undefined | Better HN

0 pointskrono2y ago0 comments

What good is all this super reliable gold-standard encryption when its provider has shown to be so incredibly careless with the exact sort of information this solution is meant to protect?

Whatever security goals they claim to pursue exist only in their marketing copy.

0 comments

DennisP2y ago

The point of good randomness is to keep other people from just directly draining your funds by breaking your key. That has nothing to do with any data held by Ledger, since they never see your key.

The data leaks don't affect that, though they're still a serious problem since they exposed customers to different sorts of attacks.

lxgr2y ago

Properly operating/securing a web shop and developing a secure embedded device are two pretty different skill sets, and I'm quite impressed with the quality of their security team's research concerning the latter.

Of course they should be doing both, but there's an easy, pragmatic workaround until then: You can just buy their devices on Amazon. (This does somewhat increase the chance of supply chain attacks, but that's always present, and I believe Ledger devices support hardware attestation in addition to tamper protection.)

j / k navigate · click thread line to collapse