Ledger Co-Founder Flag Security Risk In Open Source, Refutes Charles Hoskinson

Ledger co-founder Eric Larchevêque clarified that there is no “backdoor” in the latest Recover firmware update. The Ledger controversy attracted comments from notable leaders and blockchain experts from the crypto community including Cardano founder Charles Hoskinson who claimed that open-source software is always better than closed-source.

However, Ledger co-founder refutes Charles Hoskinson’s claims and red flags open source due to elevated security risks.

Ledger CEO Refutes Cardano Founder Charles Hoskinson

On Friday, Cardano founder Charles Hoskison in response to the Ledge controversy said he always choose open-source software whenever possible, saying that “security comes from simplicity.”

“People buy hardware wallets to maximize the personal security of their funds. They don’t buy them for daily use or expect an equivalent user experience to hot wallets.”

Ledger co-founder Eric Larchevêque took to Twitter on May 20 to further clarify security aspects of closed source, open source, and chain of trust in a hardware wallet. Ledger is a hardware wallet with closed-source firmware.

He claims open-source wallets come with regular hardware but less security, while close source with secure elements, allowing higher level of security. A supply chain attack can happen when plugging the hardware to flash the firmware, while “holographic seal” mitigated some risk it’s not efficient to prevent attack at manufacturer level.

Also Read: Ben and Psyop Creator Threatens With Class-Action Lawsuit

A master key from the manufacturer, implanted in the secure element at the factory level, can cryptographically prove interacting with the real chip. This cannot be used with open source as the master key would obviously be revealed during compilation.

“This means that using an open source HW, you must trust that the manufacturer will not put a backdoor in the electronics, and using a closed source HW you must trust that the manufacturer will not put a backdoor in the firmware.”

He believes security is always a matter of trade-offs and hardware wallets require that trust. Users could do critical mistakes or update hardware with rogue firmware.

Amid the Ledger Recover controversial firmware update, hardware wallet provider such as GridPlus decided to open-source its firmware. But Ledger CEO believes bad actors could gain access to these due to being open-sourced.

Also Read: Chainlink VRF Is Live On Arbitrum One, What It Means For Crypto Industry?