> Creating good randomness is a daunting task - Ledger devices rely on dedicated silicon logic in our certified smartcard chips that have been the gold standard of secure industries for the past 40 years to guarantee high quality randomness and tamper resistance.
Which is worthless and entirely irrelevant when they keep leaking their customers' personal and purchase data (which they claimed not to collect or keep, and even failed to delete after the first leak) time and again.
I’m not sure why there is such fascination with this tech when it’s complex to understand and implement, prone to break in a thousand different ways, and has an ecosystem which is absolutely crammed with bad actors. This requires a deep understanding of cryptography to even understand if you’re safe. Why do people take the risk? Is it because they like to feel smart?
Crypto has a one-two punch that causes it to really stick tight in some minds: it's a get-rich-quick scheme (and those have a long history of bypassing the rational parts of the brain), together with ideological appeal: it feels like you're striking a blow against the Man (even though in practice all crypto goes through a small number of centralized actors that the Man can shut down any time he likes).
I believe that that's actually a big part of it. Many people have a desire to be (or at least feel) smarter than the average, to be ahead of the curve.
Cryptocurrencies, and its marketers, sit in a particularly effective sweet spot of finance- and technobabble (with a sprinkle of defiance of authorities and the status quo on top), catering to that desire.
Having known the space since 2011, I’d say there are different reasons for different types of investors who came at different waves.
- super early stage: curiosity + belief this could replace money as we know it
- early stage: speculation + elements of previous wave
- 2017-onwards: a mix of speculation++, a lot of ignorance, and the mass wanting to be “a part” of a technological future they often feel left out from + the quasi constant FOMO many experience when realizing they could have invested in FB, AMZN, APPL but didn’t. And many disingenuous (or delusional) crypto evangelists manipulating that FOMO and convincing people this is the next big financial movement of the century.
More than anything else, this is why I stay out of crypto: It shifts your trust from public institutions and the rule of law, to your own understanding of the security of the algorithms that implement the system (since there is often no public backup). And I don't trust myself to be able to identify such deep vulnerabilities.
Why anyone would hold any significant amount in a chrome extension is beyond my understanding. Even if you’re using Metamask, use it in hybrid mode with a Ledger.
Because it is used by people, not cybersecurity experts. From the vendor's website[0]:
> Our position is simple: Your wallet. Your keys. Your crypto. Built-in private key encryption and a password-protected login means you’re always in complete control.
An average person that reads this wouldn't think about needing to add more protections.
There is absolutely nothing preventing a developer using a crap RNG in some other wallet...and indeed it's happened several times over the years on various platforms.
It does sound like wasm makes the misstep somewhat easier in that it doesn't try to provide an RNG sufficient for cryptographic usage, but that also applies to quite a few other development platforms.
Because the secure options are less convenient. I mean a yubikey is less convenient because it's another physical device you shouldn't forget to put in your device and take out / with you at all times, etc.
This is the fundamental issue with the supposed "trustlessness" of crypto. Unless you are interacting directly with the protocol layer (which is like 0.0001% of users), you actually have to trust a lot of people and software.
And the whole system has been built on anonymity because it is "trustless," so it can never work in its present form. Sure, there is someone, or multiple people, at Wells Fargo who can move your money. But they will never be anonymous, and all of their actions are logged and tracked, and we have laws on the books requiring banks to be liable for such fraud and return the money to the customer. And failing that, if the whole bank goes down from the fraud, your money is FDIC insured, and the government will make you whole. Whereas in crypto, if someone gets your private key, you are instantly and irrevocably fucked. Crypto can never be anything more than a gambling tool unless it drops this "trustless" myth.
First, the trustlessness in crypto, it is just a nice keyword. You trust the protocol and the protocol trust depends on specific nodes (e.g. miners). Would you trust more these actors that hundreds of well known companies using a BFT protocol? Or a mix of both groups?
Second, key(s) custody is paramount beyond the blockchain technology used. And... this was very basic:
"Seed generation of Trust Wallet was flawed, the total entropy was only 32 bits. We have created a file containing all possible seeds."
Yeah, in fact for me the trust in a banking system (or anything else that keeps my money) is not in being in control, but in knowing that if things go wrong (regardless of whether it's someone else's fault or my own) I can complain and have a more or less realistic expectation to get my money back. For example, my main credit card was used fraudulently a couple of times, through no fault of my own (AFAIK), but the bank rolled back the charges, cancelled the card and issued a new one. This makes me trust using the card.
In the last few years, at least in my country, many banks seem to be transitioning from "patchy security, but take responsibility" to "better security, but blame the client". I.e., they add lots of mandatory over-the-top 2FA, etc. but if a client complains of a transfer they didn't make, surely it's the client's fault, because security is really good. This makes me trust such banks much less. Firstly, because even being a tech-savvy user that doesn't typically fall for scams, etc., nobody is perfect and I don't think anyone is 100% free of making a security blunder in a moment of being sleep deprived, ill, drunk, etc. And secondly, because what if they get hacked somehow and they make me responsible? No, I very much prefer worse security but listening to clients.
Similarly, in crypto, "your keys, your coins" doesn't give me trust. What if I lose my keys somehow? In the bank, they know who I am, as long as I have a means of ID I can get my money. And as you mention, even if the bank fails, the government has my back.
For all these reasons, while I do hold some crypto, I'd never keep a significant portion of my assets in that form.
I was writing about this exact problem of bad RNGs in web cryptocurrency wallets a ~decade ago. It is profoundly depressing that so little has changed:
Browsers have a number of problems that make it difficult to build wallets, but I’m not going to try and convince you to stop making them here. Suffice it to say there are alternatives for writing cross platform wallets you could consider.
Browsers just aren't intended for doing things that require the generation and safe storage of private keys. The developers don't care about these use cases. Like with so many others, if you want to do it properly you have to go outside the browser.
Back when I was involved with the cryptocurrency world (pre-2016) I kept hitting this general reluctance to just write normal desktop apps, and whenever I advised people to do it for security or stability reasons they'd insist on writing something browser/JS based instead. I did write desktop based wallets, but was considered old fashioned for doing so (at the ripe age of 35). Way too frequently people would end up losing all their money to dumb and entirely predictable hacks as a consequence of using a web-based wallet, or even just lose because of sites going offline. Browsers improved a bit since but as this episode shows, they still aren't intended for it.
Part of why people wanted to write js was that it is easy to distribute the results. They optimized for developer convenience over security. Chrome offers a portability layer and keeps extensions up to date for you. Years passed and I saw the same problem crop up in other contexts too: the right approach was to write a desktop app, people tried to hack Chrome into compliance instead so they could let it handle distribution, it didn't work, and that sometimes led to disaster for their users.
These days I have a company that tries to solve this problem. We make Conveyor [1], which has the goal of making desktop app distribution as easy as for a web app. And it mostly succeeds: it can cross-build/package apps for every platform, and on Win/macOS it can provide update-on-start so you can iterate as quickly as with a web app. You pick your preferred portability layer (flutter, jvm, electron, something rusty etc) and can choose between more battle tested frameworks or more experimental frameworks depending on your appetite for risk. Whatever you pick, the distribution experience is the same. You don't have to compromise on UX either. Frameworks like Compose for Desktop, Flutter, heck even JavaFX give you nice solid 60fps animations and can be made to look good easily. You can store private keys in the user's secure keystores. If your site goes down it's not an emergency, your app still works, only updates stop until you're back online. Even if your certificates expire your app will still work!
I hope that people will take this stuff more seriously in future. It's got a lot easier to distribute apps without relying on browsers or stores over time. Browser developers do a good job but are ultimately constrained by the web's origins. It's not just cryptocurrency wallets that can benefit from escaping the browser either! Quite a lot of security bugs can be eliminated when you leave the browser. For example you can write apps that are immune by design to XSS, XSRF, SQL injection, phishing and other common bug classes.
At some point I should probably write these thoughts down in a more modern blog post.
This is very interesting and I agree about all the upsides of desktop apps. However, in web3, people’s blockchain credentials could be used to interact with many different websites. This seems hard to reproduce with desktop-based apps, right?
All that trust I have to put in the non-crypto financial system doesn't seem too bad when you realize that the trust picture isn't all that different in the crypto world.
Do you trust that the exchange won't steal your money?
Do you trust that the software developers haven't intentionally or accidentally left any holes in the software you use to manage your money, or the smart contracts you interact with?
Do you trust the vendor you're buying from to not steal your money? If you're thinking "escrow services", do you trust the escrow service to not steal your money?
Do you trust in all that, and more, sufficiently to operate in a system where there is no way to undo erroneous or malicious transactions? Except for like when ETH rolled back the chain after the DAO incident...you know, going contrary to the immutable ledger concept this whole mess is built on...what you might even say is the most essential trust in crypto.
Because if you read the article, you would have been informed that through WASM they did not have access to existing PRNG (e.g. /dev/urandom), and had to roll a mersenne twister. Which should not be used.
The flaw here was in a dependency introduced by targeting WASM, and could apply to any project of any kind relying on random number generation for a cryptographic purpose. It is not a "crypto-currency" specific problem.
if we made international headlines for every phishing attack, you would feel the same about the tech sector or tangentially "computing" at all.
this was the case in the 90s pretty often.
now we choose to highlight properly run organizations and advances, while largely ignoring the rest. new problems presented by home computing and electronic funds transfer didnt go away.
its more likely the same will happen with crypto assets and industry. when I look at mainstream news like Bloomberg, thats what I see already.
This could also apply to other financial instruments. At the core decentralization is about power. Crypto as we know it now could fail but the core tener is about new ways of power in the financial world.
From the technological level is also about the freedom to experiment with finances where regulations don't enable to. Even if it is at a sandbox level.
“At some point there won't be any more suckers left. That's when banking will really collapse.”
The news every day sends the message more urgently that a global hard money that can never be debased by money printing and that is free from the whims of governments and dictators is sorely needed.
"There's a sucker born every minute" — P. T. Barnum
After that 'discovery' in the mid-1800s, there seems to be an endless supply, and at today's higher brithrates and infant survival rates... we can't really expect that they'll ever run out ;-P
Yeah I’m sure one day those “suckers” will decide they don’t need financial privacy and have no problem with the state reaching into their wallets at will. Then they’ll go back to happily storing their money in a bank account that can get locked for having the wrong opinion, or restricted by alleged investor protections that aren’t even opt out.
[+] [-] krono|2 years ago|reply
https://web.archive.org/web/20221030030843/https://cointeleg...
https://web.archive.org/web/20220901153130/https://www.coind...
https://old.reddit.com/r/ledgerwalletleak/comments/ki1nsz/re...
https://old.reddit.com/r/CryptoCurrency/comments/rts1w2/got_...
https://twitter.com/yeolddoc/status/1353139243548364805
[+] [-] kristianc|2 years ago|reply
[+] [-] Analemma_|2 years ago|reply
[+] [-] lxgr|2 years ago|reply
I believe that that's actually a big part of it. Many people have a desire to be (or at least feel) smarter than the average, to be ahead of the curve.
Cryptocurrencies, and its marketers, sit in a particularly effective sweet spot of finance- and technobabble (with a sprinkle of defiance of authorities and the status quo on top), catering to that desire.
[+] [-] latchkey|2 years ago|reply
[+] [-] louison11|2 years ago|reply
- super early stage: curiosity + belief this could replace money as we know it
- early stage: speculation + elements of previous wave
- 2017-onwards: a mix of speculation++, a lot of ignorance, and the mass wanting to be “a part” of a technological future they often feel left out from + the quasi constant FOMO many experience when realizing they could have invested in FB, AMZN, APPL but didn’t. And many disingenuous (or delusional) crypto evangelists manipulating that FOMO and convincing people this is the next big financial movement of the century.
[+] [-] Spoom|2 years ago|reply
[+] [-] louison11|2 years ago|reply
[+] [-] rchaud|2 years ago|reply
> Our position is simple: Your wallet. Your keys. Your crypto. Built-in private key encryption and a password-protected login means you’re always in complete control.
An average person that reads this wouldn't think about needing to add more protections.
[0]: https://trustwallet.com/browser-extension/
[+] [-] sjsdaiuasgdia|2 years ago|reply
It does sound like wasm makes the misstep somewhat easier in that it doesn't try to provide an RNG sufficient for cryptographic usage, but that also applies to quite a few other development platforms.
[+] [-] Cthulhu_|2 years ago|reply
[+] [-] fallingknife|2 years ago|reply
And the whole system has been built on anonymity because it is "trustless," so it can never work in its present form. Sure, there is someone, or multiple people, at Wells Fargo who can move your money. But they will never be anonymous, and all of their actions are logged and tracked, and we have laws on the books requiring banks to be liable for such fraud and return the money to the customer. And failing that, if the whole bank goes down from the fraud, your money is FDIC insured, and the government will make you whole. Whereas in crypto, if someone gets your private key, you are instantly and irrevocably fucked. Crypto can never be anything more than a gambling tool unless it drops this "trustless" myth.
[+] [-] wslh|2 years ago|reply
Second, key(s) custody is paramount beyond the blockchain technology used. And... this was very basic: "Seed generation of Trust Wallet was flawed, the total entropy was only 32 bits. We have created a file containing all possible seeds."
[+] [-] Al-Khwarizmi|2 years ago|reply
In the last few years, at least in my country, many banks seem to be transitioning from "patchy security, but take responsibility" to "better security, but blame the client". I.e., they add lots of mandatory over-the-top 2FA, etc. but if a client complains of a transfer they didn't make, surely it's the client's fault, because security is really good. This makes me trust such banks much less. Firstly, because even being a tech-savvy user that doesn't typically fall for scams, etc., nobody is perfect and I don't think anyone is 100% free of making a security blunder in a moment of being sleep deprived, ill, drunk, etc. And secondly, because what if they get hacked somehow and they make me responsible? No, I very much prefer worse security but listening to clients.
Similarly, in crypto, "your keys, your coins" doesn't give me trust. What if I lose my keys somehow? In the bank, they know who I am, as long as I have a means of ID I can get my money. And as you mention, even if the bank fails, the government has my back.
For all these reasons, while I do hold some crypto, I'd never keep a significant portion of my assets in that form.
[+] [-] nailer|2 years ago|reply
[+] [-] cma|2 years ago|reply
[+] [-] corndoge|2 years ago|reply
[+] [-] sjducb|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] mike_hearn|2 years ago|reply
https://medium.com/mike-hearn/type-safety-and-rngs-40e3ec71a...
Browsers have a number of problems that make it difficult to build wallets, but I’m not going to try and convince you to stop making them here. Suffice it to say there are alternatives for writing cross platform wallets you could consider.
Browsers just aren't intended for doing things that require the generation and safe storage of private keys. The developers don't care about these use cases. Like with so many others, if you want to do it properly you have to go outside the browser.
Back when I was involved with the cryptocurrency world (pre-2016) I kept hitting this general reluctance to just write normal desktop apps, and whenever I advised people to do it for security or stability reasons they'd insist on writing something browser/JS based instead. I did write desktop based wallets, but was considered old fashioned for doing so (at the ripe age of 35). Way too frequently people would end up losing all their money to dumb and entirely predictable hacks as a consequence of using a web-based wallet, or even just lose because of sites going offline. Browsers improved a bit since but as this episode shows, they still aren't intended for it.
Part of why people wanted to write js was that it is easy to distribute the results. They optimized for developer convenience over security. Chrome offers a portability layer and keeps extensions up to date for you. Years passed and I saw the same problem crop up in other contexts too: the right approach was to write a desktop app, people tried to hack Chrome into compliance instead so they could let it handle distribution, it didn't work, and that sometimes led to disaster for their users.
These days I have a company that tries to solve this problem. We make Conveyor [1], which has the goal of making desktop app distribution as easy as for a web app. And it mostly succeeds: it can cross-build/package apps for every platform, and on Win/macOS it can provide update-on-start so you can iterate as quickly as with a web app. You pick your preferred portability layer (flutter, jvm, electron, something rusty etc) and can choose between more battle tested frameworks or more experimental frameworks depending on your appetite for risk. Whatever you pick, the distribution experience is the same. You don't have to compromise on UX either. Frameworks like Compose for Desktop, Flutter, heck even JavaFX give you nice solid 60fps animations and can be made to look good easily. You can store private keys in the user's secure keystores. If your site goes down it's not an emergency, your app still works, only updates stop until you're back online. Even if your certificates expire your app will still work!
I hope that people will take this stuff more seriously in future. It's got a lot easier to distribute apps without relying on browsers or stores over time. Browser developers do a good job but are ultimately constrained by the web's origins. It's not just cryptocurrency wallets that can benefit from escaping the browser either! Quite a lot of security bugs can be eliminated when you leave the browser. For example you can write apps that are immune by design to XSS, XSRF, SQL injection, phishing and other common bug classes.
At some point I should probably write these thoughts down in a more modern blog post.
[1] https://hydraulic.software/
[+] [-] nailer|2 years ago|reply
This sounds like webcrypto and it’s interface which is designed to make some data unexportable.
[+] [-] bo1024|2 years ago|reply
[+] [-] asplake|2 years ago|reply
[+] [-] sjsdaiuasgdia|2 years ago|reply
2013: https://bitcoin.org/en/alert/2013-08-11-android
All that trust I have to put in the non-crypto financial system doesn't seem too bad when you realize that the trust picture isn't all that different in the crypto world.
Do you trust that the exchange won't steal your money?
Do you trust that the software developers haven't intentionally or accidentally left any holes in the software you use to manage your money, or the smart contracts you interact with?
Do you trust the vendor you're buying from to not steal your money? If you're thinking "escrow services", do you trust the escrow service to not steal your money?
Do you trust in all that, and more, sufficiently to operate in a system where there is no way to undo erroneous or malicious transactions? Except for like when ETH rolled back the chain after the DAO incident...you know, going contrary to the immutable ledger concept this whole mess is built on...what you might even say is the most essential trust in crypto.
[+] [-] _trampeltier|2 years ago|reply
[+] [-] 4gotunameagain|2 years ago|reply
It is about implementation, not about WASM
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] footlose_3815|2 years ago|reply
The implementation: "Whoops there's something we did wrong on the way."
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] TechBro8615|2 years ago|reply
[+] [-] BonoboIO|2 years ago|reply
[+] [-] noveltyaccount|2 years ago|reply
[+] [-] Eumenes|2 years ago|reply
[+] [-] evilspammer|2 years ago|reply
[+] [-] tony04larry|2 years ago|reply
[deleted]
[+] [-] pontifier|2 years ago|reply
[+] [-] detrites|2 years ago|reply
[+] [-] tyingq|2 years ago|reply
[+] [-] yieldcrv|2 years ago|reply
this was the case in the 90s pretty often.
now we choose to highlight properly run organizations and advances, while largely ignoring the rest. new problems presented by home computing and electronic funds transfer didnt go away.
its more likely the same will happen with crypto assets and industry. when I look at mainstream news like Bloomberg, thats what I see already.
[+] [-] zimbatm|2 years ago|reply
The real question is how big the risk is relative to inflation, central banks collapses, bank runs and all other types of institutional risks.
[+] [-] wslh|2 years ago|reply
From the technological level is also about the freedom to experiment with finances where regulations don't enable to. Even if it is at a sandbox level.
[+] [-] Mistletoe|2 years ago|reply
“At some point there won't be any more suckers left. That's when banking will really collapse.”
The news every day sends the message more urgently that a global hard money that can never be debased by money printing and that is free from the whims of governments and dictators is sorely needed.
[+] [-] toss1|2 years ago|reply
"There's a sucker born every minute" — P. T. Barnum
After that 'discovery' in the mid-1800s, there seems to be an endless supply, and at today's higher brithrates and infant survival rates... we can't really expect that they'll ever run out ;-P
[+] [-] mouzogu|2 years ago|reply
As long as there is survivorship bias I think it will survive. Can think of it more as a poverty tax, like the lottery.
When there is a possibility of easy money, people will overlook every kind of red flag and inconvenience.
[+] [-] alphanullmeric|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] jackmott42|2 years ago|reply
[+] [-] birracerveza|2 years ago|reply
[deleted]
[+] [-] InCityDreams|2 years ago|reply
[+] [-] bsenftner|2 years ago|reply