$2.99 3.75%
XTZ · 25w

Ledger has full control over the 3-try-wipe pin logic - big single point of failure?

Hi community, look at this chat with Ledger's team: https://www.reddit.com/r/ledgerwallet/comments/epbfkl/ledger_teamwhere_is_your_pin_wipelogic_stored_in/ Did most of you know about this fact, that the **3-try-wipe logic of the pin code sits actually inside the firmware** software and not inside the hardware's secure circuitry? This becomes a great single point of failure. Because Ledger would be able to do this: > Ledger staff could technically deactivate/edit the 3-try-wipe logic and thus make unlimited pin guesses (brute forcing) possible" Did you know about it? Again: This is not about the mnemonic, its about the pin code, when you enter it wrong 3 times in a row, the device gets reset. This makes brute forcing practically impossible. But if this 3-try logic gets deactivated, anyone who gets your device will have access to your funds (its not hard to brute force 8 digits if you have unlimited tries)! And how many times people lost their phones? How many times people get robbed? Very huge security threat when your device gets lost without a wipe-logic in place! No one needs the 24w mnemonic anymore. Such a single point of failure is not given in a software wallets. Not any wallet can remove your selected wallet pin/password. In my opinion Ledger should cease control over this wipe-logic just as they cease control over the 24w seed phrase. There should be some sort of solution to this. I wanted you to be aware of this wipe logic issue. How do you see this topic?
Go to self.tezos
Recent news