Ledger has full control over the 3-try-wipe pin logic - big single point of failure?
Hi community, look at this chat with Ledger's team:
Did most of you know about this fact, that the **3-try-wipe logic of the pin code sits actually inside the firmware** software and not inside the hardware's secure circuitry?
This becomes a great single point of failure. Because Ledger would be able to do this:
> Ledger staff could technically deactivate/edit the 3-try-wipe logic and thus make unlimited pin guesses (brute forcing) possible"
Did you know about it? Again: This is not about the mnemonic, its about the pin code, when you enter it wrong 3 times in a row, the device gets reset. This makes brute forcing practically impossible. But if this 3-try logic gets deactivated, anyone who gets your device will have access to your funds (its not hard to brute force 8 digits if you have unlimited tries)! And how many times people lost their phones? How many times people get robbed? Very huge security threat when your device gets lost without a wipe-logic in place! No one needs the 24w mnemonic anymore.
Such a single point of failure is not given in a software wallets. Not any wallet can remove your selected wallet pin/password.
In my opinion Ledger should cease control over this wipe-logic just as they cease control over the 24w seed phrase. There should be some sort of solution to this. I wanted you to be aware of this wipe logic issue.
How do you see this topic?
⚡️Hey #Tezos fans! Have you seen, over 100 bakers are available in Atomic for staking? In addition you can choose any custom baker!💰From our side we charge zero fees for staking, all rewards are comi...
The Tezos Foundation is offering free XTZ tokens in its recently launched XTZ Faucet. Anyone can get free XTZ coins from thisTezos Foundation’s Faucet. The faucet was launched at the beginning of this...