Ledger 101 — Part 4: Advanced Security Principles

08/27/2019 | Blog posts

Ledger security

The previous installments of the Ledger 101 series have shown the necessity of using a hardware wallet, the importance of using secure chips and crypto security best practices.

We have explained the importance of common sense when dealing with crypto assets, and covered the basics of security. Once you are comfortable with this and had your first experience managing your backups and accounts, it is time to open the door to more advanced principles.

Plausible deniability and resilient backups

Correctly safeguarding your 24-word recovery phrase (also called backup) is the foundation of your crypto security. In the following sections, we are going to discuss how you can add another layer of protection and resilience to it.

Passphrase usage

The passphrase is an optional security feature that can be used on top of your 24-word recovery phrase. It is also commonly referred to as the 25th word.

Basically, this passphrase is an extra word which is added to your 24-word recovery phrase to generate a new seed and unlock a completely new set of accounts. You can pick any set of letters, numbers and signs as your passphrase, and every unique passphrase will generate a new set of private keys and addresses. All Ledger hardware devices have the passphrase option available, and from a practical point of view it works like the following:

Remember: all passphrases are valid. If you make a typo, you’ll get access to another set of accounts (in this case no worries, just start the process anew).

When you power off your device, it will forget the passphrase, and will let you access your normal set of accounts again.

Here are the security benefits that using a passphrase can provide:

Of course, you must make sure that your passphrase is complex and impossible to guess. It is all-important that it can resist a brute force attack long enough to give you the time to move your assets.

Example of BAD passphrases:

Example of GOOD passphrases:

Plausible deniability

We have seen how the passphrase can efficiently add security to your backup. Tt can also be used for a different reason called plausible deniability.

Instead of entering your passphrase each time you need it, you can attach it to a second PIN on your Ledger device. This results in having two valid PIN codes: one will unlock the normal set of accounts, the other the alternative set of accounts.

Therefore, if ever you were asked under duress to “open and empty your hardware wallet”, you could use the first PIN code, showing the normal accounts with minimal assets. The attacker is then satisfied and leaves the scene quickly, with limited financial damage on your side.

You must however know that plausible deniability has a limit to its efficiency. If your attacker is knowledgeable about your crypto situation, or even knows about the existence of a potential passphrase, you would most likely still have to reveal the passphrase or alternative PIN code.

This is why putting yourself out of the equation by having your high value hardware wallet and backup away from your home gives you more chance of success in case of a critical security situation.

Resilient and distributed backups

To avoid being subject to the horror of a home jacking, or if you just can’t find a place secure enough for your backup, you may want to have the possibility of splitting your backup in different locations. You could split your 24 words in three groups of 8 and distribute them among three places, but then you would increase the risk of loss of destruction of your backup (if one piece goes missing, it’s game over).

A better alternative would be to split your backup in three, but only needing access to two pieces to recover access.

This is quite low tech and easy to understand.

Recovery phrase

Let’s say your recovery phrase is “A B C” (only three words are necessary in our example). Then you create three pieces of papers: “A B _”, “A _ C” and “_ B C”. By taking any two pieces, you are sure to recover the full “A B C” phrase.

You can follow this online guide for more information about how to do it for your 24-word recovery phrase.

Backup in steel

Using a piece of paper to store and safeguard critical information may not sound like the best idea regarding durability. Ink could disintegrate over time, and fire or water would immediately be fatal.

We strongly recommend to use steel based backup solutions instead of paper. Here are a few products that we know and have tested, that you can safely could use:

What about estate planning?

One of the burning subject in the crypto space is succession. How can your loved one get access to your crypto in case of your passing, while keeping it your undisputed property until that.

As of today, there is no known trustless solution. They all require to reveal some information and therefore put you at risk of a potential collusion against you.

We have compiled below a list of possible scenarios, but none are really perfect and would have to be used at your own risk:

As stated before, none of these options are ideal,but we’ll definitely need reliable and trustless solutions in the future. Crypto assets will be a more and more important part of estates, and I can only imagine the complexity it will create with unsuspecting notaries and lawyers…

I’m quite convinced we are soon going to see specialized projects and startups tackling this challenge.

Securely yours,

Eric Larcheveque
Ledger, Executive Chairman & Co-Founder

Ledger Nano X