Jump to content
workerX

Spectre / Meltdown

Recommended Posts

Hi,

I am not an scientist, but what I have seen until now regarding the latest CPU bugs especially the spectre bug this is really scary. 

I think the crypto world will be widely affected very soon. What do you think and how do you protect yourself?

Share this post


Link to post
Share on other sites

Yep, this could be a big issue. All operating systems have supposedly issued patches to this, but because this is a hardware bug there is a belief that they can't patch this completely. I'm basically a HODLer, so private keys never touch my online computer, but I do a small amount of trading using software wallets. I'm going to be restricting this activity and maybe looking at getting a hardware wallet...something I haven't been inclined to do. I'm not convinced of the security of hardware wallets, either. Face it, crypto is the jungle.

Share this post


Link to post
Share on other sites
Just now, Trippy said:

Yep, this could be a big issue. All operating systems have supposedly issued patches to this, but because this is a hardware bug there is a belief that they can't patch this completely. I'm basically a HODLer, so private keys never touch my online computer, but I do a small amount of trading using software wallets. I'm going to be restricting this activity and maybe looking at getting a hardware wallet...something I haven't been inclined to do. I'm not convinced of the security of hardware wallets, either. Face it, crypto is the jungle.

Ledger France has assured everyone that their wallets are not affected. 

Share this post


Link to post
Share on other sites
Just now, Khaleesi said:

Ledger France has assured everyone that their wallets are not affected. 

Based on what I heard of the bug, they can't make this assurance.

Share this post


Link to post
Share on other sites
32 minutes ago, Khaleesi said:

Take it up with Ledger France then...based on what you heard

https://www.ledger.fr/2018/01/04/meltdown-spectre-attacks-intel-amd-arm-risk/

Sorry, a bit offtopic: there are various claims on this board that holdings disappeared from Nanos. Has anyone ever heard of a confirmed issue when it wasn't due to user error?

Share this post


Link to post
Share on other sites

I just got my Nano Ledger S yesterday, and after reading the above link, I'm glad that I did.  My question would be, how secure/safe is the Ripple wallet that I'll have to run in order to store anything on my Ledger - if that's the way all this even works - I'm learning as I go and feel woefully "uneducated"

 

Share this post


Link to post
Share on other sites

The Ledger Nano S is basically a sandbox. It holds your secret key. It is only a device to keep your secret key private. It never goes out. The sandbox does not allow to be accessed without the pin by design. The only information going back and forth are transaction related where the transactions are already signed. Nobody can reverse engineer secret keys from signed transactions which is also by design. I am not sure but I can imagine the device does not even use an intel chip. This as well would make all your concerns invalid. Your coins are always held on the public network and nobody can guess your secret key. Nobody can ever access it because it does not leave the device you hold in your hand. The thing that can happen though us that you write your recovery pass phrases somewhere in digital form where it can be stolen. Then anybody holding your 24 words has access to your funds without you even knowing. In this case this is not related to the hardware ledger though but kind of your own fault and problem. 

Share this post


Link to post
Share on other sites
18 minutes ago, 7strings said:

Sorry, a bit offtopic: there are various claims on this board that holdings disappeared from Nanos. Has anyone ever heard of a confirmed issue when it wasn't due to user error?

I have never heard of this happening. 

Share this post


Link to post
Share on other sites
2 minutes ago, Khaleesi said:

Really...what is the whole issue then? 

actually I believe they only made the first issues public, there are many more bugs, lets see and hope :( 

Share this post


Link to post
Share on other sites

One of the only issues I have come across is that an infiltrator can change the send/receive wallet address. This still relies on you to sign off on it though. So as long as you carefully check the entire address you are authorising, as you should anyway, it isn’t a problem. The XRP ledger wallet interface recently had an update to be applied, it is also highly recommended this is done ASAP.

Share this post


Link to post
Share on other sites

This has nothing to do with Nano, but with wallets written in Javascript: If you enter your key there is a possibility that it can be found. In particular some Javascript engines are vulnerable to this attack. https://github.com/v8/v8/wiki/Untrusted-code-mitigations

My understanding of this problem, which is mostly based on a description of how one of the people who found it looked for it, is that it sort of makes all the work on caching optimizations in processors pointless... Which I think would be a huge blow to Intel? I mean years of research and all sorts of patents etc down the tubes. Am I overreacting?

Edited by Vader-DeWelt

Share this post


Link to post
Share on other sites

I'd also be interested in hearing someone talk about how this might affect smart contract implementations, which depend on the execution of untrusted code, if i understand correctly

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×