I've been seeing lots of comments about people's concerns related to the bluetooth functionality and it makes me want to vomit. Almost as bad as when someone says they're storing BTC on a ledger nano s. You guys are supposed to be the techies of the world, but it seems we have to review how signatures work, and how hardware wallets sign digital transactions securely.
One of a cryptocurrency wallet's main job is to sign digital messages (or transactions). What does that mean? It means when I want to send BTC to some address, I create an unsigned transaction. This transaction, in its most simplistic terms, just says how much and to whom I wish to send BTC to.
The wallet runs a signature algorithm on that unsigned transaction to create a signed transaction. If you've ever used MyEtherWallet, you can see the unsigned vs. signed transaction when you try to send tokens. Whether it's a hardware or software wallet, the wallet takes your private key/seed, runs the signing algorithm on your unsigned transaction with your private key, then outputs your signed transaction. This signed transaction is just a long string of data that doesn't actually have your private key but has been altered by it.
The beauty is as long as someone has your public key (that corresponds to your private key) along with the signed transaction, they can easily verify that the person who holds that private key approved that transaction. This is all without ever exposing the private key.
So to sum up, I create an unsigned transaction that says who I want to sending something to, I use my wallet to run a signing algorithm on it with my private key, the wallet outputs the signed transaction without ever exposing the key. This signed transaction is broadcasted to the miners/stakers to verify and executed the transaction. See more info on bitcoin signatures here. Neither the unsigned nor the signed transactions contain your private key.
Now how does this apply to a hardware wallet? Your software wallet, or MEW, or Ledger Live generates the unsigned message, sends it to your hardware wallet, which in turns signs the transaction on a secure chip that holds the private key, then sends back the signed message to your computer for broadcasting to the network.
Bluetooth will allow the unsigned and signed transactions to flow wirelessly. And as we discussed above, the private key is never exposed in the unsigned or signed transactions. As long as the screen is showing what you're signing, you can never accidentally sign a transaction that sends your precious assets to some other address.
Next, the communications between your ledger nano x and computer/phone/tablet are encrypted. So even if someone was even somehow able to decrypt that wireless data, it would only be unsigned/signed transactions which would be worthless to them anyway! But an individual seeing that data is as likely as them trying to see data between you and your bank (HINT: very unlikely, look up HTTPS).
We are operating under the assumption that the hardware wallet has not been compromised, but that's true right now anyway.
You guys don't have any reason to be afraid as long as you trust ledger to perform the appropriate security measures and code vetting. So far, they've done pretty well.
No comments:
Post a Comment