Is Ledger Safe? with CTO, Charles Guillemet

9 snips

May 17, 2023

Charles Guillemet, the Chief Security Officer at Ledger with a decade of experience in cryptography, dives into the intricacies of Ledger's newly introduced Recover feature. He explains its functionality and discusses the implications for user security and trust. Charles addresses concerns about firmware revealing private keys and emphasizes the importance of user consent. The conversation highlights the balance between innovation and self-sovereignty in the crypto space, inviting listeners to evaluate their own security in managing digital assets.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Ledger Recover Goals

Ledger Recover aims to simplify self-custody, bridging the gap for less tech-savvy users.
It offers a trade-off: slightly less sovereignty for increased accessibility.

INSIGHT

Ledger Architecture

A Ledger device consists of a secure element (inner box) within the main device (outer box).
The secure element, containing the private key, can be updated via firmware, requiring user consent.

INSIGHT

Firmware Update Concerns

Ledger's firmware updates have always been possible, but this particular update highlights a potential attack vector.
A compromised firmware update could theoretically compromise all Ledger devices.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Ledger has been the center of attention since the announcement of their new “Recover” feature which has brought into question how secure our Ledger devices actually are.

Charles joins us to walk through how exactly this recover feature functions, breaking down how a Ledger actually functions, and possible paths moving forward.

------ 📣 CONSENSYS | DILIGENCE FUZZING https://bankless.cc/diligence-fuzzing-pod

------ 🚀 Airdrop Alpha is waiting for you on Bankless.com https://bankless.cc/Alpha

------ BANKLESS SPONSOR TOOLS:

🐙KRAKEN | MOST-TRUSTED CRYPTO EXCHANGE https://k.xyz/bankless-pod-q2

🦊METAMASK LEARN | HELPFUL WEB3 RESOURCE https://bankless.cc/MetaMask

👾STADER LABS | ETHX LIQUID STAKING https://bankless.cc/Stader

⚖️ ARBITRUM | SCALING ETHEREUM https://bankless.cc/Arbitrum

🗣️TOKU | CRYPTO EMPLOYMENT SOLUTION https://bankless.cc/Toku

🎮IMMUTABLE | GAMING ECOSYSTEM https://bankless.cc/Immutable

🛞MANTLE | MODULAR LAYER 2 NETWORK https://bankless.cc/Mantle

------ Topics Covered

0:00 Intro 6:21 Ledger's Recover Service Overview 18:40 Is Ledger Recover Forced or Opt-In? 23:07 Dissecting a Ledger Device 29:41 Can Firmware Reveal Private Keys? 36:54 A Social Contract With Ledger 42:31 Assurance Of No Back Door 51:16 2-Part Firmware Solution? 57:42 Will Ledger Forget About Us? 1:02:46 Closing and Disclaimers

——— Resources:

Charles https://twitter.com/P3b7_

Ledger https://twitter.com/ledger

---- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://www.bankless.com/disclosures