Jump to content

Wallet Software is Deemed to be Insecure


Recommended Posts

Hmm... no wonder... after the dismal implementations that are now associated with Ripple... BitGo and Ledger Wallet Ripple on Nano S. Of course, the other cryptos are in good company. My compliant with Ripple, is that either they should have known better or, after it is brought to their corporate attention they need to deal with it.

This will make for interesting reading:





It should be a requirement for the Ripple Network... that attached 'entities' should be network certified and remain compliant with each release. I would think it is Ripple's responsibility to put testing into practice before it is required to... by Regulatory bodies. 

Edited by Guest
Link to comment
Share on other sites

Oh, if you search for Max and Nano S, you will see that an unhappy Max Entropy discovered a bug that was reproducible on two (2) Windows 10 machines. One new and one older machine. When I investigated further... I found a security violation that makes no sense other than a 'quick and dirty' implementation of the Ripple for Ledger Wallet software. Specifically, the Ripple implementation is outside the security model, which Ledger Wallet folks use for Bitcoin and Ethereum. Yuck.

Somewhat relatedly, I also discovered when attempting to use the BitGo software on iOS, (iPhone and iPad) on two (2) sets of each, a bug that clearly BitGo had not tested for. Shoddy work for a company that claims to be a security company.

I had a heated exchange with Ripple people, about the issue... Ripple however, did not speak directly to the issues, I raised. I expect this is for legal reasons. 

I would like Ripple to:

  • take their role in the crypto space, more seriously, if they are going to target institutional banking and corporates
  • this involves ensuring I do not find their stupid bugs first

The issue with bugs... is that all software has bugs, so if you find some, then there are others you will not have found and neither will the company issuing the software.


Link to comment
Share on other sites

I include them... because I have found bugs/issues... issues that are not fixed AND are security related. I have no desire to find Ripple related network product bugs. Network operators should be ensuring that attached products pass certification. I now advocate for Network Product Certification for Ripple Networks. Sure... people in Ripple will be unhappy with yet another work activity. But it makes sense. All critical network operators do this... and so does Apple AppStore, to better filter out product implementations that do not meet published guidelines/requirements.

The Ledger Wallet for Ripple implementation should never have existed in the first place. 

Link to comment
Share on other sites

Max STOP trolling and writing generic comments. You don't sound like a tech expert at all. You must be one of those that complain regularly on app stores, "I can't login to the app, this app is so buggy! Scam!" LMAO. If you have issues with the Ledger Nano S and can't get it to work, contact Ledger support. And no there isn't any major security issues with the Nano S. Post on the Ledger Wallet Reddit if you are so concerned.

Link to comment
Share on other sites

I don't really see any point in having Ripple Inc. as a "certifier" for wallet software. From a quick glance the Ledger Nano S wallet seems to have other issues than I expected - e.g. it does not seem to be able to move non-XRP balances at all. Also it seems quite half finished at most and has no active development going on.

It will be probably a tough wake up call once the first hardware wallets start failing and people will try to recover their funds by importing their "secret" in a different walllet: https://github.com/LedgerHQ/ledger-wallet-ripple/issues/5

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...