Kids created by these wallets are usually not hardened
They’re m/44'|49'|84'/0'/0' for trezor one/T and m/49'|84'/0'/0' for ledger X/S. All subsequent kids aren’t hardened.
If an xpub is leaked for a mnemonic phrase + passphrase, you probably have
any of the youngsters’s personal keys, you’ll be able to compromise the complete
pockets linked to the xpub and all different kids, hardened or
non-hardened BUT the attacker won’t be able to compromise every other
meomonic phrase + paassphrase you will have because it has a distinct xpub, and
in the end totally different kids
That is the reason from bip32: “information of a guardian prolonged public key plus any non-hardened personal key descending from it’s equal to realizing the guardian prolonged personal key (and thus each personal and public key descending from it). Which means that prolonged public keys have to be handled extra fastidiously than common public keys.”
I wish to know the way it’s even attainable to leak a childs personal key on
a trezor or a ledger as not one of the outputs are in a position to leak these
Non-public keys ought to by no means depart {hardware} wallets with none extraordinary trigger. Normally, solely the grasp seed is transferable as a chance from a {hardware} pockets gadget. And there are usually not many causes to take action. If an attacker is ready to backdoor your gadget and steal keys, the actual fact of sharing xpubs can be irrelevant.
