Pages:
Author

Topic: [ANNOUNCE] Electrum - Lightweight Bitcoin Client - page 64. (Read 274562 times)

hero member
Activity: 784
Merit: 1010
Bitcoin Mayor of Las Vegas
I am saying it is not safe to use a sentence from a book as your seed. Do not do that. Never.


Except in Hollywood movies. This is what future blockbuster Bitcoin movies will be about. I still see it as somewhat useful because there are things you can do to the phrases to break the attack model (nuff said).
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
So you just saying google predicted how many estimated titles their are? I can throw out a big number too (sarcasum)

So then the average user probubly have nothing to worry about as not many people to my knowledge have access to search against the google book database with bitcoin seeds and i doubt those who have the entire google book database will only attack those wallets with high amounts of value in it(which if this is the case i doubt someone/entity would use a sentence from a book and would instead use a randomly generated password that is like a million characters in length)

I am saying it is not safe to use a sentence from a book as your seed. Do not do that. Never.

Anyone can access a digitized library, loop over all sentences, derive Bitcoin addresses from them, and check them against the Bitcoin database. It does not take a vast amount of resources, and time is on the side of the attacker. There is already an instance of Bitcoins that have been stolen because someone created an address derived from a short phrase (it was something like 'fuckyou' iirc). It only a matter of time until someone uses a large book database to feed their search algorithm.

And, no, I was not throwing a big number. 130 million books is ridiculously small in terms of search. If we assume that each book contains on average 10000 sentences (a very generous estimate), we get around 10^15 sentences to test. In contrast, a random seed with 128 bits of entropy yield 3.4x10^38 combinations. Do you understand the difference between those numbers?

Do not trust people who tell you that you can safely derive the seed yourself. Train your memory and learn a purely random seed.


Ah i see high rate of probability of figuring out the seed now with the formula you presented.
I guess it really isn't a good idea, but to be fair 'fuckyou' is more like a dictionary attack or a commonly used password then a complete sentence out of a book.

Regardless of my perspective/opinions,
Thank you again for your insight.
legendary
Activity: 1896
Merit: 1353
So you just saying google predicted how many estimated titles their are? I can throw out a big number too (sarcasum)

So then the average user probubly have nothing to worry about as not many people to my knowledge have access to search against the google book database with bitcoin seeds and i doubt those who have the entire google book database will only attack those wallets with high amounts of value in it(which if this is the case i doubt someone/entity would use a sentence from a book and would instead use a randomly generated password that is like a million characters in length)

I am saying it is not safe to use a sentence from a book as your seed. Do not do that. Never.

Anyone can access a digitized library, loop over all sentences, derive Bitcoin addresses from them, and check them against the Bitcoin database. It does not take a vast amount of resources, and time is on the side of the attacker. There is already an instance of Bitcoins that have been stolen because someone created an address derived from a short phrase (it was something like 'fuckyou' iirc). It only a matter of time until someone uses a large book database to feed their search algorithm.

And, no, I was not throwing a big number. 130 million books is ridiculously small in terms of search. If we assume that each book contains on average 10000 sentences (a very generous estimate), we get around 10^15 sentences to test. In contrast, a random seed with 128 bits of entropy yield 3.4x10^38 combinations. Do you understand the difference between those numbers?

Do not trust people who tell you that you can safely derive the seed yourself. Train your memory and learn a purely random seed.
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Not sure if it was discussed here or not,
but I think the easiest way to memorize your seed is to:

1) Pick up your favorite book
2) Remember the page number
3) Remember the number of the sentence from the top of the page
4) Compute md5 of that sentence and you got your seed!!!

So it comes down to remembering just two numbers and your favorite book instead of twelve random words.


this is not safe. An attacker can (and will) try all the sentences of the known litterature.

That could be why is mentioned picking up your favorite book making the literature unknown(unless the attacker was there when you picked up the book to type in your sentence)

http://www.geek.com/articles/news/google-books-calculates-the-total-number-of-books-ever-written-at-almost-130-million-2010086/

So you just saying google predicted how many estimated titles their are? I can throw out a big number too (sarcasum)

So then the average user probubly have nothing to worry about as not many people to my knowledge have access to search against the google book database with bitcoin seeds and i doubt those who have the entire google book database will only attack those wallets with high amounts of value in it(which if this is the case i doubt someone/entity would use a sentence from a book and would instead use a randomly generated password that is like a million characters in length)
legendary
Activity: 1896
Merit: 1353
Not sure if it was discussed here or not,
but I think the easiest way to memorize your seed is to:

1) Pick up your favorite book
2) Remember the page number
3) Remember the number of the sentence from the top of the page
4) Compute md5 of that sentence and you got your seed!!!

So it comes down to remembering just two numbers and your favorite book instead of twelve random words.


this is not safe. An attacker can (and will) try all the sentences of the known litterature.

That could be why is mentioned picking up your favorite book making the literature unknown(unless the attacker was there when you picked up the book to type in your sentence)

http://www.geek.com/articles/news/google-books-calculates-the-total-number-of-books-ever-written-at-almost-130-million-2010086/
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Not sure if it was discussed here or not,
but I think the easiest way to memorize your seed is to:

1) Pick up your favorite book
2) Remember the page number
3) Remember the number of the sentence from the top of the page
4) Compute md5 of that sentence and you got your seed!!!

So it comes down to remembering just two numbers and your favorite book instead of twelve random words.


this is not safe. An attacker can (and will) try all the sentences of the known litterature.

That could be why is mentioned picking up your favorite book making the literature unknown(unless the attacker was there when you picked up the book to type in your sentence)
legendary
Activity: 1896
Merit: 1353
Not sure if it was discussed here or not,
but I think the easiest way to memorize your seed is to:

1) Pick up your favorite book
2) Remember the page number
3) Remember the number of the sentence from the top of the page
4) Compute md5 of that sentence and you got your seed!!!

So it comes down to remembering just two numbers and your favorite book instead of twelve random words.


this is not safe. An attacker can (and will) try all the sentences of the known litterature.
donator
Activity: 2772
Merit: 1019
For "balance", in this context you can say "Umsätze", thats the common term.
For "freeze" you could say "lock" = "sperren".
"Unlock" = "freischalten" (1) or "entsperren" (2).

 "Quellschlüssel" (source key) could be used for "seed".

"balance" is more like "Saldo" than Umsätze, right?

"Quellenschlüssel"... hmm, hmmm. "seed" ist auf jeden fall ne harte Nuss. Könnte man wohl auch unübersetzt lassen. Wie wärs mit "Grundschlüssel" oder "Basisschlüssel", vielleicht auch ganz salopp: "Basiszahl"?
hero member
Activity: 784
Merit: 1010
Bitcoin Mayor of Las Vegas
1) Pick up your favorite book
2) Remember the page number
3) Remember the number of the sentence from the top of the page
4) Compute md5 of that sentence and you got your seed!!!

So it comes down to remembering just two numbers and your favorite book instead of twelve random words.

seems to suggest that "restore" command requires network connection while "create" doesn't.


Say WAAAAAAAAT? That is some hotness right there... Will play with this tonight!

Also, use the -o option if you are offline with pretty much any command option or you'll get a (process) hang of death. In my experience anyway.
hero member
Activity: 496
Merit: 500
Not sure if it was discussed here or not,
but I think the easiest way to memorize your seed is to:

1) Pick up your favorite book
2) Remember the page number
3) Remember the number of the sentence from the top of the page
4) Compute md5 of that sentence and you got your seed!!!

So it comes down to remembering just two numbers and your favorite book instead of twelve random words.

I've just discovered Electrum for myself and I think it's awesome!!!
I'm gonna test offline transactions tomorrow.

Also this wiki page: https://en.bitcoin.it/wiki/Electrum
seems to suggest that "restore" command requires network connection while "create" doesn't.
They both seem identical to me with respect to network connection as one command generates random seed and another one takes it from the user. Both commands shouldn't require network connection IMHO.
legendary
Activity: 1896
Merit: 1353
I just released version 0.53

Changes:

- internationalisation.
Messages have been translated in 4 languages:
si :46/70
de :37/70
fr :45/70
vn :62/70
note: if you use the version from the git repo, run mki18n.py to generate the .mo files.

- The import of modules has changed a bit. It is now possible to run 'electrum' without having run the install script; this should make it easier for users trying to use Electrum on other platforms than Linux

- improved error messages
legendary
Activity: 1896
Merit: 1353
Trying to import some keys from an old wallet and all I get is "error". It is very likely it's just a duplicate key, but is there anyway to increase the debugging information?
yes, I just changed that
hero member
Activity: 784
Merit: 1010
Bitcoin Mayor of Las Vegas
Trying to import some keys from an old wallet and all I get is "error". It is very likely it's just a duplicate key, but is there anyway to increase the debugging information?
legendary
Activity: 1896
Merit: 1353
Just curious, what's keeping this from working on a Mac?

I think you just need to have the right libraries installed. I run a Mac and after I installed the requisite libraries with macports, everything runs just fine. (I just installed the libraries listed as required for linux)

Nice, perhaps the homepage could mention Mac support then?

not as long as there is no easy to install solution for mac users
legendary
Activity: 1092
Merit: 1016
760930
Just curious, what's keeping this from working on a Mac?

I think you just need to have the right libraries installed. I run a Mac and after I installed the requisite libraries with macports, everything runs just fine. (I just installed the libraries listed as required for linux)

Nice, perhaps the homepage could mention Mac support then?
jr. member
Activity: 53
Merit: 2
Just curious, what's keeping this from working on a Mac?

I think you just need to have the right libraries installed. I run a Mac and after I installed the requisite libraries with macports, everything runs just fine. (I just installed the libraries listed as required for linux)
legendary
Activity: 1092
Merit: 1016
760930
Indeed better forget about setup.py on windows, at least for now. What happens when you run electrum manually, by typing "Python electrum" at the cmd prompt?
legendary
Activity: 1896
Merit: 1353
I'm having trouble running Electrum on Windows -- anyone care to give some tips?

What I did:

-Installed Python 2.7
-Installed PyQt-Py2.7-x64-gpl-4.9.1-1
-Ran setup.py build. Seemed successful.
-Ran setup.py install. Got:

oh, the setup.py script has been designed for Linux;
there is probably a way to adapt it for Windows, but I do not know how to do that
full member
Activity: 237
Merit: 100
I'm having trouble running Electrum on Windows -- anyone care to give some tips?

What I did:

-Installed Python 2.7
-Installed PyQt-Py2.7-x64-gpl-4.9.1-1
-Ran setup.py build. Seemed successful.
-Ran setup.py install. Got:

Code:
C:\Python27\lib\distutils\dist.py:267: UserWarning: Unknown distribution option:
 'install_requires'
  warnings.warn(msg)
running install
running build
running build_py
running build_scripts
running install_lib
running install_scripts
running install_data
Traceback (most recent call last):
  File "C:\Users\Lumpy\Desktop\Electrum-0.52\Electrum-0.52\setup.py", line 42,
 in
    long_description = """Lightweight Bitcoin Wallet"""
  File "C:\Python27\lib\distutils\core.py", line 152, in setup
    dist.run_commands()
  File "C:\Python27\lib\distutils\dist.py", line 953, in run_commands
    self.run_command(cmd)
  File "C:\Python27\lib\distutils\dist.py", line 972, in run_command
    cmd_obj.run()
  File "C:\Python27\lib\distutils\command\install.py", line 575, in run
    self.run_command(cmd_name)
  File "C:\Python27\lib\distutils\cmd.py", line 326, in run_command
    self.distribution.run_command(command)
  File "C:\Python27\lib\distutils\dist.py", line 972, in run_command
    cmd_obj.run()
  File "C:\Python27\lib\distutils\command\install_data.py", line 58, in run
    dir = convert_path(f[0])
  File "C:\Python27\lib\distutils\util.py", line 204, in convert_path
    raise ValueError, "path '%s' cannot be absolute" % pathname
ValueError: path '/usr/share/applications/' cannot be absolute

I've tried the flatfly executables but they don't seem to work with command line options...
Figured out the SHIFT trick with the flatfly executables but I would still love to know what I'm doing wrong.
legendary
Activity: 1896
Merit: 1353
Saw this featured hinted at in another thread...

How, exactly, does electrum monitor off-line address balances?

use 'deseed' if you want to watch an offline wallet
if you want to monitor a random address, there's a script named watch_address
Pages:
Jump to: