Cardano (ADA) creator Charles Hoskinson is weighing in on Ledger Wallet’s latest move to offer an optional subscription that provides customers with a backup of their secret recovery phrase.
The new product, Ledger Recover, allows users to recover their private keys through a comprehensive ID verification process.
Ledger Recover has sparked controversy within the crypto community because according to critics, it gives the company a potential backdoor for obtaining user data and that an ID verification process is “inherently insecure.”
Amid the Ledger controversy, Hoskinson shares his thoughts on what should characterize crypto hardware wallets in terms of security. He urges the use of open-source software that is regularly audited by numerous sources.
“Security comes from simplicity – design the smallest possible footprint.
Non-updatable firmware is important when a company makes specific promises about their security model. Yubikey for example follows this concept while it would be difficult to replicate this idea for cryptocurrencies. Decentralizing the process of updates would greatly enhance security.”
The co-founder of Cardano developer Input Output Global also says that people buy hardware wallets not so much for the convenience or smooth user experience that Ledger is offering, but strictly for security.
Hoskinson says key security information of hardware wallets should not be handed to other parties other than their owners. The Cardano creator also highlights that a social contract between a user and a hardware wallet provider should not be broken.
“The hardware wallet space is the most extreme example of self-custody. We could just as easily PGP (pretty good privacy) encrypt some seeds and leave them in Gmail. We choose to use hardware wallets because they guarantee that the private keys stay in one place on hardware that’s hard to tamper with.
Don’t break social contracts.”