The Ledger team has released the 1.2 firmware update for Nano S, unleashing a set of new features and integrations.
- Passphrase support for plausible deniability or seed backup protection (compatible with BIP39)
- Alternative duress PIN
- Shuffle PIN option
- Token & basic contract support (data field) for Ethereum
- MyEtherWallet integration on Chrome and Opera without third party extensions
- Support for GreenAddress & Greenbits (Android, desktop coming soon)
- Litecoin support
- Ledger Manager: application & firmware updates
The Ledger Manager is a Chrome application built to easily update your Ledger Nano S firmware and install/remove applications.
To update your firmware, please refer to our step by step guide.
It is necessary to update your firmware to 1.2 to be able to benefit from all the following features.
The passphrase is like a 25th word on your 24 words seed, but one that you should remember and never write down. It scrambles your seed and generates a new identity: there is no right or wrong passphrase, each one will always derive a unique seed and set of accounts.
It is mainly used for two reasons:
- protection of your backup seed: if someone gets physical access to your 24 words seed, it’s game over. If your accounts are behind a passphrase then you are protected since it would be computationally extremely expensive (and not feasible) to try all possible combinations.
- plausible deniability: in case of a $5 wrench attack, you would give out a passphrase unlocking accounts containing spare change. Of course, this has some limits: if the attacker is very well informed he can continue to hit you with the wrench until you give the “real” password.
As entering a passphrase on your Nano S each time you plug it would be highly impractical, Ledger’s approach is to use an alternative PIN (or “duress PIN”) which would be locked to a fixed passphrase.
Right now, setup of the passphrase requires the use of Python scripts. Full on device management will be available in the 1.3 firmware. If using Python is not a possibility for you, please bear with us while we are building a friendlier solution in the Ledger Manager.
Note that all your apps (Bitcoin, Ethereum, FIDO…) are affected by the passphrase identity change.
Setup Python environment
Execute the following commands in your Linux or MacOS shell:
virtualenv ledger source ledger/bin/activate pip install ledgerblue --upgrade
Set passphrase and alternate PIN
Use the following command:
python -m ledgerblue.derivePassphrase --persistent
It will request your passphrase on your computer, request your current PIN on your Nano S and generate the new set of accounts. If
--persistentis set then you’ll be asked to enter an alternate PIN and these accounts will be attached to it. Otherwise, these new accounts will be active on the device until it is powered off.
With an alternate PIN activated, when you power on the device, the usual PIN will give you access to your normal accounts, and the alternate PIN will activate the accounts behind the passphrase.
How to best use the passphrase feature
Our recommendation is to use your current PIN for your day to day accounts, holding reasonable assets, and your alternate PIN for your savings account, holding higher value assets. This way, not only will your backup seed be protected by the passphrase, but your “duress” PIN will in fact be a real account will real transactions. This would be much more effective in a plausible deniability scenario.
A new Litecoin application is available in the Ledger Manager. Once it’s installed, launch the Ledger Wallet Bitcoin Chrome application and activate the onboard Litecoin app by pressing both buttons. It’ll then automatically switch the wallet to LTC and you’ll be able to manage your litecoins.
When entering your PIN, you may want to mitigate the possibility that someone is observing your movements and inferring digits from the number of button presses. Upon activation of the PIN shuffle in the Nano S global settings, PIN entry will start with a random number for each digit.
Ethereum Token & Contract support
The latest version of the Nano S Ethereum application is now supporting ERC-20 tokens and contracts (through the data field). Data support must be specifically activated into the Nano S Ethereum app settings. No information regarding the contract will be displayed for validation on the Nano S during signature of a transaction (full on-screen validation of a contract will require a dedicated application). The Ledger Wallet Ethereum Chrome application will provide data support on its next release (October 27th).
MEW is a very popular Ethereum wallet, supporting ETH, ETC, tokens and contracts. It is now fully compatible with Nano S, without any third-party plugin requirements (you do not need any Chrome app or extension). It works directly on Chrome and Opera.
WARNING: in order to activate native communication with the browser, the browser mode must be switched on in the Nano S Ethereum settings.
Thanks to the Nano S integration on MyEtherWallet, you have a flexible and independent alternative to the Ledger Wallet Ethereum Chrome application.
For more information about Ledger’s projects, upcoming features, firmwares and applications, please refer to our public roadmap.