What hierarchical deterministic derivation path is used for FIDO authentication on a Ledger Nano S?

Question

What hierarchical deterministic derivation path is used for FIDO authentication on a Ledger Nano S? Does it ask for a different key each time or is it always the same key?

If I connect to Google for 2FA can it ask for proof of whatever key path they desire or does it have to be a particular key?

I'm wondering how much privacy I lose if I use a Ledger Nano S that is not exclusively for a particular accounts 2FA. E.g. What happens if I use it for multiple Google accounts, other companies, or have crypto currency. Could Google discover a Bitcoin balance if the same Ledger is used for 2FA?

score 1 · Answer 1 · edited Jun 04 '23 at 13:21

1

On Ledger the derivation path appears to be 0x80553246:

https://github.com/LedgerHQ/app-u2f/blob/3204324cb72eb00ad1a1919b5c0312edb3324de6/include/config.h#L22

However since the derivation path is not part of SLIP-44 it might not be compatible with other brands of HW wallets.

edited Jun 04 '23 at 13:21

Murch

71,155
33
180
600

answered Jan 05 '23 at 12:56

Alko

111
2

What hierarchical deterministic derivation path is used for FIDO authentication on a Ledger Nano S?

1 Answers1