Guest Posted November 19, 2017 Share Posted November 19, 2017 @JoelKatz @nikb and the Rest of Ripple, I had planned to do a more informed investigation of the Nano S, but this is your problem. The problem in general, is that Ripple no longer has a hardware wallet, and to a large degree this should fall into the lap of Ripple and not the pseudo-developers at Ledger Wallet... after all, it is the clients of Ripple that will experience the problem. Observations: Nano S - Ripple implementation does not conform to the security model, that Ledger Wallet has defined using secure Chrome and Chrome Apps. I could say more, but you guys know by now what the issues are. The real question is... why? Who pushed for a quick implementation? Nano S - Ripple implementation has SIMPLE bugs that even a co-op would find, which leads me to conclude that Ledger Wallet is not testing. Specifically, when the Ripple software (and it is Ripple because it uses Ripple-Lib) is installed on Windows 10 (I reproduced this on two machines, not clean machines) does not detect the Nano S USB device, while Bitcoin and Ethereum apps do. the Ledger Wallet implementation for Ripple does not used a signed and therefore trusted installer. Why? If I were going to hack this device, I would look at the communications between the Ripple Native Windows app, and the Chrome Ledger Manager app. I mention this because, it appears to me, that the implementation was rushed. I refer to this as quick and dirty. The question, at a future date, may be raised as to which company pushed for the quick and dirty implementation. Like the BitGo software, the Ledger Wallet software sucks. Lastly, only the desperate would choose a hardware device with 9x5 pixel characters at a resolution of teeny-tiny. The guys at Ledger Wallet are twits. -- So to you folks on the forum, many of you will be saying... it works for me... no problem. That is not the issue, at ten (10) miles high you can not see much of what is happening internally. The points here are two (2): if Ledger Wallet can not find and fix the easy problems, then they will not find the nuanced problems. Ledger Wallets know that there are problems, in fact, they knew in August that there was a Ripple USB device detection problem, but have done nothing. See Reddit. if the Ledger Wallets can be compromised, then as John McAfee says, you will not know until, one morning when the price of Ripple is 5$ and then a bunch of Nano S devices lose funds. The point here is that a hacker will go for maximum return. Very disappointing... again. -- If Ledger Wallet does not fix this, I will write a more detailed version of this problem for Medium.com platform. Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now