Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities

[HeRetiK]

The CTO just shared this on Twitter. Ledger's open source roadmap:



Your thoughts?

Sooo... where are we on this roadmap? I was promised some blog posts.

Did I miss the blog posts?

Or did they just a slap some random bullshit timeline together with no intention of sticking even to the bare minimum?

It's almost as if they've quietly moved on from that matter...

[1714205137]

1714205137

[1714205137]

1714205137

[1714205137]

1714205137

[1714205137]

1714205137

[1714205137]

1714205137

[1714205137]

1714205137

[Pmalek]

Sooo... where are we on this roadmap? I was promised some blog posts.

Did I miss the blog posts?

Good point. My guess is that they have put everything on hold for the time being. Ledger Recover has not received the reception they anticipated, and now they have to figure out how to re-introduce it with as little damage as possible to their company and future profits. Good luck with that Ledger...

[m2017]

~snip

The roadmap doesn't specify a time frame for each phase. The start of a new phase could happen tomorrow (no, definitely not) or sometime later (until users completely forget about it). Vague dates, wording, promises - all this suggests that the role of the pseudo-roadmap is a distraction and a way to make the user calm down, stop fanning the fire of discontent and anger at the recovery function. It seems that Ledger succeeded. People got angry and quieted down.

The roadmap picture has done its job, now the obligations to fulfill the promised can be abandoned and forgotten. Does anyone still believe liars after they have repeatedly lied to?

~snip

That's right, they will have a second attempt to push through and impose a recovery function on users, which the ledger will definitely take advantage of. Sooner or later, they will do what they intended, as soon as they process and prepare users for blind acceptance.

[Pmalek]

The roadmap doesn't specify a time frame for each phase. The start of a new phase could happen tomorrow (no, definitely not) or sometime later (until users completely forget about it).

There are no exact dates, but the way it was written suggests that we should already be somewhere between phase #2 and #3 if everything went according to plan. A few days after the roadmap announcement, they were supposed to release a Ledger Recover whitepaper and technical posts explaining the Recover feature. And a few weeks after that, parts of their Recover framework was supposed to become open-source. Etc., etc.,. It's just a waiting game now.

[o_e_l_e_o]

Did I miss the blog posts?

The only blog post they have made since this was shared 18 days ago (which is far more than "In the coming days" implies), is this one: https://www.ledger.com/blog/ledger-live-expands-cosmos-support-with-xprt-nom-qck-coins

Shows you exactly where their priorities lie. Instead of actually addressing this mess, they focus instead on implementing more shitcoins and staking to drive more profits for themselves.

Security is so boring! Shitcoins are the real important stuff!

 

[John Abraham]

It is even worse when they are paying $9.99 for it...

I won't mind having a Ledger hardware wallet if they pay me $9.99 monthly for the next 20 months  . I will share my seed phrase with them, but I won't share my identity. I mean, this is not a bad business Idea. I can buy a ledger nano x for $149 at my place, and if I get $10 monthly for the next 20 months, I will have $50 in profits after 20 months. Sounds great. I won't pay them a single penny even if they offer me a free hardware wallet right now. Sometimes companies ruin their user's trust, and it's impossible to build again.

Security is so boring! Shitcoins are the real important stuff!

All they want is to make money. They were criticized after the 3rd party seed phrase drama. But does anybody see any comment from them about this matter? The only thing I found is this; Pascal Gauthier, Ledger’s CEO and chairman, pushed back against the critiques on Twitter.

“Backdoor would mean that we control all ledger devices and could run automated updates for example… That’s not the case. Will never be the case. Only you can use functions on your ledger. No one else can enter your pin code and press those buttons…”^[1]

However, CZ criticized them as well ^[2]

[1] https://dailyhodl.com/2023/05/18/crypto-hardware-wallet-ledger-responds-to-criticism-of-new-id-based-seed-phrase-recovery-solution/
[2] https://twitter.com/cz_binance/status/1658453341339283457

[RickDeckard]

Shows you exactly where their priorities lie. Instead of actually addressing this mess, they focus instead on implementing more shitcoins and staking to drive more profits for themselves.

Whenever I search for "Recover" in either r/ledgerwaller or in Twitter, I'm seeing less and less people asking/talking about it. On the other hand, there are tons of questions regarding when will shitcoin be implemented or why are they unable to trade their shitcoins. They currently don't need to rush the deliverable of their roadmap simply because most of their clients have forgotten that this issue ever started with. And the few that still care are a minority. I just hope that part of this "lack of discussion" is also due to the fact that some clients totally jumped out of that burning ship to other open-sourced wallets.

Security is so boring! Shitcoins are the real important stuff!

All they want is to make money. They were criticized after the 3rd party seed phrase drama. But does anybody see any comment from them about this matter? The only thing I found is this; Pascal Gauthier, Ledger’s CEO and chairman, pushed back against the critiques on Twitter.

This thread has a ton of information and statements from almost every high-level person in Ledger (namely CTO and their CEO) regarding their vision of the product. I think the last mention of this mess was this[1] french interview that the CTO gave.
[1]https://www.thebigwhale.io/article/charles-guillemet-ledger-la-peur-autour-de-ledger-recover-est-totalement-irrationnelle

[Lucius]

However, CZ criticized them as well

He should keep his mouth shut and worry about how he will save his company, and after all, it is hypocritical of him to criticize any HW at all, because what he really wants is for everyone to use his CEX as a storage wallet. In fact, there is no difference between what Pascal thinks about Ledger HW users and what CZ thinks about the majority of those who own cryptocurrencies.

Binance chief Changpeng "CZ" Zhao has suggested users are more likely to lose crypto by holding it in a cold wallet than by putting it on a centralized exchange.
“For most people, for 99% of people today, asking them to hold crypto on their own, they will end up losing it,” he said in a Twitter Space discussion held on Wednesday.

[HeRetiK]

Shows you exactly where their priorities lie. Instead of actually addressing this mess, they focus instead on implementing more shitcoins and staking to drive more profits for themselves.

Security is so boring! Shitcoins are the real important stuff!

The sad thing is, it works. Turns out they really do know their target audience. I guess crypto is in a pretty cursed state right now -- too niche for everyday use, too mainstream for the crypto-literate people to stay in the majority.

“Backdoor would mean that we control all ledger devices and could run automated updates for example… That’s not the case. Will never be the case. Only you can use functions on your ledger. No one else can enter your pin code and press those buttons…”

inb4 the introduction of Ledger Autopilot™ -- Keep your hardware wallet automatically updated without any hassle for just $19.99,- a month!*

*subscription fee withdrawn automatically for your convenience

[Cricktor]

We can complain and yell at Ledger in our ivory tower of knowledge and understanding of hardware wallets. We aren't the target users for Ledger, Paris with their opaque "you have to trust us" firmware. It's been said before, Ledger has good marketing and established a mantra that their obscurity model is something good, at least to an audience and user base who is too lazy to learn or understand the basics.

Ledger provoced a shitstorm and does now the sole thing they do well, a lot of bullshit marketing and throwing fog candles to blind the masses. Their eulogy and "dedication" for open-source is a joke and double slap in the face. Their timeline is pure bullshit and fog-in-the-air to delude and calm down opposers.

If someone still thinks the user has everything under control with the buttons on your Ledger NoNo, well good luck with your illusion. You might now have the control, but that must not be the case in the future when Ledger Live nags you to perform a firmware update or nothing will work until you obey.
The opaque firmware controls the MCU and secure element, the MCU controls the display and the buttons AND communicates with the secure element. The hardware buttons aren't wired directly in any way to the secure element where most important magic happens. The secure element runs firmware under control of Ledger and does only what the MCU tells the secure element to execute. The firmware is a black box and Ledger can program whatever they like. That is mostly the reality of Ledger f***ing NoNos. And if Ledger users would put a few brain cells together they could've know this even before the Recovery service debacle. Oh, wait, "You have to trust us"-Ledger lied all the time... too bad.

inb4 the introduction of Ledger Autopilot™ -- Keep your hardware wallet automatically updated without any hassle for just $19.99,- a month!*

*subscription fee withdrawn automatically for your convenience

Don't give 'em ideas. Or paid Ledger Live & firmware updates. Or new Ledger NoNo Rec(t) for a symbolic single figure price but with mandatory Recovery service paid monthly^* (I reuse your starred legend, hehe)

[RickDeckard]

The CTO just shared this on Twitter. Ledger's open source roadmap:



Your thoughts?

This roadmap is just laughable at this point. I don't know the concept that they have for "in the coming days" regarding releasing the Whitepaper of this procedure, but I'm sure I'm not the only one thinking that "days" would mean that something would be released rather quickly. Soon this tweet will celebrate its 3rd birthday and so far nothing has been released concerning Ledger Recover (other than the FAQ). The posture changed as well, specifically from Ledger Co-Funder (u/btchip), shifting from "we have to act quickly" to "it'll be posted here when it's available"[1]. Outraging how they keep treating their customers.
[1]https://safereddit.com/r/ledgerwallet/comments/1464ocs/my_post_was_removed_for_some_reason/jnpgckh/

[Wind_FURY]

Is it possible that if a user has enabled the recovery feature, and has his/her data held by a third party, then it's probable that a government entity could issue a written order telling the third party to give them access to then user's coins/savings?

Yes, absolutely. The Ledger co-founder stated as much here:

If you are a Recover user and have your shard into safeguarded by third parties, then yes, a government could subpoeana them and get access to your funds

Ledger also admit it here (under Data & Privacy at the bottom of the page):

Coincover will never pass your information to a third-party unless it has a legal obligation to do so. For example, law enforcement agencies often have extensive criminal investigation powers including the ability to obtain production orders requiring information to be produced. It may result in a criminal offense for any entity supporting Ledger Recover to fail to comply with a production order, but Coincover would always take all reasonable steps to verify a production order before complying with it.

OK, another shower thought. Would third parties know if I have my real wallet secured behind a passphrase? To illustrate, what if I enable Ledger's recovery feature and make that my "fake wallet", but the real wallet is the wallet that uses the same seed phrase BUT hidden behind a passphrase.

It could be useful if you need a wallet to use for plausible deniability.

 

[o_e_l_e_o]

Would third parties know if I have my real wallet secured behind a passphrase?

Here is what Ledger say on the issue:

The Ledger Recover service, if used, does not backup your passphrase.

So in theory, no, the third parties would not know if you are using one or more passphrases. But this all depends on whether you trust what Ledger are saying, since I'm sure there will be zero way for the user to actually verify this.

[witcher_sense]

Would third parties know if I have my real wallet secured behind a passphrase?

Here is what Ledger say on the issue:

The Ledger Recover service, if used, does not backup your passphrase.

So in theory, no, the third parties would not know if you are using one or more passphrases. But this all depends on whether you trust what Ledger are saying, since I'm sure there will be zero way for the user to actually verify this.

When setting up a passphrase for your Ledger hardware wallet, you basically have two options: insert a passphrase every time you want to get access to "hidden" wallets or attach it to a PIN code, meaning that your passphrase will be recorded somewhere in a hardware wallet's memory and may be extracted and used after a PIN code was entered. In other words, Ledger adds a "Remember me" button for passphrases that essentially negates all the benefits of "25th word" and hidden wallets by making them publicly available for anyone knowing a short PIN code. Given that the Recovery feature doesn't make sense in cases where a user has set up a passphrase since a seed phrase alone is insufficient to get access to coins, it would make sense for Ledger developers to include a passphrase into this encrypted transfer scheme, especially considering the fact that it is equally important for a successful recovery and already sitting in a device's memory. Ledger developers could have issued malicious firmware stealing users' seed phrases and passphrases, but finally decided it would be more beneficial to create a service that people subscribe to and share private keys and identity information with absolutely voluntarily.

More information:

https://support.ledger.com/hc/en-us/articles/4983095135261-How-to-recover-your-passphrase-accounts-?support=true
https://support.ledger.com/hc/en-us/articles/115005214529-How-to-set-up-a-passphrase-?docs=true
https://m.youtube.com/watch?v=8jiqFYFi698

[Wind_FURY]

Would third parties know if I have my real wallet secured behind a passphrase?

Here is what Ledger say on the issue:

The Ledger Recover service, if used, does not backup your passphrase.

So in theory, no, the third parties would not know if you are using one or more passphrases. But this all depends on whether you trust what Ledger are saying, since I'm sure there will be zero way for the user to actually verify this.

When setting up a passphrase for your Ledger hardware wallet, you basically have two options: insert a passphrase every time you want to get access to "hidden" wallets or attach it to a PIN code, meaning that your passphrase will be recorded somewhere in a hardware wallet's memory and may be extracted and used after a PIN code was entered. In other words, Ledger adds a "Remember me" button for passphrases that essentially negates all the benefits of "25th word" and hidden wallets by making them publicly available for anyone knowing a short PIN code. Given that the Recovery feature doesn't make sense in cases where a user has set up a passphrase since a seed phrase alone is insufficient to get access to coins, it would make sense for Ledger developers to include a passphrase into this encrypted transfer scheme, especially considering the fact that it is equally important for a successful recovery and already sitting in a device's memory. Ledger developers could have issued malicious firmware stealing users' seed phrases and passphrases, but finally decided it would be more beneficial to create a service that people subscribe to and share private keys and identity information with absolutely voluntarily.

More information:

https://support.ledger.com/hc/en-us/articles/4983095135261-How-to-recover-your-passphrase-accounts-?support=true
https://support.ledger.com/hc/en-us/articles/115005214529-How-to-set-up-a-passphrase-?docs=true
https://m.youtube.com/watch?v=8jiqFYFi698

Please ELI5. What I have learned is that the added passphrase, or the "25th seed word", is a feature all BIP-39 compliant wallets have that generates a new set of keys. It's doesn't matter if the user owns/uses a Trezor, a Ledger, or any kind of hardware or software wallet. If the user enters his 24 seeds + his passphrase, the output will always be his/her "hidden wallet". Are you saying it's not?

[Cricktor]

You basically throw your mnemonic words in a sanitized form together with the string "mnemonic" and an optional mnemonic passphrase (trailing space(s) matter!, I wouldn't speak of it as a 25th word because it's not necessarily a single word, contrary to the 12, 15, 18, 21 or 24 single mnemonic seed words) into a 2048 rounds of PBKDF2 with HMAC-SHA512 to get 64 bytes which are then further mangled in the so called BIP32 Root Key Derivation. See here: https://learnmeabitcoin.com/technical/mnemonic#mnemonic-to-seed

From a fixed set of mnemonic seed words any optional mnemonic passphrase gives an individual and unique wallet, there's no right or wrong like with a password or so. If you make a mistake in the optional mnemonic passphrase you get an empty wallet, if you get it right, you get your "hidden" wallet with your coins if you have transfered some coins on this "hidden" wallet's addresses.

[NotATether]

Please ELI5. What I have learned is that the added passphrase, or the "25th seed word", is a feature all BIP-39 compliant wallets have that generates a new set of keys. It's doesn't matter if the user owns/uses a Trezor, a Ledger, or any kind of hardware or software wallet. If the user enters his 24 seeds + his passphrase, the output will always be his/her "hidden wallet". Are you saying it's not?

The "25th word" is a misnomer like the "13th word" for 12-word mnemonics and it usually used to mean the password that is used alongside a BIP39 mnemonic to derive the master public key.

By using a PIN to encrypt the BIP39 password, it reduces the security of said password to the strength of the PIN, especially since most PINs are short sequences of numbers.

BTW: This whole "Open Source Roadmap" is missing one important entry: To open-source the entire Ledger firmware!

[witcher_sense]

Please ELI5. What I have learned is that the added passphrase, or the "25th seed word", is a feature all BIP-39 compliant wallets have that generates a new set of keys. It's doesn't matter if the user owns/uses a Trezor, a Ledger, or any kind of hardware or software wallet. If the user enters his 24 seeds + his passphrase, the output will always be his/her "hidden wallet". Are you saying it's not?

No, I wasn't saying you won't be able to recover your hidden wallet in some other wallet software. I am saying Ledger tries to make passphrases less secure and more user-friendly, which, together with the announced Recovery service, is going to make a hardware wallet no better than a regular hot wallet. Passphrases should be kept separately both from the seed phrase and a hardware wallet itself: that's a rule that should be followed regardless of proficiency in security matters. Ledger relies too much on encryption and third parties not breaking trust and not sharing user data with unwanted entities, but we all know that the former will not protect if the decryption key is revealed, and the latter just goes against Bitcoin principles themselves.

[LoyceV]

~ Ledger developers could have issued malicious firmware stealing users' seed phrases and passphrases, but finally decided it would be more beneficial to create a service that people subscribe to and share private keys and identity information with absolutely voluntarily.

"Could have"? Why not both? We have no way of checking anyway!

I am saying Ledger tries to make passphrases less secure and more user-friendly, which, together with the announced Recovery service, is going to make a hardware wallet no better than a regular hot wallet.

I'd say it's worse than a hot wallet: I use several different hot wallets (for small amounts), and I'd never use Ledger's "pay us to give us your seed phrase" scheme.

[witcher_sense]

"Could have"? Why not both? We have no way of checking anyway!

Ledger has successfully blurred the line between malicious and "harmless" updates: both can now be used to extract seed words along with passphrases directly from a hardware wallet and in both cases, you are paying a price. Naturally, they could have stolen users' funds directly via Ledger Live malicious update, but it would break a continuous flow of income, which they strive to.

I'd say it's worse than a hot wallet: I use several different hot wallets (for small amounts), and I'd never use Ledger's "pay us to give us your seed phrase" scheme.

It is worse not only because of the services it offers but also because of implementation details and design decisions that imply keeping all eggs in one basket: anyone having physical access to a device will have all the information needed to steal the funds, anyone who has remote access to your device (like trusted third parties offering Recovery service) will also have everything. Curiously, they can reconstruct the history of your transactions and hand over it directly to IRS and other government entities without your permission.