dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
May 04, 2022, 03:32:16 PM |
|
Assuming what Ledger says is true and they use French pick & place soldering service, they only receive bare PCBs from China. How would 'the Chinese' install a backdoor on a bare PCB? You know, this kind of stuff
Why would I trust anything that people from ledger are saying, when it's proven they are either liars or they don't know facts about manufacturing? Backdoors are most likely hidden on microchips, not in PCB's, and it could be similar like with smartphones with encryption that can be decrypted by governments. I don't understand they would invested bunch of money in making videos, music videos, promotional campaigns with celebrities, etc. but they keep hiding origin of their components. Ledger is Made in China and Assembled in France, nothing wrong with that, just be transparent about it.
|
|
|
|
n0nce
|
|
May 05, 2022, 12:55:31 AM |
|
Assuming what Ledger says is true and they use French pick & place soldering service, they only receive bare PCBs from China. How would 'the Chinese' install a backdoor on a bare PCB? You know, this kind of stuff
Why would I trust anything that people from ledger are saying, when it's proven they are either liars or they don't know facts about manufacturing? Backdoors are most likely hidden on microchips, not in PCB's, and it could be similar like with smartphones with encryption that can be decrypted by governments. I don't understand they would invested bunch of money in making videos, music videos, promotional campaigns with celebrities, etc. but they keep hiding origin of their components. Ledger is Made in China and Assembled in France, nothing wrong with that, just be transparent about it. I don't trust that myself; I'm just saying, if we assume it's actually assembled in France, and they only get bare PCBs from China, the devices can't have 'Chinese backdoors' on them. Except if they buy backdoored components of course, but as you said, everyone gets their components from China.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7538
Playgram - The Telegram Casino
|
|
May 07, 2022, 08:09:31 AM |
|
I don't trust that myself; I'm just saying, if we assume it's actually assembled in France, and they only get bare PCBs from China, the devices can't have 'Chinese backdoors' on them. Except if they buy backdoored components of course, but as you said, everyone gets their components from China. If we start getting paranoid about everything that can have Chinese backdoors, we shouldn't buy 90% of the things we own. That includes the monitor you will read this post on, the mouse you open the thread with, and the chair you are sitting in. All companies lie to protect their business interests and to increase their profits. When they get caught, they will lie about why they were lying. Even when they are not lying, they are intentionally withholding the truth or parts of the truth from their users to protect themselves and their profit margins. And yes, that goes for Ledger's biggest competitor as well.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
May 08, 2022, 10:57:01 PM |
|
I don't trust that myself; I'm just saying, if we assume it's actually assembled in France, and they only get bare PCBs from China, the devices can't have 'Chinese backdoors' on them. Except if they buy backdoored components of course, but as you said, everyone gets their components from China.
It's not just China that has problem, other government parasites are also working on backdoors, so I don't trust any of them. Fact is that most electronics are now made in China and they have one of the crazy totalitarian ruling system, so that is why I mentioned them previously. If we start getting paranoid about everything that can have Chinese backdoors, we shouldn't buy 90% of the things we own. That includes the monitor you will read this post on, the mouse you open the thread with, and the chair you are sitting in. Are you keeping money and keys for your money in monitors, mouses and chairs or not? It's known fact that smart tv monitors have been used for spying people, same as smartphones and other stupidly smart devices, but I guess people don't have anything to hide and they just shit with toilet door open. We are talking about sensitive financial information here and yes I don't fully trust any electronics that is coming from China, and from other countries.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7538
Playgram - The Telegram Casino
|
|
May 09, 2022, 08:22:42 AM |
|
Are you keeping money and keys for your money in monitors, mouses and chairs or not? My point was that the computer, laptop, or phone you are using was made in China including all of its hardware components. You connect your hardware wallet to this China-made blackbox, access your financial, private data, work-related data, etc. You have a choice to connect a hardware wallet without a secure element that has vulnerabilities, which those with a secure element don't have, or use one with a secure element, which is probably again manufactured in China and closed-source. And no one knows what it does.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
m2017
Legendary
Offline
Activity: 1988
Merit: 1401
Playbet.io - Crypto Casino and Sportsbook
|
|
May 09, 2022, 10:50:42 AM |
|
I don't trust that myself; I'm just saying, if we assume it's actually assembled in France, and they only get bare PCBs from China, the devices can't have 'Chinese backdoors' on them. Except if they buy backdoored components of course, but as you said, everyone gets their components from China. If we start getting paranoid about everything that can have Chinese backdoors, we shouldn't buy 90% of the things we own. That includes the monitor you will read this post on, the mouse you open the thread with, and the chair you are sitting in. The more paranoid we are, the safer it will be for us. Relaxing and taking words on faith, we become vulnerable. Therefore, it seems to me that a certain amount of paranoia will not be superfluous. It will be better if we count and prepare for the situation (take all possible steps to minimize negative consequences) that Chinese or not-Chinese backdoors will be found in the Ledger's devices than if it turns out that we thought that everything was in order with this HW, but it contained backdoor, which caused us financial damage. All companies lie to protect their business interests and to increase their profits. When they get caught, they will lie about why they were lying. Even when they are not lying, they are intentionally withholding the truth or parts of the truth from their users to protect themselves and their profit margins. And yes, that goes for Ledger's biggest competitor as well.
But for some reason, when device manufacturers are discussed, Ledger turns out to be the champion among them in lies. This leads to some considerations about them and about what level of paranoia the users of their products should be. Their closest competitor is Trezor, which has been around for as long as Ledger, but their lies have not been as widely publicized.
|
|
|
|
n0nce
|
|
May 09, 2022, 10:52:03 AM Last edit: May 09, 2022, 11:26:23 AM by n0nce Merited by Pmalek (1), dkbit98 (1) |
|
Are you keeping money and keys for your money in monitors, mouses and chairs or not? My point was that the computer, laptop, or phone you are using was made in China including all of its hardware components. You connect your hardware wallet to this China-made blackbox, access your financial, private data, work-related data, etc. You have a choice to connect a hardware wallet without a secure element that has vulnerabilities, which those with a secure element don't have, or use one with a secure element, which is probably again manufactured in China and closed-source. And no one knows what it does. As of today, I think the chances of getting a computer virus that infect secure-element-less hardware wallets through USB and then extract your seed, are very slim. The main benefit of such a storage chip is still against physical attacks, since it's obviously trivial to read off of a memory chip on a PCB in- or out-of-circuit. One pretty big mitigation against this is using an airgapped hardware wallet instead. Of course, if you input your xpub into a wallet application on a compromised 'China-made blackbox', the xpub could be stolen through some CPU backdoor. It won't mean a loss of funds but it would hurt your privacy and anonymity. It's not true though that 'no one knows what it [secure element chip] does'. I noticed a few years ago, more sophisticated secure chips were more 'en vogue'; getting not only the task of secure storage but also being used for seed generation and such. These days, e.g. Foundation Passport, uses a more simple chip that just stores data and nothing else. The RNG is completely open-source on the PCB. But I digress; for life-changing amounts of money, always feel free to go more paranoid (I don't intend to discredit / discourage when using this word), roll dice, use minimal, open-source software that runs on a RISC-V CPU, and store everything on paper!
|
|
|
|
SFR10
Legendary
Offline
Activity: 3178
Merit: 3528
Crypto Swap Exchange
|
|
May 13, 2022, 03:24:56 PM |
|
While I was roaming around in their subreddit earlier, I noticed the following issues with the device in question: - Misaligned USB-C port - I'm not an expert on this field, but it seems that it wasn't soldered properly to the PCB and AFAIK, there's little to no chance of this happening from the shipping alone [CMIIW]!
- Boot problem
Minor issue:
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7538
Playgram - The Telegram Casino
|
|
May 14, 2022, 10:21:41 AM Last edit: November 12, 2023, 09:38:17 AM by Pmalek |
|
Ledger is Made in China and Assembled in France, nothing wrong with that, just be transparent about it. Posting this here although it's not related to Ledger but to Coldcard. It can still serve the purpose of proving how companies claim one thing, lie, and/or deliberately don't show the whole picture. So, the new Coldcard Mk4 is out and this is what the manufacturer says about it. " Made in Canada". I actually don't know if it is or isn't, but I doubt the hardware components are made in Canada. We already had that discussion when Ledger claimed something similarly. Just below that, there is a sentence that says, " Lovingly soldered in Toronto, Canada". Soldered and made in are two different concepts. The question is, where do they get their hardware components from that are then soldered onto the board in Toronto? Also from Canada or maybe China or some other country? https://coldcard.com/
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
m2017
Legendary
Offline
Activity: 1988
Merit: 1401
Playbet.io - Crypto Casino and Sportsbook
|
|
May 14, 2022, 10:53:04 AM |
|
Ledger is Made in China and Assembled in France, nothing wrong with that, just be transparent about it. Posting this here although it's not related to Ledger but to Coldcard. It can still serve the purpose of proving how companies claim one thing, lie, and/or deliberately don't show the whole picture. So, the new Coldcard Mk4 is out and this is what the manufacturer says about it. " Made in Canada". I actually don't know if it is or isn't, but I doubt the hardware components are made in Canada. We already had that discussion when Ledger claimed something similarly. Just below that, there is a sentence that says, " Lovingly soldered in Toronto, Canada". Soldered and made in are two different concepts. The question is, where do they get their hardware components from that are then soldered onto the board in Toronto? Also from Canada or maybe China or some other country? https://coldcard.com/"Made in Canada" should be taken as a marketing gimmick and ignored. And in general, it is better to distrust any loud statement of hardware manufacturers. Most often, this is aimed at drawing attention to their products and increasing sales. For the sake of profit, you can say anything. Each company is trying to "stick out" the nuances of their devices. A simple example, Ledger is "proud" of their closed source code and presents it as the best protection for hardware wallets. Trezor emphasizes open source, also trying to attract buyers, with the feature that it is safer. One way or another, each of these two companies is trying to convince us that it is their device that has the best protection in order to sell exactly their products. As I said, for a simple user, both options are the same: Perhaps this is a big weakness, but for the average user (most of them will be) it doesn't matter if the source code is open or closed, because he will not be able to read the code or changes to it. In the case of a closed source code, you will have to trust hardware wallet developers, and if the source code is open, then you need to trust independent developers and enthusiasts who check the code and changes. In both cases, ordinary users are forced to believe completely strangers. I think it looks like a religion. There, too, "users" can't check anything themselves and they can only "believe" in one or another confession.
Another important fact. People who buy HWs want to make a minimum of gestures: they bought a device, threw crypto into it, and use this device as needed. Will most of them follow the news and technical blogs where independent developers will post their research into the open source of HW? Even if a vulnerability is found in the code, such users will be the last to know about it after a long time, if at all they become aware of what happened. Until the balance on their device is reset. Therefore, I assume that from the position of an ordinary user, it doesn't matter to him which code is open or closed.
They are more interested in HW appearance and the impact of advertising.
Even if hardware wallets in Canada are produced entirely from their own components and assembled there, does this guarantee that there are no malicious programs in the devices? Of course not. Any "Made in Any Country in the World" device can have a backdoor regardless of the place of production. If you are worried that Coldcard says the device is "Made in Canada" but the components are from China, then this is just a marketing gimmick, nothing more. Such lies are found at every turn.
|
|
|
|
n0nce
|
Even if hardware wallets in Canada are produced entirely from their own components and assembled there, does this guarantee that there are no malicious programs in the devices? Of course not. Any "Made in Any Country in the World" device can have a backdoor regardless of the place of production.
If you are worried that Coldcard says the device is "Made in Canada" but the components are from China, then this is just a marketing gimmick, nothing more. Such lies are found at every turn.
He's not arguing that making a device in some country makes it more secure than another; but that they're being a little bit dishonest. For example, if you say 'Designed in California, Made in China' like Apple, you just state the facts. But claiming it was 'made' in XY and then arguing semantics ( 'technically, we made it here'), is a small sign of dishonesty. This, combined with other questionable statements and actions makes you wonder about the trustworthiness of the company and by extension the security of source code. I keep bringing up this company (while also criticizing what they're doing wrong), since they do a lot of good stuff: It's only assembled in the US, so it's the honest and right thing to do to write 'assembled' and not 'made'.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7538
Playgram - The Telegram Casino
|
|
May 15, 2022, 07:19:04 AM |
|
It's only assembled in the US, so it's the honest and right thing to do to write 'assembled' and not 'made'. I agree with you, but does it solve the underlying problem? Let us assume that China is manufacturing backdoored components that are part of hardware wallets, and 99% of all hardware parts are delivered from China. You now have hardware wallet vendors who claim two different things. One group says made in <insert country> and the other says assembled in <insert country>. The way they explain the manufacturing process doesn't change the fact they are using backdoored Chinese hardware (let's still assume they are backdoored). If the end-users loss their money to a backdoor, it makes no difference what the website and the wallets' official documentation claimed.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
May 17, 2022, 06:24:22 PM Merited by Pmalek (1), n0nce (1) |
|
Guys I think it's time to get back on Ledger Nano S Plus topic, and there are other topics for china/other hardware wallets I found several reviews for this model S plus, and I don't know how independent they are, but it's worth checking them out. There are some youtube videos avout S plus, but most of them are paid shillers so I don't consider them seriously enough. First review was made and updated on 11th May 2022, and it's good to remember that this device doesn't validate change addresses on the device itself, same like ledger nono X. https://privacypros.io/ledger/nano-s-plus-review/Second review was made in April and I like their comparison table, you can clearly see size comparison with older devices. https://www.laptopmag.com/reviews/ledger-nano-s-plusI keep seeing people report many issues with crazy behavior and glitches for model X, but there are no such reports for S plus model. Only thing I saw was dust and dirt below screen that can't be cleaned, and few people reporting restarting or shutdown issues with some coins, but nothing major so far.
|
|
|
|
n0nce
|
|
May 18, 2022, 12:06:21 AM |
|
It's only assembled in the US, so it's the honest and right thing to do to write 'assembled' and not 'made'. I agree with you, but does it solve the underlying problem? Let us assume that China is manufacturing backdoored components that are part of hardware wallets, and 99% of all hardware parts are delivered from China. You now have hardware wallet vendors who claim two different things. One group says made in <insert country> and the other says assembled in <insert country>. The way they explain the manufacturing process doesn't change the fact they are using backdoored Chinese hardware (let's still assume they are backdoored). If the end-users loss their money to a backdoor, it makes no difference what the website and the wallets' official documentation claimed. Maybe I'm just a person who takes special care about words, but to me it's clear that 'assembled' doesn't imply security benefits. I do like to see less overseas production (even if it's just assembly) since in theory it could help with supply chain issues / allow to be more independent and it preserves local jobs. If however someone claims the whole device is made in the US or EU, someone might actually think there's less risk of getting hacked on hardware level. There's also the aspect that the devices need to be flashed with a secret key to later be able to verify the authenticity of flashed firmwares and such. Since the assembly is in the US, this eliminates the risk that a Chinese bad actor forces the workers to flash a malicious key or otherwise compromises the security of the device software-wise. It's also a bit a matter of principle for me. As I said before, if someone claims 'made in EU', but it's just assembled there; how much trust can I have in their other claims? How can I trust they treat my customer data safely? How can I trust the source code is secure (especially if it's a wallet with closed source code)? ~ snip ~
Thanks for keeping us updated! Happy to see they are having less software issues finally...
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7538
Playgram - The Telegram Casino
|
|
May 18, 2022, 08:57:49 AM |
|
First review was made and updated on 11th May 2022, and it's good to remember that this device doesn't validate change addresses on the device itself, same like ledger nono X. You mean the change address is never displayed on the hardware wallet's screen? I never paid attention to that while transferring Bitcoin, but I think the Nano S also doesn't display the change addresses, does it? When you are working with Ledger Live, you don't even have access to change addresses. In Electrum, you see them when you construct your transaction, but you have to check yourself that it matches one of your change addresses from the Addressees tab. The on-screen verification is only for the receiving address and the fees.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
SFR10
Legendary
Offline
Activity: 3178
Merit: 3528
Crypto Swap Exchange
|
|
May 18, 2022, 12:29:12 PM |
|
it's good to remember that this device doesn't validate change addresses on the device itself, same like ledger nono X.
AFAICR, I haven't seen a hardware wallet that "directly" validates change addresses, so I guess that's the norm. I keep seeing people report many issues with crazy behavior and glitches for model X, but there are no such reports for S plus model. Only thing I saw was dust and dirt below screen that can't be cleaned, and few people reporting restarting or shutdown issues with some coins, but nothing major so far.
There was also a report about " boot problems" but for some reason, he/she deleted its content [here's the "archived" version]. Honestly, I'm a bit surprised at how much of a difference it has made when they took the battery [and the Bluetooth] out of the equation.
|
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
May 18, 2022, 01:12:17 PM |
|
AFAICR, I haven't seen a hardware wallet that "directly" validates change addresses, so I guess that's the norm.
If I am not mistaken, this only applies for ledger and trezor devices, that is why they are very bad when used in multisig setup, because you can't even verify receiving address in multisig setup for ledger. I think that Bitbox02 and Keystone don't have this flaw, but I am not sure for other hardware wallets... maybe someone can check how it works for them. This could be interesting discussion for some new topic, and it needs more research and investigation.
|
|
|
|
n0nce
|
AFAICR, I haven't seen a hardware wallet that "directly" validates change addresses, so I guess that's the norm.
If I am not mistaken, this only applies for ledger and trezor devices, that is why they are very bad when used in multisig setup, because you can't even verify receiving address in multisig setup for ledger. I think that Bitbox02 and Keystone don't have this flaw, but I am not sure for other hardware wallets... maybe someone can check how it works for them. This could be interesting discussion for some new topic, and it needs more research and investigation. I just checked for Passport (not to shill it again; it's just what I have handy right now and most of the time); it has a screen with amount and destination, another with change amount and change address and on a third screen, it shows the total network fee. After passing those 3 screens, you can sign it and get the moving, resizable QR codes to scan back into phone / laptop / whatever. Since you mention BitBox02, if memory serves correct, it also shows change address and change amount.
|
|
|
|
satscraper
|
|
June 20, 2022, 03:07:03 PM Last edit: June 20, 2022, 03:29:07 PM by satscraper |
|
Just bought new device. Being plugged with original cable it hasn't shown any sign of life that disappointed me for a couple of minutes. Then I have tried the different cable from my mobile and, lo and behold, it came to life! Nevertheless there are some surprises for me. Ledger Life has indicated that firmware of the device is outdated but it doesn't allow me to upgrade it. Why? More of that, it said that 2.43.1 version is available but the latest release on the official github is 2.42.0. Why?
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
SFR10
Legendary
Offline
Activity: 3178
Merit: 3528
Crypto Swap Exchange
|
|
June 20, 2022, 05:37:26 PM |
|
Just bought new device. Being plugged with original cable it hasn't shown any sign of life that disappointed me for a couple of minutes. Then I have tried the different cable from my mobile and, lo and behold, it came to life!
IIRC, someone else also reported that issue on their subreddit last week, but I'm curious to know if the following issue also applies to you: Ledger Wallet won't connect to anything besides Ledger Live- Don't forget to verify them first!Ledger Life has indicated that firmware of the device is outdated but it doesn't allow me to upgrade it. Why?
I'm not a LL user, but have you tried downloading it directly from their website? More of that, it said that 2.43.1 version is available but the latest release on the official github is 2.42.0. Why?
You're probably viewing the " deprecated" one! - There's a "new" one but at the moment, it doesn't have anything in it.
|
|
|
|
|