Bitcoin Forum
September 21, 2018, 10:37:02 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Nano Leger S private keys really safe?  (Read 45 times)
kdn
Newbie
*
Offline Offline

Activity: 59
Merit: 0


View Profile
January 07, 2018, 06:33:02 AM
 #1

Hi, just thinking here, when we first setup the nano it gives us a recovery seed right. Then we add our wallets via the app manager. Wouldn't that mean every wallet install I would get a different private key (ie bitcoin and neo couldn't have the same private key).

If I lose my nano I use the recover seed to restore all my currencies back in one go.

So what I am getting at is how can the same recovery seed be tied back to multiple private keys (and ones that I may add in the future) does leger perhaps save my seed on their server along with a list of all my private keys I add? Surely not but can someone explain how that works?
1537569422
Hero Member
*
Offline Offline

Posts: 1537569422

View Profile Personal Message (Offline)

Ignore
1537569422
Reply with quote  #2

1537569422
Report to moderator
1537569422
Hero Member
*
Offline Offline

Posts: 1537569422

View Profile Personal Message (Offline)

Ignore
1537569422
Reply with quote  #2

1537569422
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537569422
Hero Member
*
Offline Offline

Posts: 1537569422

View Profile Personal Message (Offline)

Ignore
1537569422
Reply with quote  #2

1537569422
Report to moderator
HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 923

<insert witty quote here>


View Profile
January 07, 2018, 10:12:40 AM
 #2

Hi, just thinking here, when we first setup the nano it gives us a recovery seed right. Then we add our wallets via the app manager. Wouldn't that mean every wallet install I would get a different private key (ie bitcoin and neo couldn't have the same private key).
No. You wouldn't necessarily get a different private key (the HW wallets use this fact for claiming "fork" coins, see belwo)  So, in actuality, some of the coins CAN have the same private key... private keys are generally just very large numbers. We might be used to looking at them in slightly different forms like:
BTC: KzQdYqDHhCKNkjdr5kSCP5WJURbEq22BKa3kaVLVh6K9mD4iszXB
ETH: 0x82145ea7c90faa066109fafbfdec363adc30cf8827549daab096fd5f43d9057b
XRP: 61c2967ecd1fdc5e4c9070d9884e40b7084acc32cb9b1f85e0e40972db99b043

etc... but at the end of the day... they all convert back into numbers.

If you go here: https://iancoleman.io/bip39/ and generate a random seed... Click the "BIP44" tab... and then change the "Coin" value at the top, you can get a firsthand demonstration of how a hardware wallet is able to generate all the different keys/addresses for the different coins.

You'll notice that the "Derivation Path" changes... specifically... the "coin" value:

BTC: m/44'/0'/0'/0/0
EHT: m/44'/60'/0'/0/0
XRP: m/44'/144'/0'/0/0

This enables the wallet to generate different private keys/addresses for each coin... it is also what allows the hardware wallets to easily "claim" coins from Bitcoin forks... by simply using the BTC derivation path, but for a "BCH" or "BTG" wallet, they can generate the SAME private keys/addresses and get access to the forked coins! Wink

To demonstrate... note down the private key/address for BTC:

Example seed: execute blouse test blast average detail polar slide measure warm little man
BTC:
Address Path: m/44'/0'/0'/0/0
Address: 1Yn6AeqnE2eJT23VzB1yHpbytcXNCveoK
Pubkey: 03db0ff63c62d27f9f0e0547661c4692a3dd4ee098145056fc2da9df3a25d288c1
Privkey: KzQdYqDHhCKNkjdr5kSCP5WJURbEq22BKa3kaVLVh6K9mD4iszXB

Now, click BCH... but click BIP32 tab, and set Client to "custom" and Derivation Path to m/44'/0'/0'/0 (this is simulating a hardware wallet "claiming" fork coins):

Address Path: m/44'/0'/0'/0/0
Address: 1Yn6AeqnE2eJT23VzB1yHpbytcXNCveoK
Pubkey: 03db0ff63c62d27f9f0e0547661c4692a3dd4ee098145056fc2da9df3a25d288c1
Privkey: KzQdYqDHhCKNkjdr5kSCP5WJURbEq22BKa3kaVLVh6K9mD4iszXB


IDENTICAL! Now set the coin to "ETH" (still with BIP32, custom client and m/44'/0'/0'/0 derivation path):

Address Path: m/44'/0'/0'/0/0
Address: 0x16924278d8897F1dCAD81717F517A1F3c3b633f6
Pubkey: 0x03db0ff63c62d27f9f0e0547661c4692a3dd4ee098145056fc2da9df3a25d288c1
Privkey: 0x5f2140e2517fa4f496f40b46c8d6b07c39d2e912dd951ba00f6b0642401a6c47

Notice the pubkey... it's the same "big number"!!?! And if we put the BTC "WIF" privkey into https://www.bitaddress.org (click "wallet details")... we can see that:
Private Key Hexadecimal Format (64 characters [0-9A-F]):
5F2140E2517FA4F496F40B46C8D6B07C39D2E912DD951BA00F6B0642401A6C47

The privkey is the SAME as the ETH privkey!!?! #funWithCrypto Wink


Quote
If I lose my nano I use the recover seed to restore all my currencies back in one go.
So what I am getting at is how can the same recovery seed be tied back to multiple private keys (and ones that I may add in the future) does leger perhaps save my seed on their server along with a list of all my private keys I add? Surely not but can someone explain how that works?
They don't store anything, anywhere... that recovery seed is the start point for ALL the wallets for ALL the coins... they simply use different derivation paths to get the private keys/addresses for the different coins.

Proofer
Member
**
Offline Offline

Activity: 257
Merit: 10


View Profile
January 07, 2018, 09:43:11 PM
 #3

Hi, just thinking here, when we first setup the nano it gives us a recovery seed right. Then we add our wallets via the app manager. Wouldn't that mean every wallet install I would get a different private key (ie bitcoin and neo couldn't have the same private key). ...
TL;DR: The recovery seed is used to (re)generate a master seed, from all the private seeds for one or more coin types are derived in a deterministic fashion. Ledger Nano S is a Hierarchical Deterministic (HD) wallet.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!