Jump to content
workerX

Spectre / Meltdown

Recommended Posts

6 minutes ago, Khaleesi said:

There is nothing written in those links you provided that substantiates your claim that the nano can be hacked. 

That's correct. But there's nothing that can disprove the fact that any connection to a network is a vulnerability.

So, the pragmatic approach is to stay away from solutions like the Nano S.

This is a philosophical question. We can search for who is right or wrong, or we can do the safest thing.

"The cat doesn't drink the covered milk" is a Bulgarian proverb. I'll cover the milk instead of worrying about educating the cat when to drink milk.

Share this post


Link to post
Share on other sites
27 minutes ago, teddybear said:

That's correct. But there's nothing that can disprove the fact that any connection to a network is a vulnerability.

So, the pragmatic approach is to stay away from solutions like the Nano S.

This is a philosophical question. We can search for who is right or wrong, or we can do the safest thing.

"The cat doesn't drink the covered milk" is a Bulgarian proverb. I'll cover the milk instead of worrying about educating the cat when to drink milk.

So  what you are saying is that you are spreading needless FUD about the nano because you don’t feel like educating yourself about when to drink the milk....ahhh okay then

Share this post


Link to post
Share on other sites
12 minutes ago, Khaleesi said:

So  what you are saying is that you are spreading needless FUD about the nano because you don’t feel like educating yourself about when to drink the milk....ahhh okay then

I want to protect the milk, not drink it.

And yes, I am for pragmatic solutions, which not only happen to cost less, but also give full control to the user. These two arguments beat the Nano S.

I think you own the Nano S and don't give my approach much of a chance. I am not going to fight your stubbornness.

Share this post


Link to post
Share on other sites
1 hour ago, Khaleesi said:

There is nothing written in those links you provided that substantiates your claim that the nano can be hacked. 

I do not think that he is stating that the NANO specifically can be hacked. That has yet to be proven. What is for sure and just a matter of time, is the Ledger servers, YOUR computer, Your browser, your connection. You can never trust your computer, mobile device nor your own connection. You can not trust your ISP. I do not trust my own computers. All wallets should be kept offline. All transactions should be signed offline and then processed online. With the setup, your secret keys have zero exposure.  That is what @teddybear is trying to say.

Share this post


Link to post
Share on other sites
On 1/12/2018 at 9:59 PM, Khaleesi said:

Ledger France has assured everyone that their wallets are not affected. 

I agree that this is true. The issue lie in the CPU not in memory chips. The point where you may or may not be vulnerable is in the path that the secret key travels through your computer via the USB port and then on to the processor. What Meltdown is, is a hijack in the processor that intercepts the data. My guess is that the internal controllers on the Ledger likely send a hash of some sort instead of sending the Secret Keys in the Green. So no, I do not believe the Ledger falls prey to this problem and is safe in that aspect.

Share this post


Link to post
Share on other sites
1 minute ago, Xilobyte said:

he point where you may or may not be vulnerable is in the path that the secret key travels through your computer via the USB port and then on to the processor.

And that exactly is my problem with the Nano S.

Share this post


Link to post
Share on other sites
On 1/13/2018 at 12:41 AM, workerX said:

as far as I understand someone who has the right tools can access anything you are doing on you computer.

This is partly true. Let's say that the information in the processor is successfully hijacked, now the question is, what type of data did they get. If all they got was encrypted data and hash keys, the next question should be, can they re transmit it and receive the same answer from the Ledger servers. Ledger would have to evaluate that themselves and give a positive answer as we can not know the data that is sent to the Ledger Servers and they should not tell us.

Share this post


Link to post
Share on other sites
On 1/13/2018 at 2:13 AM, Trippy said:

So could you. Where are the Ledger France comments. Are we just meant to take his word for it? How are Ledger users not affected?

Basically you just dissed my original comments and expected that to be the end of the discussion.

Mr @Trippy I can verify that I have seen those comment from the devs at Ledger. I am pretty sure that I read in on the Ledger Reddit. But comments or not, I would agree that the device is secure, just maybe not the personal computer.

Share this post


Link to post
Share on other sites
On 1/12/2018 at 9:57 PM, Trippy said:

Yep, this could be a big issue. All operating systems have supposedly issued patches to this, but because this is a hardware bug there is a belief that they can't patch this completely. I'm basically a HODLer, so private keys never touch my online computer, but I do a small amount of trading using software wallets. I'm going to be restricting this activity and maybe looking at getting a hardware wallet...something I haven't been inclined to do. I'm not convinced of the security of hardware wallets, either. Face it, crypto is the jungle.

Mr @workerX This is a very good reply to your question as long as it was a meant to be a question and not really a conversation. The best thing that you can do over all is use a Cold Wallet system, using the proprietary coin wallets and not third party wallets. There are many conversations here about that subject and why it is the thing to do. Over all, using the method that Mr @Trippy describes is your bet option.

Share this post


Link to post
Share on other sites

Thank you for your reply @Xilobyte. I thought more in general as it will may affect the whole crypto eco system. 

As per my understanding in future you need 3 computers, one for surfing, one offline, and one virgin one fully updated only to assess the exchanges.

 

Hopefully the exchanges will do their job.

Share this post


Link to post
Share on other sites
On 1/14/2018 at 5:51 AM, teddybear said:

That's correct. But there's nothing that can disprove the fact that any connection to a network is a vulnerability.

So, the pragmatic approach is to stay away from solutions like the Nano S.

This is a philosophical question. We can search for who is right or wrong, or we can do the safest thing.

"The cat doesn't drink the covered milk" is a Bulgarian proverb. I'll cover the milk instead of worrying about educating the cat when to drink milk.

What is the safest thing in your opinion?

Share this post


Link to post
Share on other sites
5 hours ago, XRPcalling said:

What is the safest thing in your opinion?

Hi @XRPcalling the best solution is a true airgapped offline cold storage.

Either you build it yourself (tutorial)

Or

You go with https://blacksite-wallet.io

@Xilobyte can help you with amy questions, he runs the site. I myself have a few coins stored there. My XRP are stored the same way as described in the tutorial.

Edited by teddybear

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×