Last friday was my last day at Ledger. Extremely humbled by what we accomplished and wishing all the builders and self custody believers there the best in their journey to make the space safer.
Merci et je profite du micro pour signaler que nous avons pu atteindre ce status car nous sommes une boîte "en dur" (tellement qu'on a construit une usine de 4000m2 à Vierzon) - aujourd'hui les futures licornes pure player protocole blockchain se battent pour le droit au compte
Due to a cancellation I'll be giving a surprise talk at
#ethcc
(Pointoise, 13h) describing the structure of the european sanity pass and how to mint it for fun and privacy. Feel free to join and enjoy the slides I didn't write yet
@TuurDemeester
@LedgerHQ
The partnership was just an announcement about us testing SGX. We're extremely clear about the security trade offs (see ) and this has absolutely no impact whatsoever on our other product lines (typically hardware wallets)
I try not to hype things too much, but I strongly believe this will change the way we look at hardware wallet development - - huge congrats to greenknot,
@salvatoshi
and team, the future will be merkleized. Your move
@LarryBitcoin
:)
PSA, if you're using
@MetaMask
with Ledger Chrome 91 breaks the transport - do not update right now if you have urgent transactions, a fix will be issued soon
Try to prevent people from owning and programming their money with one bad regulation and two workarounds will appear. Very bullish on Open Source and maths
Intrigued ? Apply in my DMs with the job reference and your auditable public track record. More information will be unveiled shortly and I expect this to be operational by November (2023).
During my time at Ledger I identified a few blind spots. Onboarding with true self custody is still too complex, and we've as an industry designed great cryptographic schemes that aren't used as much as they deserved outside of it. So I'll be starting a new team to work on that.
Happy to join the builders' council with chief strangeness officer
@sylvechv
and team - let's get this party open, decentralized and secure for all. More details
Introducing StarkNet's next step in decentralization - voting on protocol changes. Next up is StarkNet's governance, which will span over the next few months.
This is a major update to my 2012 Bitcoin application and quite an achievement to support the latest Bitcoin features on extremely memory constrained devices (~ 10 Kb RAM available for applications). See after listening.
SLP337
@salvatoshi
@Ledger
's new
#Bitcoin
app
Salvatore and I chat:
- how the app shifted v1 to v2
- PSBT + descriptors
- Taproot support
- improving multi-sig support
- merkle trees
- advanced scripting in future
However I missed the efficiency of small dedicated teams. Ledger started with Olivier Tomaz (hardware & low level embedded), Cédric Mesnil (embedded cryptography) and myself (jack of all trades / fan of Buffers) - the architecture and tech vision didn't change.
Thanks to Clave for highlighting the security differences between regular FIDO credentials and Passkeys. I'll take a slightly more tech optimistic bet on this - the current situation is temporary, once the enclaves firmwares are updated Passkeys will also be hardware bound
1/ Passkeys, Secure Enclave, Webauthn... These concepts are often used incorrectly and can be confusing. So, what exactly are they, and what are the key differences between them?
Let's delve into these concepts to gain a better understanding 🧵
I'd replace safer by less buggy because if you can't sign, you're super safe (at least from a security standpoint). Enjoyed the teamwork and quality diagnostics though
We can make the web3 tech stack available radically faster to web2 with this small party, and change the way the self custody journey starts. It's a new departure.
🌟 Annonce spéciale 🌟
On a l'immense plaisir de vous présenter notre dernier speaker, Nicolas Bacca, qui clôturera l'après-midi par un "talk" passionant sur l'histoire de BTchip à Ledger.
cc
@BTChip
Un rendez-vous à ne pas rater 😍
#CES23
#sideevent
#speaker
I used this to recover an old HW1 hardware wallet / first generation Nano with an hex seed today. It can probably help other people, so here goes (run on an offline PC)
Finally a user experience expert (UX1) that'll build the best possible Web experience, with efficient, maintainable, well tested code (if you can sense the PTSD it's not just you)
Back to the Congress this year - my main theme will be passkey hardening : getting up to date on modern iOS (post checkm8) / Android jailbreaks, state of RE on *cloud synchronization. Sidequest, anything fun involving secure hardware
#37c3
Who do I need ? A cryptography expert (CR1) that understands modern algorithms (ECC, ZKP ...) to the core and is able to optimize them securely in non standard scenarios. Think embedded cryptography tricks but on a much larger scale, such as smart contracts.
Also a reminder that
@Ledger
decided to build
@DonjonLedger
to get those audit capabilities in house, and help getting more third parties up to speed re. complex hardware audits by releasing attack and analysis tools as oss on
I've read several misconceptions about Common Criteria certifications. Typically:
- "Components producers pay for certification"
- "Certifications test only against a known set of predefined scenarios"
- "Certifications are not a replacement for independant review"
Thread👇
@PowerHasheur
@Ledger
@googlechrome
@brave
Un fix va arriver très bientot pour Chromium - en attendant le mieux est par ordre de préférence soit d'utiliser Firefox soit
@Rabby_io
si tu n'as pas besoin d'EIP 1559 soit d'utiliser le bridge de Ledger Live ()
Thanks for being at the frontline of new ZK applications and making cryptography cool with great UX, swag and events. Take some well deserved rest and keep writing this story 🫡
Today, Sismo returned funds to its investors.
We shipped fast, solved hard problems and built a great community. Yet, our pace was unsustainable, we sprinted a marathon.
I'm proud of the battle we fought and the way we did it, with full engagement and passion.
(thread)
@bantg
Apps can do what they like with the keys - we do not use handles. That's why the derivation paths are locked (avoid leaking outside of a specific domain) and apps are audited before being published on the store
1/ To elaborate on I'd suggest a kill switch for all OpenSea operations. Requires you to connect Metamask with Etherscan
step 1 go to
on proxies, enter your wallet address and "query" -> you'll get your proxy address (proxyAddress)
Big fuss ongoing about
@opensea
, apparently someone found a way to exploit a flaw in the UX to use sell orders that were "forgotten" by OpenSea itself. Want to see if your NFTs are threatened or simply learn some stuff about OpenSea's internals ?
Here's a fat thread 🧵⬇️
Very cool example of assembling trusted computing elements to get the best of each (performance + verifiability), and the flexibility of the Ledger stack
@merkle_tree
@LedgerHQ
we're moving on to the application specification this week / the next then should have a good estimate of the coding time necessary
Then a smart contract optimization expert (SC1) on different platforms (starting with EVMs), building secure code that's cheap to deploy and cheap to run at scale, well understanding the subtleties of the different networks
ATTN
@MUSTCometh
miners and
@aavegotchi
handlers, there's still an issue when signing with Ledger + Metamask on Matic. Reasonable option if you want to 🦍 : send your assets to a software wallet *before* moving to Matic. The 🦍ception option -
For
#Zcash
users: applications are ready for $ZEC Blossom fork. Kindly update both your Bitcoin and Zcash apps to the latest version (1.3.17) to manage your
#ZEC
. This can be done by uninstalling/reinstalling the apps.
Yet another contextually nice Antifragile quote "When I'm told that someone has 300 academic papers and 22 honorary doctorates, but no other single contribution or main idea behind it, I avoid him like the bubonic plague"
@jonsheswild
@Ledger
I don't think giving you an open product and freedom of choice is unprofessional. How you handle your self custody is very personal, and Ledger keeps providing you more options.
Saw of few requests on reddit today so here's a minimalistic Python implementation of Ledger Live bridge server we're using to link to Metamask, if it helps Linux users.
@hernzzzzzz
@LedgerHQ
Same as Bitcoin Cash (hopefully without the forking part) - we didn't sign Segwit2x only said we are testing it to limit damages to users
While we notified the registrar and hosting services, you can help reducing the impact of the ongoing phishing scam - report those websites as malicious (f.e. on )
xn--ledgr-9za . com : entry point
ledgersupport . io : binaries
loldevs . com : backend
@bitcoineva
@LedgerHQ
@StellarOrg
We will if it's a real thing with a price. For the time being they use random logos without permission, have no link github and can't even spell "wallet" properly so I'm not extremely positive
Depuis l'été dernier, l'Adan participe à un groupe de travail avec les autorités et les banques résoudre les problèmes rencontrés par acteurs
#crypto
dans l’accès aux services bancaires.
Conclusion : les autorités reconnaissent les problèmes. 1/5 👇
@HGESOL
@Ledger
All applications run on the device are open source and can be verified. For more information you can check - we are the most developer friendly hardware wallet
The video of the presentation on the hardware vulnerability identification (T-test) and exploitation (double laser fault injection) is finally out! You can view it there:
@PowerHasheur
@Ledger
Note, je disais ça dans le cadre du support Ledger et des dernières features de Metamask - niveau sécurité ce n'est pas pire qu'un autre wallet dans un navigateur (pas top non plus du coup cf mais pas de panique violente nécessaire)