I fully share MoonShadow's concern, even though I am also not a crypto-expert.
But as long as there is no mathematical proof that such attack is impossible, I do not feel entirely comfortable with deterministic keys, and honestly I would not put the majority of my Bitcoin savings to deterministic keys. Another concern about deterministic keys, by the way, is raised
here. Personally, I think you cannot be paranoid enough about this.
But at the same time I would not be too paranoid about using deterministic keys for my daily business (just like I do carry around my pocket wallet every day, taking the risk of loosing it, which would cost me a few 10s or 100s of EUROs, but I would not loose my life time savings).
Fortunately, Electrum supports the feature of importing keys (b.t.w. - is it supported by the GUI already?)
So, to be on the safe side, I would do the following:
- Generate some keys with the Bitcoin.org client and extract the keys, and then
- Import them to my Electrum client
Now I would use both kinds of keys - imported keys and "deterministic Electrum keys generated from seed" - in the same wallet.
Since Electrum has a nice GUI with the "flag" column, I can easily see which keys are my (potentially safer) imported keys, and how many funds are currently residing on my (potentially unsafer) deterministic keys.
I would make sure that the vast majority of my savings is always on my imported keys!
For normal transactions in daily life, I would use the deterministic keys for convenience.
This way, I have my keys and my security under control, while still enjoying the comfort of not having the need for regular backups - a one-time-backup (of seed and imported keys) is all I need.
From this practice, one could even derive a new Electrum client feature request:
The possibility to let the client do the job in the background that always at least [90%] (user configurable value) of my wallet's balance are associated to the imported keys! And maybe further more, there could be the feature that if I have e.g. 10 imported "savings" keys, that Electrum makes sure by background control that the savings on my imported keys are evenly distributed between them, e.g. by specifying that one single key (amongst the [10] imported keys) is not allowed to carry more than [20%] (=2*1/[10] in this example) of the total amount of imported key savings (again, the "2" could be a user configurable parameter).
Whenever there is a transaction for my wallet (i.e. I send or receive bitcoins), Electrum would check in background whether the conditions described above are still met. If not, the client would autonomously calculate what transaction(s) it has to trigger from one wallet address to another, such that the condition is met again. Then, there could be a pop-up window informing the user about this extra "internal" transaction, and by confirming with "ok" button the user allows the client to perform this transaction to keep his wallet "in good shape".
One could argue that this increased amount of "wallet internal transactions" would sacrifice anonymity to some extend (that's why the original BTC client always generates new changes addresses upon each BTC transmission etc.), but I would accept that if it improved the safety of my savings.
BTW: Another thing: GUI support for offline wallets (like in
Armory) would be really nice, it would make the use of safe offline-wallets much more comfortable for the average user.