I finally received my Ledger Nano S hard wallet today after a very long wait.
It looks genuine, came sealed. But, how do I know I can trust this device with my word list? That it won’t be transmitted back to ledger.com for them to help themselves to my Bitcoin at some stage in the future? Is the software open source? Do we know it doesn’t contain code to save and send these words?
I’m feeling a little nervous about this as you can tell. Especially as the delivery of the device took so long and the support was less than professional.
@JosieA, without answering the technical aspect of your question, I can tell you that Ledger and Trezor are the 2 most secure wallets available. They are way more secure than any softwallets.
Well, one reason we make hardware wallets simple and for the most part “featureless” is to avoid including any sort of vulnerabilities like the ones you mentioned, this can seem to be lacking that feature-richness on the UX side of things.
A bit of technical junk
Ledger is made with an extremely simple chip that is incapable of doing anything aside from very basic functions necessary to act as a hardware wallet. The ledger runs a proprietary firmware that is regularly updated, whereas the Trezor wallets are open source.
All private keys never leave your Ledger, instead a signal is sent in, where you decide to either approve or deny the operation. Your keys never leave the device and it doesn’t have the ability to broadcast or transmit necessarily.
If you need further help, reach out! Cheers.