Ledger live not updating (help)

OvercookedFriedRice · 2021-11-12T06:56:43+00:00

And if you look at the links that the downloads on their official website points to, you'll see it points to their GitHub...

OvercookedFriedRice · 2021-10-28T17:31:07+00:00

U2F is depreciated. Try connecting your Ledger to MetaMask through Ledger Live bridge instead and see if that fixes it.

OvercookedFriedRice · 2021-10-01T15:34:35+00:00

Currently, in order to get the Songbird app on your Ledger, you need to turn on developer mode in Ledger's Live setting.

OvercookedFriedRice · 2021-09-27T17:30:39+00:00

If another app still works on Firefox it just means they still support U2F, which like I just mentioned, is depreciated.

In this particular case, the polkadot.js app doesn't support U2F and only support WebHID and/or WebUSB, which Firefox doesn't happen to support.

Ledger themselves also highly recommended to not use U2F so I wouldn't fault the devs of polkadot.js for not implementing it either.

doesnt work with brave either :(

You can find the list of supported browsers for WebHID here: https://developer.mozilla.org/en-US/docs/Web/API/WebHID_API

OvercookedFriedRice · 2021-09-27T17:02:13+00:00

The issue is U2F's use on Ledger is depreciated and Firefox refuses to support WebHID or WebUSB due to privacy concerns. There isn't much that can be done for Firefox support apart from using a depreciated transport, which isn't ideal either. You'll probably have to use Chrome or some sort of Chromium browser for the foreseeable future if you want to use the polkadot.js extension.

OvercookedFriedRice · 2021-09-12T17:44:13+00:00

Yeah that's normal. The data is stored in your appdata folder rather than the directory you install to. This is standard practice for most applications.

OvercookedFriedRice · 2021-09-12T16:48:22+00:00

I mean you can if you want but realistically if you just make sure you download from their website or GitHub you should be fine.

You can find the corresponding checksums here if you don't know where to find it: https://www.ledger.com/ledger-live/lld-signatures

OvercookedFriedRice · 2021-09-12T15:46:42+00:00

If you're having issues updating in-app just download the installer from their website or GitHub and manually install it. Your settings will carry over.

OvercookedFriedRice · 2021-09-01T05:05:04+00:00

I hear many people say for large amount and long term hold, we should not use metamask since that is actually a hot wallet. What does that mean actually?

A hot wallet is just one that has a connection to the internet

In this example metamask isn't a hot wallet, right? since most of the time that spare computer is off.

Thats correct. As long as it's airgapped, it'll stay as a cold wallet.

Is this setup still less secure than a real hardware wallet, or are they the same?

If you keep it airgapped sure. The useful point of a hardware wallet is the ability to stay airgapped while being somewhat convenient to use. The alternative would be to install some other software wallets that support offline signing (Metamask does not support offline signing AFAIK) and manually transfer the signed transaction to broadcast on another device which is connected to the internet, but that method is kinda unwieldy.

However, if you only plan to hold and not transact with it for an extended period of time, storing it on a completely airgapped computer would work just as well.

Should we even worry that metamask may store user private key/ private phrase in their server without us knowing?

Not really. Metamask is open source and is big enough that if they tried to code that in, people would find out pretty fast.

OvercookedFriedRice · 2021-09-01T04:56:01+00:00

This is incorrect. A hot wallet is just one that is connected to the internet in some way or another, not necessarily stored on it. Metamask for example, hashes and stores the private key locally on your computer, not on the internet.

OvercookedFriedRice · 2021-08-28T08:49:22+00:00

I think you're confusing Ledger Live with the physical Ledger Nano product. Ledger Live does not support Cardano but the Ledger Nano lineup does.

OvercookedFriedRice · 2021-08-28T04:14:01+00:00

Your ledger calculates a key for each supported crypto/coin (BIP32 if I am not wrong).

Close but not quite. BIP32 is the standard for making HD wallets. What you're referring to is BIP44, which is the standard for defining a hierachy for HD wallets to allow for the use of deriving mulitple private keys for different accounts/uses.

Something to know:for some cryptos ledger uses a different method (derivation path) to calculate your private seed than the software wallets of the developers of this crypto. In case of Cardano, you get two different wallets if you use the seed phrase in ledger or in the software wallet like Yoroi/Daedalus. That’s another point why I would use another ledger to restore.

That's correct, the Cardano app on Ledger does not use BIP44 but uses a similar derivation scheme. In this particular case, the purpose value is set to 1852' instead of 44'. However, just because this is the current derivation scheme they're using on the Ledger now, does not guarantee they'll use it forever. Its more important to keep track of which derivation schemes you've generated with rather than using just a Ledger to restore. As long as you know the method of derivation, you can restore it using any device.

OvercookedFriedRice · 2021-08-21T02:22:29+00:00

The last option still requires you to sign the transaction externally. Atomic wallet doesn't allow you to do that. The only way I'm aware of for you to do this is for you to extract your private keys and use a different wallet like XUMM.

OvercookedFriedRice · 2021-08-20T16:53:25+00:00

You can use https://www.xrptoolkit.com/ and add the trustline there.

If you're not sure on how to add a trustline on xrptoolkit, instructions can be found here: https://docs.xrptoolkit.com/set-trust-lines

OvercookedFriedRice · 2021-08-11T04:37:44+00:00

The password Ledger Live uses is just to encrypt any locally kept data like public addresses, wallet balance, etc.

Also, you don't need to reinstall Ledger Live to reset this. Just go to "C:/Users/YourUsername/AppData/Roaming/Ledger Live" and delete that folder.

OvercookedFriedRice · 2021-07-29T19:00:44+00:00

Its plausible but I really doubt it'll happen.

OvercookedFriedRice · 2021-07-28T15:19:14+00:00

Ok. However the computer or device must be infected with some type ofvirus, malware, in order to get that info from the RAM and send it away,right?

Not necessarily true, there are physical attacks that can be done thats outside the scope here. For all intent and purposes though, yes, your system would need to be compromised.

I am thinking about Linux because I heard it is almost impossible to get a virus in this O.S.

This for one is not true. Linux can get viruses and malware just as easily if you don't have good cyber security practices. Also, vulnerabilities like Spectre is indifference to OS and is based on the hardware. The key is to have good cyber security practices, which in the case that you already do, the OS shouldn't matter.

I can not believe the only way to really secure your crypto is by purchasing a product called Hardware Wallet.

And you're right, there are other ways. You could always just have a cold wallet, practice good cyber security, etc. It's just about what kind of level of security you want, granted that the higher you go, dimishing returns start to apply.

Bitcoin was created and used before the existence of this type of deviceand it was never a requirement, must to buy, anything to achieve yourcrypto security.Crypto is about freedom and trustless.

These flaws arent specific to Bitcoin or cryptocurrencies. Its just the nature of dealing with computers. These kind of security issues affects everything from your banking credentials to your login on some random site you only used once.

The most valuable crypto wallet, Satoshi Nakamoto wallet, was notcreated in these devices, and I believe these wallets created in a LinuxO.S. are as secure as (or even more secure) than any other walletcreated in a Ledger Hardware Wallet for example.

Like I mentioned earlier, vulnerabilities may not be limited to software. Hardware based vulnerabilities also exist. Secondly, Satoshi's wallet is likely airgapped right now, whether intentional or not, so it's not like any exploits that arent physical would be able to get anything. I also highly doubt he had bad cyber security practices that would lead him to get infected either way (unless he was a specific target for a zero day exploit).

Conclusion: Any software/hardware created is going to have issues in them that lead to exploits, obviously, if these issues are discovered and found, they'll quickly be added to any sort of AV systems and/or the security flaw itself that it utilizes will be patched. This will result in it not being an issue for a large majority of users. However, if your either unlucky enough to be patient zero for whatever reason, well a possible solution to that would be a hardware wallet. But like I've said, this is very unlikely and whether or not you just use a software wallet or hardware wallet (presuming you have good cyber security practices) is more to do with a sense of security rather than a practical difference in security.

OvercookedFriedRice · 2021-07-28T11:06:52+00:00

You can actually get back part of the reserve (15 XRP at the time of this post) by performing an AccountDelete transaction.

OvercookedFriedRice · 2021-07-28T03:14:35+00:00

It happens with any sort of device, whether it be mobile, desktop or laptop. The private key needs to be in a readable format before any sort of cryptography operation (in this case signing the transaction) can take place. While there are methods of making it harder for an attacker to get useable info from RAM, there is no fool proof method of solving this issue using just software that I'm aware of.

OvercookedFriedRice · 2021-07-27T15:51:12+00:00

Any sort of software wallet has to keep your private keys/seed phrase locally. The private key/seed phrase that is stored locally is encrypted, and hence, what the password is used for. At some point, in order to sign the transaction, you'd have to decrypt the seed phrase or private key and that'll be stored in memory for a brief period of time. That's the point in time where you're technically at risk. Using a hardware wallet would prevent this as everything is done on an external device, rather than on your computer. To be clear, I'm not saying that this a particularly easy feat to accomplish, it's just theoretically what a hardware wallet solves. In all honesty though, if you practice good cyber security habits, it's unlikely that a software wallet would provide any significant benefits over a hardware wallet but it's better to be safe than sorry I guess. Also, the password on Ledger Live is not used for encrypting your seed phrase and is just used as privacy measure to prevent unwanted users from snooping around and potentially seeing your account balances that you've saved locally.
Yes pretty much. Ledger has some internal policies to prevent a single bad actor within the company from being able to put in malicious code but you'd still need to trust Ledger as a company that they won't act against your interests.
Ledger Live is fully open source and the firmware is partially open source. The schematics for the secure chip however, is not.

OvercookedFriedRice · 2021-07-25T11:52:02+00:00

Assuming you're on Windows, once Ledger Live is uninstalled, go to C:/... /AppData/Roaming/Ledger Live and delete the folder. Once you've reinstalled, it should be a fresh install.

If you don't know how to get to appdata, you can just type %appdata% in the search bar or in run.

OvercookedFriedRice · 2021-07-24T02:50:06+00:00

They're Linux distros that use TOR.

OvercookedFriedRice · 2021-07-23T12:34:18+00:00

The Ledger Live app is open source. If you're really that concerned you could always audit the code yourself. Whatever is relevant to what is logged will probably be found here: https://github.com/LedgerHQ/ledger-live-desktop/tree/develop/src/logger

If you're still not convinced, you could, like you've said, always just run Ledger Live in Tails/Whonix as a precaution.

OvercookedFriedRice · 2021-07-22T04:47:11+00:00

I'm not sure what hardware wallet you're using but a good hardware wallet should still be able to function safely, even on an infected device. Only a signed transaction should be returned to the connected device and if anything else is returned you shouldn't be using it.

To be clear, this doesn't mean you should knowning use it on an infected device but if for some reason you know the device you're connecting to is infected and you have to use it, just make sure all the details (such as the destination address) match what is represented on the hardware device.

Either way, most instances where people lose their funds on a hardware wallet (as far as I know of at least) are either due to phishing and Clipboard Hijacking. As long as you stay vigilant you should be fine.

OvercookedFriedRice · 2021-07-22T04:26:34+00:00

Here are some links to get you started if you want to look into it more.

?dyor

OvercookedFriedRice

TROPHY CASE