Jump to content

Q on BIP0039 and Ledger Nano X


Recommended Posts

When one installs a genuine Ledger Nano, one receives the BIPT 24 word passcode.
After that, one can, later on, add apps and accounts on the device. Now say for instance, my ledger gets broken or lost and I buy a new one, reinstall it with the BIP0039 words then HOW can the combination of a "genuine device & STATIC passcode" know the details of all the extra added accounts (say one added over time several accounts, for several coins)? 

I've been testing this with a Ledger Nano X, genuine installed with only 5 XRP accounts. Later on I added one XRP and two ETH accounts. After that I took a genuine Trezor T and entered the 24 words and .... ALL XRP accounts and the first ETH account were there, but the second ETH account was missing - no way to get that one on the Trezor...

I'm guessing that by installation, the Ledger already encrypted the keys into the BIP0039 for the first entered 5 XRP accounts + one (reserve) AND also for all coins supported by the Ledger also one reserve (in my testcase used by the first ETH I added later on). So this would mean that for the first account from each coin one can add on the Ledger, the keys already are stored in the BIP0039 but for all second and more added accounts the keys seems to be missing. Just a guess, someone knows exactly how this works?

Link to post
Share on other sites
2 hours ago, Sukrim said:

Usually keys for various accounts are derived from that encoded secret, it isn't used directly. Did you already read https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki for example? I would guess that this is how Ledger does it, but you can read their source code for the exact process too.

That's a bit over my head. I was puzzled why the Trezor was able to reconstruct this (as described below) from a BIP-39 wordlist created with Ledger Nano X and Ledger Live

- 5from5 created together with BIP-39 + 1from1 later added XRP accounts  ----> Trezor sees all the XRP accounts
- 1from2 later added ETH accounts (second one missing) ----> Trezor sees only one out of two ETH accounts

Is there someone who can explain this in noob-language to a person with good technical understanding but who's a noob in coding (languages and github content) ?

 

Link to post
Share on other sites

From the 24 words you can derive (at least practically) hundreds of addresses to almost every crypto which all are indexed. Maybe when Trezor sees only one, it only checks one. It doesn't bother to check undefined amounts of addresses. 

You can eg. load XRP addresses by using almost any wallet app (like XUMM) by putting the 24 words in. You don't need a hardware wallet for that. A hardware wallet is only good if you need to sign transactions from an online computer. 

Link to post
Share on other sites

From a single seed, multiple accounts can be created in series. There are different algorithms to do this.

The only thing I don't understand is where is the information on how many wallets were "created" is stored. Maybe nowere and the user has to manually say how many accounts to recover, but I don't know since I've never did it.

Edited by tulo
Link to post
Share on other sites
On 8/30/2020 at 2:23 PM, tulo said:

From a single seed, multiple accounts can be created in series. There are different algorithms to do this.

The only thing I don't understand is where is the information on how many wallets were "created" is stored. Maybe nowere and the user has to manually say how many accounts to recover, but I don't know since I've never did it.

I don't know if the device could have possibly done this, but it might be something like:

  1. Test deriving multiple accounts from the master seed
  2. Look up the generated addresses to see if they exist in the public blockchain. If so: cool, must be yours
  3. Continue until you get a miss or something
Link to post
Share on other sites
18 hours ago, mDuo13 said:

I don't know if the device could have possibly done this, but it might be something like:

  1. Test deriving multiple accounts from the master seed
  2. Look up the generated addresses to see if they exist in the public blockchain. If so: cool, must be yours
  3. Continue until you get a miss or something

The problem is: what do you mean by "exist in the public blockchain"? Every possible account already exists in the blockchain. The device can maybe check only the accounts with some funds on it, but imagine I created 3 accounts, then I emptied account 2, then the device would stop at the empty account 2 without finding account 3.

I'll investigate :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.