In the world of cryptocurrencies, security is a central concern of users. One of the important elements in this case Key phrase, or “seed phrase”, which allows you to protect and restore your digital assets. Recently, some companies such as French Ledger offer controversial services to store these keyphrases, raising questions about their relevance and associated risks.
What is a seed phrase?
A seed phrase A combination of words, usually 12 to 24 words long, that allows access and redemption of a cryptocurrency wallet. This phrase is generated when creating a new wallet and must be kept in a safe place by its owner. Anyone with knowledge of this keyphrase can access funds in the wallet. The characteristics of a seed phrase are:
- Random generation: Words are selected from a pre-established list according to a random process.
- Key Order: The order of words in a seed phrase is important to ensure its recursive function.
- Minimal Redundancy: Each word usually appears only once in the sentence.
- Standardization: Most wallets use the BIP39 standard to generate and manage seed phrases.
Where do concerns about the safety of seed phrases come from?
The security of seed phrases is based on the principle that only the owner of the wallet needs to know about them. However, some services store these keyphrases with third parties to help recover them in case of loss. This approach raises several problems:
- Compromise of confidentiality : Handing over your passphrase to a third party increases the risk of unauthorized access to your wallet.
- Reliability of service providers : Users should trust the robustness of the security measures taken by the service provider to protect their data.
- Risk of hacking : A service that focuses on the key phrases of many users can be a prime target for cybercriminals.
Ledger case: Controversy surrounding seed phrase retrieval service
Ledger, a specialist in hardware wallets, recently updated its firmware to integrate a seed phrase recovery service based on identification by users’ passports or national ID cards. This paid service is causing a lot of controversy, especially due to its implications in terms of privacy and security.
How does this service work?
To use the Ledger Recovery service, users must provide an identity and pay a $9.99 monthly subscription. The seed phrase is then chopped into encrypted chunks that are handed over to three different service providers (Ledger, CoinCover and a third unspecified one). So this is an approach MultipartySecurity of data must be ensured through their dissemination among multiple actors.
What are the points of criticism?
Several features of the Ledger Recovery Service have been criticized by the crypto community:
- Breach of Confidentiality: Associating his key phrase with his official identity violates the anonymity of transactions.
- Dependence on Service Providers: The trust placed in the three service providers for the backup of seed phrase fragments can be questioned, especially in view of the ledger’s history of data leaks.
- Contradiction: The use of a hardware wallet is precisely aimed at protecting its cryptocurrencies by keeping full control of its private keys. Handing these over to third parties is against this philosophy.
Alternative Ways to Protect Your Seed Phrase
If you face risks related to relying on third-party services, it is recommended that you take individual steps to protect your keyword:
- Write it down on a physical medium (paper, metal) and keep it in a safe place.
- Use offline storage solutions like hardware wallets or encrypted media.
- Set up a multisig backup system that requires multiple keys to authenticate a transaction.
The management of its seed phrase is a key issue in protecting its digital assets. To centralize this sensitive information, users should be wary of services that support decentralized and self-sovereign solutions to guarantee their security.
