Ledger wallet reddit the division
IOTA still not know for the most of the user of other cryptocurrencies, when people start to see all the benefits that this technology brings, they will start to sell their cryptocoins for IOTA this happened to me we also have an important role in terms of the market price for IOTA, we can PROMOTE online the benefits of it for example on Youtube The second thing that will contribute for the jump of IOTA will be when the technology start to be implemented as a way of payment by machines as they advert on iota.
Let imagine that on car manufacturer implements a way o payment on a car computer to accept IOTA as a way of payment for example for car parking, this only example would make the coin jump to the sky in my opinion above bitcoin price. However, it will have a hard long time reaching a price of even to dollars.
The price is always a result of market cap divided by number of coins. That will take more than half a year. Maybe even more than a decade. Furthermore, there's probably gonna come some new competitive technology along the way.
Still very good, and still requires a significant market cap, because there's so much more units than for instance Bitcoin's 21 million. And I quote you:. So, with all respect; whether you think Bitcoin will explode into the hundreds of thousands of dollars per Bitcoin within the next five years, or whether IOTA will take over in terms of price, your statement is self-contradictory, cause if you think Bitcoin will be that big in five years, you can't have much faith in IOTA.
An advantage of treating IOTA units as whole numbers is to avoid decimal rounding issues, which can lead to floating-point errors in improperly designed software. I agree with mygestic and just in my opinion all the blockchainbased coins bcb-coins are barrel burst because of the limited transactions per second and the fees and centraliezed mining valuation which is not democratic at all.
It might be a different coin and way better than Bitcoin, which I think it is, but no matter what, it still follows the rule of supply and demand according to the units it's traded in. It all depends on the demand stemming from real life use cases, and the "success" of the Tangle tech itself.
It might go really high, or it might just crash as something better sees the light. First of all somebody founders? Anytime there begins new a wave some donk throws what he has. You forgot about inflation rate for other projects e. Other coins inflating won't necessarily affect the price of IOTA. It still has to follow the rules of the market.
I don't mind them selling at a pace where it doesn't crash the market totally. They seem to be somewhat intelligent in their approach. They need money for further development of the concept, so it would be natural to get them from the market cap slowly as money flow in, while also distributing more coins to the users. If a company invests in their project, they most likely don't give the devs any cash - they just buy coins and hold long term, so the easiest and maybe only way they can get money to continue the development of their project, is by selling some of their own coins.
I hardly doubt that they'd spend such long time and commit themselves so much, just to rip people off. This attack would allow you to extract the PIN, recovery seed and any BIP passphrases used, provided the device is used at least once after you attack it. As before, this does not require malware on the computer, nor does it require the user to confirm any transactions. This attack would require the user to update the MCU firmware on an infected computer.
This could be achieved by displaying an error message that asks the user to reconnect the device with the left button held down to enter the MCU bootloader. Then the malware can update the MCU with malicious code, allowing the malware to take control of the trusted display and confirmation buttons on the device. This attack becomes incredibly lucrative if used when a legitimate firmware update is released, as was the case two weeks ago.
If you want to miss out on the fun of building an exploit yourself, you can find my proof-of-concept on GitHub. If you follow the instructions there and install it on a Ledger Nano S running firmware 1.
However, because this is for educational purposes only, I have deliberately made the attack slightly less reliable. Before I get to the details of the vulnerability, I would like to make it clear that I have not been paid a bounty by Ledger because their responsible disclosure agreement would have prevented me from publishing this technical report.
As a result of this I became concerned that this vulnerability would not be properly explained to customers. Cryptocurrencies, such as Bitcoin, use public key cryptography to protect funds. You can only spend the funds if you have the private key. This creates an issue for the user as to how they should secure their private key. Humans are notoriously terrible at securing secrets and devices; even security experts are not infallible.
However, acquiring the private keys is not the only way an attacker can steal your beloved Bitcoin. An attacker who compromises such a device could simply change the recipient of the transaction and the amount being spent! Therefore, any useable hardware wallet really needs the following features, which differentiate it from a dumb HSM. We can further divide the last attack vector into two types: If an attacker can steal the device, they have a longer duration of time to perform an attack, and possibly access to expensive lab equipment.
However, they may be thwarted by you realizing your device is missing, and moving your funds to new private keys.
These attacks can be far more dangerous due to the wide variety of scenarios they can be employed in:. In this disclosure, we will focus primarily on the case of supply chain attacks. But, as I explain briefly at the beginning of this article, the methods described here can be applied to the other two attack vectors.
In September , Ledger released the HW. Unfortunately, this design had severe limitations: This made the wallet dangerous to use. Fast forward to July Ledger announced a new device called the Nano S. At the time of writing, no firmware update has been released to fix the vulnerability in the Ledger Blue. While there is no public datasheet available for the ST31H , a quick look at the data brief shows that this Secure Element does not support displays!
The only interface it supports is a low-throughput UART. As it happens, Ledger developed a new architecture to deal with this issue. This processor drives the display, buttons, and USB interface. It interfaces with the Secure Element, which stores the actual private keys. A diagram of the architecture looks like this:. An important feature of the Secure Element is that we can perform cryptographic attestation to determine that it is running genuine Ledger firmware.
This is actually a selling point of the Ledger design: This brings us to the key problem. While the software on the SE can be attested to, the MCU is a non-secure chip and as we show below its firmware can be replaced by an attacker. And herein lies the problem: It is incredibly important to note that, for these devices to be secure at all, you must completely verify the physical hardware.
Since neither the packaging nor the actual device are tamper-evident, it is trivial for an attacker to modify the device. I cannot repeat this enough: You should also verify the hardware whenever someone could have had unauthorized access to it, otherwise you are vulnerable to Evil Maid attacks. Ledger provides instructions to do this, but I will note two issues with them. The pictures are of varying quality. Ledger needs to provide high resolution images that display every component clearly.
It is essential that you verify the back of the device, especially since this is where the JTAG header a debugging interface for the MCU resides. Even if these two issues are resolved, I would question how expensive it is to have one of the MCUs with additional flash memory, but identical pinout, to be re-labelled as an STM32FK6.
Nevertheless, while it is important to touch on this topic, hardware tampering is not required for the attack I will describe in this article. But it turns out that verifying the firmware on a non-secure processor is not so simple. At first glance this seems problematic.
This is the challenge that Ledger attempted to tackle. The theory adopted by Ledger is based on the fact that the MCU has a relatively limited amount of flash. To run malicious firmware, an attacker would also need to store the official Ledger firmware, so that it can satisfy the SE. Specifically, by verifying the entire flash and filling empty areas with random data , Ledger attempted to make it difficult to store malicious code on the MCU and also pass the MCU verification.
However, I was completely unconvinced by this solution. A user might notice if it took twenty seconds to start up their wallet! Not to mention, while there were promising results compressing the entire flash, that was not the case for only the MCU firmware — and I did not want to replace the MCU bootloader, which is also present in flash.
This is because there are two methods to install new firmware on the device:. Using the JTAG, a debugging interface used by embedded firmware developers to, amongst other things, upload new firmware. Using the bootloader, which is the method used by Ledger users to install firmware updates. You can find the Python tool provided by Ledger to do this on GitHub. If I made a mistake while flashing the new bootloader, this method would stop working and the device would be bricked unless I used the JTAG interface.
When you compile a C program, the toolchain the suite of software that compiles programs will perform a number of magic tricks to make everything work. The compiler works around this by inserting a software implementation of the division operation.
Another example is when you declare initial values for variables defined in functions. When the function is called, the compiler will insert extra code at the beginning to copy this data onto the stack.