PM *
News: ♦♦ Bitcoin Core users must update to 0.16.3 [Torrent]. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Ledger Nano: is it secure?  (Read 1776 times)
Lionel
Sr. Member
****
Offline Offline

Activity: 503
Merit: 264


View Profile
September 09, 2017, 01:05:58 AM
 #1


Suppose i am using Electrum with Ledger Nano S.
When i send a payment, i must manually enter the PIN on the USB device (source: https://ledger.groovehq.com/knowledge_base/topics/how-to-setup-electrum-nano-slash-nano-s )

But i wonder if the Nano shows me the transaction details as well ( destination address(es), amount(s) ).
If not, i don't consider this solution very safe.

Suppose a virus on my PC acts as a man-in-the-middle when the payment command is sent from Electrum to the USB device.
The virus may change the payment destination address on-the-fly after the command goes out of Electrum wallet but before it enters the USB bus to reach the device.

Anyone of you that has a Nano and can confirm that it displays transaction info upon PIN request ?
1537372964
Hero Member
*
Offline Offline

Posts: 1537372964

View Profile Personal Message (Offline)

Ignore
1537372964
Reply with quote  #2

1537372964
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537372964
Hero Member
*
Offline Offline

Posts: 1537372964

View Profile Personal Message (Offline)

Ignore
1537372964
Reply with quote  #2

1537372964
Report to moderator
1537372964
Hero Member
*
Offline Offline

Posts: 1537372964

View Profile Personal Message (Offline)

Ignore
1537372964
Reply with quote  #2

1537372964
Report to moderator
1537372964
Hero Member
*
Offline Offline

Posts: 1537372964

View Profile Personal Message (Offline)

Ignore
1537372964
Reply with quote  #2

1537372964
Report to moderator
GreenBits
Legendary
*
Offline Offline

Activity: 1064
Merit: 1000


It could be worse...


View Profile
September 09, 2017, 01:27:42 AM
 #2


Suppose i am using Electrum with Ledger Nano S.
When i send a payment, i must manually enter the PIN on the USB device (source: https://ledger.groovehq.com/knowledge_base/topics/how-to-setup-electrum-nano-slash-nano-s )

But i wonder if the Nano shows me the transaction details as well ( destination address(es), amount(s) ).
If not, i don't consider this solution very safe.

Suppose a virus on my PC acts as a man-in-the-middle when the payment command is sent from Electrum to the USB device.
The virus may change the payment destination address on-the-fly after the command goes out of Electrum wallet but before it enters the USB bus to reach the device.

Anyone of you that has a Nano and can confirm that it displays transaction info upon PIN request ?

the generation of the transaction is handled onboard the wallet. the only information exposed to memory, to the best of my knowledge, is the transaction itself, which is encrypted. the virus would have to hijack the device itself to compromise the transaction. this is why the transaction details are confirmed via interface. if those details are correct, then the transaction broadcasted to the network would be composed of those details.

the best a mitm attack could do is change a copy/paste address by hijacking the ram and subverting things sent to the clipboard. if you simply confirm the details, you should be able to detect the change in address, and move the device to a stable/secure environment Wink

hardware wallets ftw.
HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 923

<insert witty quote here>


View Profile
September 09, 2017, 11:55:29 AM
 #3


... the generation of the transaction is handled onboard the wallet. the only information exposed to memory, to the best of my knowledge,
No, the transaction is created in your software wallet (Ledger app or Electrum etc). It is the SIGNING of the transaction with the appropriate private keys that happens on the hardware wallet.


Anyone of you that has a Nano and can confirm that it displays transaction info upon PIN request ?
And to answer the OPs question... yes, it displays the address and amount and you have to confirm it before the transaction is signed and returned to the software wallet for broadcasting.

Lionel
Sr. Member
****
Offline Offline

Activity: 503
Merit: 264


View Profile
September 09, 2017, 01:39:54 PM
 #4


Anyone of you that has a Nano and can confirm that it displays transaction info upon PIN request ?
And to answer the OPs question... yes, it displays the address and amount and you have to confirm it before the transaction is signed and returned to the software wallet for broadcasting.

Sounds good then Smiley
Lionel
Sr. Member
****
Offline Offline

Activity: 503
Merit: 264


View Profile
September 09, 2017, 07:26:32 PM
 #5

What happens if my Nano burns or i lose it?

Does it support BIP 38 seeds so that i can restore my private key ?
xSkyer
Full Member
***
Offline Offline

Activity: 196
Merit: 100


★777Coin.com★ Fun BTC Casino!


View Profile
September 09, 2017, 07:28:25 PM
 #6

What happens if my Nano burns or i lose it?

Does it support BIP 38 seeds so that i can restore my private key ?

Yes. On the first boot you are given 24 words which you can write down on included in the box recovery sheet. Most of the things like seed, pin, transactions show up on ledger's screen and require usage of buttons on the device.

TryNinja
Hero Member
*****
Online Online

Activity: 770
Merit: 756


ChipMixer's Badge of Honor


View Profile
September 09, 2017, 07:30:31 PM
 #7

What happens if my Nano burns or i lose it?

Does it support BIP 38 seeds so that i can restore my private key ?
That's why you need to backup your seed when creating your wallet. Then, if you lose your device, you can:

1. Buy a new Nano and restore your wallet.
2. Restore your wallet in any any wallet supporting 24-word passphrases, compatible with:
  • BIP39 wordlist,
  • BIP32 (Hierarchical Deterministic wallets specifying a generic key derivation method),
  • BIP44 (specifying how the keys are derived) standards.

Every known wallet compatible with the Ledger Nano backup phrase can be found here[1].

[1] http://support.ledgerwallet.com/knowledge_base/topics/how-to-restore-my-backup-without-a-ledger-wallet

Lionel
Sr. Member
****
Offline Offline

Activity: 503
Merit: 264


View Profile
September 09, 2017, 11:33:41 PM
 #8

Very good.

And if someone steals your Nano they cannot read the Seed because they haven't the PIN.
But they may disassemble the Nano and directly read the flash memory in it, and copy directly your private key.

So you better not lose your Nano and if so, immediately restore the wallet with the seed with another Electrum instance and transfer the coins elsewhere
HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 923

<insert witty quote here>


View Profile
September 10, 2017, 06:03:59 AM
 #9

And if someone steals your Nano they cannot read the Seed because they haven't the PIN.
But they may disassemble the Nano and directly read the flash memory in it, and copy directly your private key.
You make it sounds like they just need to crack open the case and read some data from the "flash memory" to be able to get the private key...

The Ledger Nano S Hardware Wallets use a "secure element" (aka smartcard) that makes it extremely difficult for anyone but very well resourced attackers with very high levels of technical expertise and specialised equipment to be able to perform the private key extraction attack.

Ref: https://www.ledger.fr/2015/01/17/bitcoin-security-why-smart-cards-matter/

Granted, this is an article written by the manufacturer, but the theory is sound...

XXX_BTC1@
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
November 03, 2017, 06:54:55 AM
 #10


Suppose i am using Electrum with Ledger Nano S.
When i send a payment, i must manually enter the PIN on the USB device (source: https://ledger.groovehq.com/knowledge_base/topics/how-to-setup-electrum-nano-slash-nano-s )

But i wonder if the Nano shows me the transaction details as well ( destination address(es), amount(s) ).
If not, i don't consider this solution very safe.

Suppose a virus on my PC acts as a man-in-the-middle when the payment command is sent from Electrum to the USB device.
The virus may change the payment destination address on-the-fly after the command goes out of Electrum wallet but before it enters the USB bus to reach the device.

Anyone of you that has a Nano and can confirm that it displays transaction info upon PIN request ?

ledger nano s is the hardware wallet we have to save out bit coins and lite coins, zcash coins, dash coins, ethereum coins and ripple coins. so you have to buy and keep your bit coin in to this wallet and hold long time. ledger nano s is the best and secure wallet. it can carry easily and good for security.
Kico
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
November 27, 2017, 04:47:14 AM
 #11

Can Ledger company keep private keys for the public keys generated by the Ledger Wallet to steal my money?
E.g. they create bitcoin public and private keys, save it. My wallet "generates" these keys, I put money there, they take my money as they know the keys.
HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 923

<insert witty quote here>


View Profile
November 27, 2017, 05:38:14 AM
 #12

Can Ledger company keep private keys for the public keys generated by the Ledger Wallet to steal my money?
E.g. they create bitcoin public and private keys, save it. My wallet "generates" these keys, I put money there, they take my money as they know the keys.
They'd have to keep an awful lot of private keys to be able to do this...

You can continually reset the device as many times as you like, generating a new randomly generated seed (and thus, new private and public keys) every time you reset it...

Kico
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
November 27, 2017, 04:03:22 PM
 #13

Can Ledger company keep private keys for the public keys generated by the Ledger Wallet to steal my money?
E.g. they create bitcoin public and private keys, save it. My wallet "generates" these keys, I put money there, they take my money as they know the keys.
They'd have to keep an awful lot of private keys to be able to do this...

You can continually reset the device as many times as you like, generating a new randomly generated seed (and thus, new private and public keys) every time you reset it...
It's not a problem to keep thousands keys for every device.
In my imaginary situation device doesn't generate random public and private key. It gives the next pair which Ledger company knows
bob123
Hero Member
*****
Offline Offline

Activity: 686
Merit: 561



View Profile WWW
November 27, 2017, 04:59:46 PM
 #14

It's not a problem to keep thousands keys for every device.
In my imaginary situation device doesn't generate random public and private key. It gives the next pair which Ledger company knows

You should stop "imagining" stuff and start to read stuff.
The whole part which handles the key generation / initialization of the ledger is
1) made onboard and
2) is open source. You can chack github and read into the algorithm. There is no hardcoded list of compromised keys. Also there is no communication
to any server during key generation and initialization of the ledger wallet.


Kico
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
November 28, 2017, 01:59:30 AM
 #15


The whole part which handles the key generation / initialization of the ledger is
1) made onboard and
2) is open source


Thank you!
How can I be sure that device executes the code posted on github, not a different one?
bob123
Hero Member
*****
Offline Offline

Activity: 686
Merit: 561



View Profile WWW
November 28, 2017, 07:32:32 AM
 #16

How can I be sure that device executes the code posted on github, not a different one?


You can verify the integrity of the software running on your device. As in their ledger blue checkGenuine.py (https://github.com/LedgerHQ/blue-loader-python/blob/master/ledgerblue/checkGenuine.py#L72).
Basically you are using:
Code:
pip install --no-cache-dir ledgerblue
python -m ledgerblue.checkGenuine --targetId 0x31100002

You find the secp256k1 public key for the current batch here:
Code:
args.issuerKey = "0490f5c9d15a0134bb019d2afd0bf297149738459706e7ac5be4abc350a1f818057224fce12ec9a65de18ec34d6e8c24db927835ea1692b14c32e9836a75dad609"
( https://github.com/LedgerHQ/blue-loader-python/blob/master/ledgerblue/checkGenuine.py#L119)


To go even further you could try to open your ledger and check whether there is an additional chip implemented and the MCU is an stm2f042k6 (with 32 Kb flash, as a bigger flash could contain code fooling the Secure Element validation). Ledger has described this pretty comprehensibly here: https://ledger.zendesk.com/hc/en-us/articles/115005321449-How-to-verify-the-security-integrity-of-my-Nano-S-

Kico
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
November 29, 2017, 01:34:37 AM
 #17

Thank you, Bob!
cupic
Member
**
Offline Offline

Activity: 196
Merit: 10

https://cryptosolartech.org


View Profile
November 29, 2017, 01:41:41 AM
 #18

Does not work with alt-coins. Won't recognize pivx,expanse, ubiq,ark,vertcoin. The app loads but I can't access the wallet. Only works with Bitcoin, Ethereum, and Riplle. Any suggestions?It will not recognize Legder Nano S is unlocked. I tried turning off browser support and reinstalling the app
Jonnylolo
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
November 29, 2017, 03:03:09 AM
 #19

Does not work with alt-coins. Won't recognize pivx,expanse, ubiq,ark,vertcoin. The app loads but I can't access the wallet. Only works with Bitcoin, Ethereum, and Riplle. Any suggestions?It will not recognize Legder Nano S is unlocked. I tried turning off browser support and reinstalling the app

For most alt-coins, you'll need to access it via the desktop function through myetherwallet (MEW). They don't appear on the nano ledger apps.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!