XRPto50dollars Posted February 1, 2018 Share Posted February 1, 2018 Someone asked in another topic, "A link was posted with info from the ledger website suggesting that the chrome api had faltered and users should refrain from sending any coins from there nano using the chrome's api." ..but they cant find where they got this info. has anyone else heard about this issue with Ledger / API? Thanks in advance. Link to comment Share on other sites More sharing options...
XRPisVELOCITY Posted February 1, 2018 Share Posted February 1, 2018 This is interesting. "Google has announced the end of life of Chrome applications. Ledger will provide replacement solutions in time to make sure users are not affected. We have started developing a new native application Ledger Wallet (for PC/Mac/Linux) based on Electron framework. UPDATE December 2017: Google will not deprecate de Google Apps before June 2018." https://trello.com/c/mf0aFgDK/28-chrome-applications-end-of-life XRPto50dollars 1 Link to comment Share on other sites More sharing options...
XRPisVELOCITY Posted February 1, 2018 Share Posted February 1, 2018 18 minutes ago, XRPto50dollars said: Someone asked in another topic, "A link was posted with info from the ledger website suggesting that the chrome api had faltered and users should refrain from sending any coins from there nano using the chrome's api." ..but they cant find where they got this info. has anyone else heard about this issue with Ledger / API? Thanks in advance. I feel better after reading this about the security. "Whenever a payment needs to be made, the transaction is signed inside the Secure chip and the private keys are not even visible by the computer the Ledger Wallet is connected to. A compromised computer will never be able to access the contents of the Secure chip." https://support.ledgerwallet.com/hc/en-us/articles/360000380313-Security-of-Ledger-products XRPto50dollars 1 Link to comment Share on other sites More sharing options...
MaxEntropy Posted February 1, 2018 Share Posted February 1, 2018 Hmm... what is Ledger Wallet going to do for a security environment??? Clearly, Ripple has bombed on their implementation of the Ledger Wallet for Ripple. gray 1 Link to comment Share on other sites More sharing options...
gray Posted February 1, 2018 Share Posted February 1, 2018 37 minutes ago, MaxEntropy said: Hmm... what is Ledger Wallet going to do for a security environment??? Clearly, Ripple has bombed on their implementation of the Ledger Wallet for Ripple. What? This doesn't even make sense haha. Link to comment Share on other sites More sharing options...
MaxEntropy Posted February 1, 2018 Share Posted February 1, 2018 Bombed... the installer is NOT signed... which rocket scientist in the process of software design, development, testing and product release... decided that a presumably secure hardware wallet should use an UNSIGNED installer... not trusted by anyone or any corporation. Specifically, corporations accept ONLY products that are signed. You folks have some work to do on security. :-) Please debate this issue. Link to comment Share on other sites More sharing options...
MaxEntropy Posted February 1, 2018 Share Posted February 1, 2018 @gray You are a newbie... there is a history on this topic. Just debate the ONE issue that I have presented. This will be as much fun... as how Ripple squirmed on this observation. Link to comment Share on other sites More sharing options...
gray Posted February 1, 2018 Share Posted February 1, 2018 2 minutes ago, MaxEntropy said: Bombed... the installer is NOT signed... which rocket scientist in the process of software design, development, testing and product release... decided that a presumably secure hardware wallet should use an UNSIGNED installer... not trusted by anyone or any corporation. Specifically, corporations accept ONLY products that are signed. You folks have some work to do on security. :-) Please debate this issue. What installer is not signed? Link to comment Share on other sites More sharing options...
MaxEntropy Posted February 1, 2018 Share Posted February 1, 2018 (edited) @gray You see... you are a newbie ! Set aside which installer... and deal with the generic issue of Windows software component that is required for Ledger Wallet for Ripple... for which the installer is UNSIGNED... ie... no security credentials... and no company name... anonymous. Cute. Edited February 1, 2018 by MaxEntropy Link to comment Share on other sites More sharing options...
gray Posted February 1, 2018 Share Posted February 1, 2018 Just now, MaxEntropy said: @gray You see... you are a newbie ! Set aside which installer... and deal with the generic issue of Windows software component that is required for Ledger Wallet for Ripple. Being a newbie has nothing to do with it lol. There is no "Windows software component" that is required for Ledger Wallet for Ripple. There's a Chrome app which is multiplatform. Which doesn't need to be signed, because that application has absolutely zero bearing on the security of the system as a whole. The application that runs on the secure enclave of the device itself is signed, and that is what matters. XRPisVELOCITY, John_Buh, XRPto50dollars and 1 other 4 Link to comment Share on other sites More sharing options...
MaxEntropy Posted February 1, 2018 Share Posted February 1, 2018 Silly.. person... of course signed installers are required... otherwise the human at the keyboard has no way of determining who wrote the software that they are about to install. Second, if you had actually used the software you WOULD KNOW that it does NOT run inside the security context of the Chrome Extensions. The rocket scientists 'out there' implemented the quick dirty approach and installed it as a standard native application on Windows. I may get around to seeing how it is installed on MacOS and Linux... one day. Third... I will let you do some reading... you need to brush up on security. - "It is hard to discus security with people who confuse Australia with Austria." <small joke for those who will are well read> :-) Max has left the building. Link to comment Share on other sites More sharing options...
gray Posted February 1, 2018 Share Posted February 1, 2018 3 minutes ago, MaxEntropy said: Silly.. person... of course signed installers are required... otherwise the human at the keyboard has no way of determining who wrote the software that they are about to install. Second, if you had actually used the software you WOULD KNOW that it does NOT run inside the security context of the Chrome Extensions. The rocket scientists 'out there' implemented the quick dirty approach and installed it as a standard native application on Windows. I may get around to seeing how it is installed on MacOS and Linux... one day. Third... I will let you do some reading... you need to brush up on security. - "It is hard to discus security with people who confuse Australia with Austria." <small joke for those who will are well read> :-) Max has left the building. Ah, I see. Well I admit I was mistaken, the Ripple specific app for Ledger is a native app... Weird, since I was under the impression they were all Chrome apps. Anyway, the security implications are much less than you make it seem. The fact that the windows app is not signed has no bearing on the security of your coins (private keys) if they are stored on a Nano S. It does have some amount of bearing on the security of your computer that you're installing it on (and I agree on the principle, apps should be signed, you should be able to verify it). However, the security of that computer, again, has no bearing on the security of your crypto. In addition, the fact that the app isn't signed isn't as much of a problem here since it's being downloaded directly from their website using TLS... their site would have to get hacked or you'd have to not be using HTTPS to get MITM'd and compromise the app. You can basically guarantee that the app you downloaded is the same one hosted on their servers given that you're connecting over HTTPS. Also, that app is signed, just not in the way that Windows wants... it's still signed in such a way that a warning is presented on the device if you open a non-genuine app. LetHerRip, John_Buh and XRPto50dollars 3 Link to comment Share on other sites More sharing options...
MemberBerry Posted February 1, 2018 Share Posted February 1, 2018 So...chromium app for linux is also rekt? This ledger thing is soo complicated for no-techs. Is xrp safe? Is ledger safe now or what does alll of this mean? Link to comment Share on other sites More sharing options...
XRPto50dollars Posted February 1, 2018 Author Share Posted February 1, 2018 (edited) @MemberBerry... i have no idea. i feel like i started this Topic just to make conversation, and inadvertently brought the entire Ledger system to its knees. If the ledger's Secure Element' is safe, yet we're downloading stuff to our computer in order to use the Ledger which compromises the security of our personal stuff aka banking, email, etc... whats the point?????????????????????? How could Ledger spend so much time, money, and research to create a super strong Nano S... yet they skimped and went with a Chrome App??? 1Todd even discovered Chrome is ENDING ALL APPS! So how can Ledger be 'so secure' if they took shortcuts along the way? Lets face it... MOST people cant afford to buy a separate computer just to run a Nano, nor can MOST people have the technical know- how how to work with linux to create a true cold wallet. i feel as if someone from Ledger is going to read this Thread and be like, "Crap.. someone figured out we're not safe." Id love/appreciate/highly desire the mega-brains to give their thoughts on this: Pretty much this Topic seems to have inadvertently brought up a huge security risk thanks to Gray's and Max's input; if its not with the Ledger itself, its with the computer its connected to via USB due to the Chrome App. @PickleRick @RegalChicken @Hodor @gray @Chewiecoin @JoelKatz @zenkert @Mercury @1todd960 Edited February 1, 2018 by XRPto50dollars Member278576 and MemberBerry 1 1 Link to comment Share on other sites More sharing options...
Deux Posted February 1, 2018 Share Posted February 1, 2018 Soo much FUD on ripple, it doesnt have alot to do with ripple. Ledger this ledger that, you are talking about the ledger nano s. A separate company that offers a hardware wallet. If they offer software that is not secure. You need to contact them. Btw I assume its not only ripple, but any other cryptocurrency they support would have the same issue. Or am I wrong on this topic? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now