We have been excited and anxiously waiting for this for almost two years, waiting for development to finish, and Ledger has finally brought it to us! Wallet integration into a secure trusted element built right into your phone, which makes your wallet app almost as secure as having a dedicated hardware wallet!
Some background and explanation first:
Many years ago ARM, the company that makes most of the CPUs running in Android smartphones, has implemented something called TrustZone, or TEE (trusted execution environment), which is a completely separate processor sitting next to the main CPU, which has its own memory, display, and input. It's basically a whole separate computer. The original intent was to have banks use it for increased security instead of relying on logins and passwords. But banks didn't care, so that chip has sat there, in everyone's phones, doing nothing.
Until Ledger came along! They wrote a small wallet interface that loads into that TEE chip, and does all the key storage and signing there. So far it works with Mycelium and Green Address (for Android).
The way it works is, when you install and set it up, the applet is loaded into the secure chip, and the chip goes through the process of generating HD private keys. These keys NEVER leave that chip. Then Mycelium Wallet gets the public portion of that HD wallet that lets it manage your accounts (xpub). When you create a new transaction, Mycelium checks your balances, creates the transaction, opens a secure encrypted channel to the TEE chip, and sends that transaction to it.
When the TEE receives a transaction request, it opens a new screen, on top of your Android OS screen, so it's impossible to fake, and asks, "Hey, what is this, and what do you want to do with it?" You have to physically tell the chip that you do want to approve of that transaction, at which point the transaction is signed directly on the TEE and sent back to Mycelium Wallet, which then broadcasts it to the network.
This is basically the equivalent of having a hardware wallet connected to your phone's USB port at all times, but built right into your phone. And nothing, not rooting, hacking, or physically accessing your phone (short of guessing your pin) will allow an attacker access to your private keys.
It's as I've been saying, in the future we will go from phones that run software apps, to secure cryptographic devices that also run a phone app, and the future is now!
The link to download Ledger's applet us here: http://bit.ly/1OvSd2u
Unfortunately it only works on some phones right now (mainly newer Samsungs), but more and more phones will be added over time. I have been using this thing since September for hundreds of transactions, and never had a problem (I'm a terrible beta tester, not being able to find any bugs), and it's great being able to carry any amount of coins without worry!
Submitted February 25, 2016 at 08:44AM by Rassah http://bit.ly/1KMaE8c
No comments :
Post a Comment