The Ledger Nano S on review today is quite possibly the most popular wallet on the market today - with its notable contenders being Trezor, KeepKey, Digital Bitbox and OpenDime.
The Ledger Nano S is simply still better than the competition due to its polished interface, portability and widespread availability. But certain bad UX decisions and corner-cutting regarding security make it hard for us to wholeheartedly recommend it.
The Attack Address JavaScript Exploit
https://www.docdroid.net/Jug5LX3/ledg...
Follow us on Twitter - / thedischarged
Like us on Facebook - / thedischarged
Subscribe to us on YouTube - http://bit.ly/2ekPgIT
Okay, first of all - let’s first go through what a hardware wallet is - it is a device that gives you an additional layer of security when handling your cryptocurrency wallets. Normally, you use your private key to move the funds, but if your computer has been infected or compromised, it is possible for the keys to be captured and used to steal your funds. Private keys are however stored on the device in the case of wallets, so even if you are a victim of phishing, malware, hacking or other nefarious means of data exploitation, private keys remain accessible only to you.
The Ledger Nano S on review today is quite possibly the most popular wallet on the market today - with its notable contenders being Trezor, KeepKey, Digital Bitbox and OpenDime. The reviews of these will also be available on our channels. In Ledger’s box you get the usb-thumb-drive looking thing, a usb cable, keychain, lanyard, instruction and the recovery card. To begin using it, we have to plug it in our computer via the USB and it will prompt us to visit and setup the device. Afterwards, we enter a 4-digit PIN, write down the 24 recovery words on the card and begin use of the wallet.
In day to day use, hardware is usable - albeit cheap feeling due to constant associations to thumb drives of days past - while the software has a minimal, polished look that is currently arguably the best on the market - but there are features that could be better executed, namely:
to confirm any action you have to press both buttons on the device at the same time (bad UX title onscreen)
due to hardware limitations you may use a maximum of 5 wallets on the device, which is not optimal in case you are invested in multiple currencies
to add to that, you have to install a separate application for every currency you use, cluttering your system
for U2F use a PIN entry is required, which was a major point of inconvenience, although I understand the reasons behind their decision
but then again, there is only one, a single PIN code for any operation used on the device, which, given its four digit nature, is less than ideal
Also important to note is a series of security breaches that question the claims of developers or their marketing colleagues that publicly claim that the wallet is malware-proof and has firmware integrity guaranteed et cetera. One of these is the Ledger Receive Attack Address exploit I have linked below - in it, the Ledger wallets generates the displayed receive address using JavaScript code running on the host machine, which means that malware can replace the code responsible for generating receive address with its own and causing all future deposits to be sent to the attacker. Given receive addresses are consistently changing, the user has no simple way to verify the integrity of the receive address. What makes matters worse is that the software for Ledger is located in the AppData folder, where even !unprivileged! malware can modify files, neither does the wallet implement any integrity-check tools to its source. The developers are aware of the issue and will not fix it. The solution as such is simple - when the user opens the “receive” tab, it sends a request to the Ledger to show the public key on the hardware wallet, and if the device does not recognize the key, it warns the user.
Nevertheless, in early 2018, when we are making this video, the Ledger Nano S is simply still better than the competition due to its polished interface, portability and widespread availability. But certain bad UX decisions and corner-cutting regarding security make it hard for us to wholeheartedly recommend it.
Thanks for watching this video on Discharged Networks, don’t forget to comment and subscribe to see more videos on cryptocurrencies in the future.
Информация по комментариям в разработке