Can anyone confirm if there is RBF (replace-be-fee) in Ledger Live?

[Forsyth Jones]

I know that Ledger's reputation is practically burned in this forum (and with good reason), I'm sorry for opening a topic like this, I also haven't used Ledger for 01 year to sign a single transaction.

I have a friend who owns Ledger and asked me this, I couldn't find any concrete information anywhere about the possibility of replace-be-fee in Ledger Live.

[Charles-Tim]

The last time I found out about it when I was making replace-by-fee topic on this forum, Ledger Live did not support replace-by-fee. But you can connect Ledger Nano wallet to Electrum or wallet that is supporting replace-by-fee for making transaction. Such transaction will likely support replace-by-fee. I mean the transaction you make on Electrum with it.

[PX-Z]

I have a friend who owns Ledger and asked me this, I couldn't find any concrete information anywhere about the possibility of replace-be-fee in Ledger Live.

The last time I found out about it when I was making replace-by-fee topic on this forum, Ledger Live did not support replace-by-fee.

I saw it here^[1], it is enabled by default on Ledger Live, but instead of RBF button, it is called "Boost" button that can change the fees of the selected transaction in the Ledger Live app.

@OP Besides electrum mentioned already, you can use any wallet supported by RBF and it will work too once connected to Ledger HW.

Edit: I might be wrong though, there's no RBF mentioned on the supprt page of Ledger.

[1] https://ledger-enterprise-help-center.redoc.ly/developer-portal/content/transactions/replace_by_fee/.

[Charles-Tim]

I have a friend who owns Ledger and asked me this, I couldn't find any concrete information anywhere about the possibility of replace-be-fee in Ledger Live.

The last time I found out about it when I was making replace-by-fee topic on this forum, Ledger Live did not support replace-by-fee.

I saw it here^[1], it is enabled by default on Ledger Live, but instead of RBF button, it is called "Boost" button that can change the fees of the selected transaction in the Ledger Live app.

@OP Besides electrum mentioned already, you can use any wallet supported by RBF and it will work too once connected to Ledger HW.

[1] https://ledger-enterprise-help-center.redoc.ly/developer-portal/content/transactions/replace_by_fee/.

That means the updated version of the Ledger Live has to be used. That article is just 2 months old which could likely be when Ledger Lives started to support replace-by-fee. So far Ledger Live is open source, I might add it to lists of open source wallets that support RBF. Or maybe I might not because the wallet secure element is close source. Let me ask people there for their opinion about it.

[Forsyth Jones]

That means the updated version of the Ledger Live has to be used. That article is just 2 months old which could likely be when Ledger Lives started to support replace-by-fee. So far Ledger Live is open source, I might add it to lists of open source wallets that support RBF. Or maybe I might not because the wallet secure element is close source. Let me ask people there for their opinion about it.

I heard that Ledger has open source elements, such as Ledger Live, but the secure element is closed source. Since it's closed source, we cannot be 100% sure that it does what it does. It would be great if Ledger did the same as Trezor, which also started using a secure element, but an open source one, but they went in a different direction.

However, Ledger's secure element is tested by several security experts and specialized companies. But even so, if they want to clear their name in the market, wouldn't it be easier to migrate to an open source chip?

[PX-Z]

However, Ledger's secure element is tested by several security experts and specialized companies. But even so, if they want to clear their name in the market, wouldn't it be easier to migrate to an open source chip?

They are hiding something, probably a confidential one due to business secret source. Good thing Trezor founded the very first HW in the space which give them reputation and it last due to being open-source of the product, so far that decision make them highly reputable in the industry.

[examplens]

I have one transaction from 7 months ago made from Ledger Live. Now I can't say exactly which version of the application was in question, I think I've updated at least once since then.
Judging by mempool.space, RBF was included.

[dkbit98]

I would not use ledger at all, but if there is no other choice than I would use it only with third party wallets like Electrum or Sparrow that have full RB support.

However, Ledger's secure element is tested by several security experts and specialized companies. But even so, if they want to clear their name in the market, wouldn't it be easier to migrate to an open source chip?

Even if they wanted to do it, and they won't, there won't be much options to do that.
There are basically no fully open source secure elements, and best we can get right now is what Trezor is doing with Infineon OPTIGA Trust M.
For this chip code was released in public github page and developers can see and inspect the code.

[Forsyth Jones]

-

For me, having a secure element chip or not doesn't make much difference, the main requirement is that the wallet is open source or available for public consultation.

However, a wallet without a secure element is more vulnerable to physical attacks such as PIN/password cracking, because as far as I know, one of the functions of the secure element is to protect/encrypt this information, but if a HW has a passphrase (preferably a good passphrase), it becomes impossible to discover a hidden wallet generated by this passphrase on devices with or without a secure element.

A good example of a good hardware wallet but without a secure element is the JADE Blockstream.

[Pmalek]

I heard that Ledger has open source elements, such as Ledger Live, but the secure element is closed source. Since it's closed source, we cannot be 100% sure that it does what it does. It would be great if Ledger did the same as Trezor, which also started using a secure element, but an open source one, but they went in a different direction.

Trezor's secure element isn't open-source. There is no open-source SE chip on the market. The underlying software framework that powers Trezor's SE is open-source. It's better than what Ledger is doing because Ledger also has closed-source firmware. Trezor's agreement with the chip manufacturer allows them to publicly disclose and discuss any vulnerabilities they find in the SE. That's one big difference between that chip and the rest because companies usually have to sign NDAs. Even the new Tropic Square secure element that Trezor is developing won't be 100% open-source. It should be more open-source that what is currently on the market, though.