Ledger co-founder Eric Larchevêque clarified that there is no “backdoor” in the latest Recover firmware update. The Ledger controversy attracted comments from notable leaders and blockchain experts from the crypto community including Cardano founder Charles Hoskinson who claimed that open-source software is always better than closed-source.
However, Ledger co-founder refutes Charles Hoskinson’s claims and red flags open source due to elevated security risks.
Ledger CEO Refutes Cardano Founder Charles Hoskinson
On Friday, Cardano founder Charles Hoskison in response to the Ledge controversy said he always choose open-source software whenever possible, saying that “security comes from simplicity.”
“People buy hardware wallets to maximize the personal security of their funds. They don’t buy them for daily use or expect an equivalent user experience to hot wallets.”
Ledger co-founder Eric Larchevêque took to Twitter on May 20 to further clarify security aspects of closed source, open source, and chain of trust in a hardware wallet. Ledger is a hardware wallet with closed-source firmware.
He claims open-source wallets come with regular hardware but less security, while close source with secure elements, allowing higher level of security. A supply chain attack can happen when plugging the hardware to flash the firmware, while “holographic seal” mitigated some risk it’s not efficient to prevent attack at manufacturer level.
A master key from the manufacturer, implanted in the secure element at the factory level, can cryptographically prove interacting with the real chip. This cannot be used with open source as the master key would obviously be revealed during compilation.
“This means that using an open source HW, you must trust that the manufacturer will not put a backdoor in the electronics, and using a closed source HW you must trust that the manufacturer will not put a backdoor in the firmware.”
He believes security is always a matter of trade-offs and hardware wallets require that trust. Users could do critical mistakes or update hardware with rogue firmware.
Amid the Ledger Recover controversial firmware update, hardware wallet provider such as GridPlus decided to open-source its firmware. But Ledger CEO believes bad actors could gain access to these due to being open-sourced.
Disclaimer: CryptoNewsBook is an online aggregator that fetches latest crypto news from different sources. This article is provided for general information purposes ONLY and contains data fetched from third party sources; hence, we do not endorse its accuracy. For more details, kindly visit The Source. Please report any fake news or false statement to Our Support Team. If you are the original owner of this content and wish it to be removed on this platform, kindly forward your request to Our Support Team.
Also Note: Cryptocurrencies are unregulated, and no part of this article should be understood nor interpreted as a recommendation/advice. #s4
