Home » An Inside Look Into the Surprisingly Friendly Rivalry Between Ledger and Trezor
Blockchain News

An Inside Look Into the Surprisingly Friendly Rivalry Between Ledger and Trezor

An Inside Look Into the Surprisingly Friendly Rivalry Between Ledger and Trezor

Trezor and Ledger, two of probably the most outstanding {hardware} pockets producers, have lengthy been locked in a rivalry.

As a part of Cointelegraph’s interview with Charles Guillemet, the CTO of Ledger, he revealed that the connection is extra complicated than it might appear at first. Regardless of the rhetoric, cooperation and respect may be discovered as nicely.

A collaborative rivalry

Guillemet mentioned that he doesn’t know who began the rivalry, because it goes again to the “very starting of the Ledger and Trezor corporations.”

“I believe issues received extra severe after I created the Donjon, which is our inner safety group,” he conceded. The Donjon was one of many first improvements launched by Guillemet when he joined Ledger, resulting from his perception that the one option to design a safe system is to “attempt to break it, repeatedly.”

Whereas the Donjon centered on Ledger wallets, in addition they started opponents’ merchandise. “Initially that was principally by curiosity. We simply wished to grasp how they work,” he mentioned.

That research resulted within the group discovering vulnerabilities in “every single pockets that we checked out.” Guillemet famous:

“Whenever you discover a vulnerability, the correct factor to do is to report it to the seller. And that’s what we did.”

The distributors then fastened the vulnerabilities, even giving bounties to Ledger a few of the time. Concerning Trezor, he talked about a “battle of PR” between the businesses, including:

“On the finish, one factor which is totally true, is that the pockets safety of Trezor improved lots because of us.”

Whereas Guillemet didn’t keep in mind the precise variety of vulnerabilities reported to Trezor, he mentioned they have been about “six or seven.” All of them have been patched besides one, which was unfixable because of the elementary design of Trezor’s chips.

Attributable to this, the Ledger group didn’t disclose its particulars, although they have been independently reported a 12 months later by Kraken’s safety group.

Open supply vs. safety

The rationale why the bug is unfixable is that Trezor makes use of a so-called MCU chip in its pockets, which is utilized in widespread family home equipment and was not meant for safe knowledge storage, Guillemet defined. When requested why, he mentioned that this was a acutely aware design alternative:

“They’re of robust perception in open supply philosophy, and once you use the Safe Component, it’s a must to signal an NDA with the chip producer, which prevents you from giving any data on what is going on on contained in the chip.”

The Safe Component utilized by Ledger comprises many countermeasures, which an open supply firmware would doubtless reveal. Based on Guillemet, safe components are unacceptable to Trezor as they need to keep their software program fully open.

Guillemet mentioned that open supply software program is “an excellent factor” and famous that he personally contributed to some initiatives. “However once you design a safety system, I believe safety is a very powerful factor.”

Whereas he conceded that open supply software program may very well be a safety profit because of the extra scrutiny, this isn’t sufficient:

“Because it prevents you from utilizing a devoted Safe Component, on the finish you find yourself with a much less safe system.”

Guillemet shared that he has a “good relationship personally with individuals at Trezor,” referring to them as “very fascinating guys” — even when the 2 groups’ philosophies are completely different.

Credit score: Source link

Spread the love

Related posts

A trillion-dollar opportunity for the taking


African Gold’s Position Amid the Global COVID-19 Crisis


All Bases Covered From Crypto to Stablecoins


Leave a Comment