Pages:
Author

Topic: [ANNOUNCE] Electrum - Lightweight Bitcoin Client - page 94. (Read 274562 times)

sr. member
Activity: 252
Merit: 250
Great! I'll test when I'll have some free time and put up a public server online.
legendary
Activity: 1896
Merit: 1353
I am not sure if there is a difference between what you describe and how it currently works.
if you configure your client to use port number 80 or 443, it will use http (res. https) to connect to the server.

My python is a little rusty, but I was under the impression that the Electrum server doesn't encrypt connections (or at least it's not clear from the code), not even on port 443. I didn't have time to test, but I am planning on rolling a public Electrum server on btcnode.novit.ro (it's a bitcoin fallback node) so I will follow the developments closely...

oh, you are right, I should use httplib.HTTPSConnection if the port is 443.
I previously used urllib2 instead of httplib, and with that library it was not necessary to make a distinction. I guess I forgot then.
I just fixed that: https://gitorious.org/electrum/electrum/commit/77a198e810ffec89d5bcb23583f1a0593247ffe8
sr. member
Activity: 252
Merit: 250
I am not sure if there is a difference between what you describe and how it currently works.
if you configure your client to use port number 80 or 443, it will use http (res. https) to connect to the server.

My python is a little rusty, but I was under the impression that the Electrum server doesn't encrypt connections (or at least it's not clear from the code), not even on port 443. I didn't have time to test, but I am planning on rolling a public Electrum server on btcnode.novit.ro (it's a bitcoin fallback node) so I will follow the developments closely...
legendary
Activity: 1896
Merit: 1353
I don't like the client-server solution though. There's a big privacy issue there. The server knows all your addresses and transactions.

this is only due to the fact that there is currently only one server available.

In the future I can imagine that there will be several servers running. When that happens, it will be possible for a paranoid client to connect to several servers, and to disclose only a subset of his addresses to each of them.

legendary
Activity: 1896
Merit: 1353
Yes. But only connecting to trusted Electrum servers over plain text http seems to be a requirement for this system work as a default position no? Or is there some way that a client can figure out if the server (or interceptors) is not just spoofing an Electrum server for nefarious purposes?

Wouldn't this be solved by using electrum.php on a regular https server? You can then have the https server available through tor or directly and the only unencrypted connection will be locally between electrum.php and the Electrum server.

Of course, I do aggree that all connections to the Electrum server should be mandatory encrypted.

I am not sure if there is a difference between what you describe and how it currently works.
if you configure your client to use port number 80 or 443, it will use http (res. https) to connect to the server.


sr. member
Activity: 252
Merit: 250
Yes. But only connecting to trusted Electrum servers over plain text http seems to be a requirement for this system work as a default position no? Or is there some way that a client can figure out if the server (or interceptors) is not just spoofing an Electrum server for nefarious purposes?

Wouldn't this be solved by using electrum.php on a regular https server? You can then have the https server available through tor or directly and the only unencrypted connection will be locally between electrum.php and the Electrum server.

Of course, I do aggree that all connections to the Electrum server should be mandatory encrypted.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
Any plans to make that a https connection to a server for added privacy possibility (man listening in the middle)? I suppose connecting to a electrum server across tor would work just as well against that anyway.

Only if you're talking about a server which is a tor hidden service. Connections to hidden services are encrypted and authenticated, end-to-end. If only the client is using tor to connect to a normal server (public IP), then it's much worse, you must use ssl in this case, as otherwise the exit-node can do pretty much what he wants.

So, if the current client does not support ssl connections, do not put it behind Tor, unless you're accessing a hidden server.

Yes. But only connecting to trusted Electrum servers over plain text http seems to be a requirement for this system work as a default position no? Or is there some way that a client can figure out if the server (or interceptors) is not just spoofing an Electrum server for nefarious purposes?

A client behind tor to a trusted server removes traceability of transacting BTC addresses to originating wallet IP, since they could have come from anywhere on the tor network. An end-to-end ssl connection is obviously better but allows the server to know the IP of the transacting wallet addresses.

The ultimate would be a federation of trusted Electrum tor hidden servers, I agree. No way for server (or interceptors) to link transacting Electrum client wallet BTC addresses with originating IPs. (Of course there are many other ways to do this besides, drive-by public wifi, etc)
full member
Activity: 196
Merit: 100

1) installed python-2.7.2.msi
2) installed pygtk-all-in-one-2.24.0.win32-py2.7.msi
3) installed pycrypto-2.3.win32-py2.7.msi
4) clicked Electrum-0.26b-build1.exe

There are two ways to run electrum:
1) run Electrum-xx-build.exe
2) Install python, install pygtk-all-in-one, install pycrypto, install python-ecdsa (!!), extract electrum.tar.gz and run client\electrum.py

There are some glitches with PyInstaller, it didn't work on my VirtualBox XP either. So I went the second way...

P.S.: If you use only gui in windows, you can rename electrum.py to electrum.pyw, this should prevent command box from appearing.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
Funny, that. The binary I posted actually should be without any dependencies! So you didn't need to install python, or pygtk, or pycrypto.

What's also funny, is that your error messages refer to the install directory of pyinstaller on my system.

I'm not sure what's going on...
member
Activity: 62
Merit: 10
I am no programmer. Just plain windooze (XP) user.

I did my best, according the guide http://ecdsa.org/electrum/ :
1) installed python-2.7.2.msi
2) installed pygtk-all-in-one-2.24.0.win32-py2.7.msi
3) installed pycrypto-2.3.win32-py2.7.msi
4) clicked Electrum-0.26b-build1.exe

-> nothing happens (smth flashed through command prompt).

To see error messages I run Electrum-0.26b-build1.exe through command prompt.

It gives me error messages:



I have to admit, I cannot do any more.
Unless someone compiles windows executable (without any dependancies), a hole lot of people just gives up on Electrum.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
legendary
Activity: 1896
Merit: 1353
https://bitcointalksearch.org/topic/m.621071

Does electrum auto-correct BTC addresses?

indeed, there was a bug in the address verification.
I just released version 0.26b that fixes this problem.
legendary
Activity: 882
Merit: 1001
https://bitcointalksearch.org/topic/m.621071

Does electrum auto-correct BTC addresses?
legendary
Activity: 1896
Merit: 1353
ok, I just released version 0.26

Changelog:
 * https connections are now supported ( port 443 )
 * new 'sendtx' command to broadcast a raw transaction to the network.
 * a command-line help is available for each command
 * the server listens to #electrum on irc in order to discover peers
 * server statistics here: http://ecdsa.org/electrum.php
legendary
Activity: 882
Merit: 1001
ok, thanks to RylandAlmanza for reporting that bug.
I just released version 0.25, where it should be fixed.
Changelog:
 * client asks for a new session after creating a change address
 * command-line options (will document them later)
Nice work! Smiley
legendary
Activity: 1896
Merit: 1353
Thanks for the new binary.
In version 0.25, I added a few options to the text mode interface.

 -d : use a different directory for your wallet. Example:
Code:
pyton electrum.py -d /opt/my_wallet_dir

options to be used with the 'addresses' command:
 -k : display private keys
 -a : display all addresses, including change addresses
 -b : display the balance at addresses

Example:
Code:
python electrum.py addresses -ak
will display all your addresses and private keys
(in base58, so you can then import them in another client)

 -f  (option to be used with the 'sendto' or 'mktx' commands)
set the miner fee for the transaction
Example:
Code:
sendto -f 0 19mP9FKrXqL46Si58pHdhGKow88SUPy1V8 0.1
Note: mktx dumps the transaction in hexadecimal form but does not send the transactino to the network
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
hero member
Activity: 630
Merit: 500
Any plans to make that a https connection to a server for added privacy possibility (man listening in the middle)? I suppose connecting to a electrum server across tor would work just as well against that anyway.

Only if you're talking about a server which is a tor hidden service. Connections to hidden services are encrypted and authenticated, end-to-end. If only the client is using tor to connect to a normal server (public IP), then it's much worse, you must use ssl in this case, as otherwise the exit-node can do pretty much what he wants.

So, if the current client does not support ssl connections, do not put it behind Tor, unless you're accessing a hidden server.
hero member
Activity: 630
Merit: 500
Deterministic wallet is great! Every client should at least have the option, if it is truly safe. Not having to back up your wallet all the time is a good thing.

I don't like the client-server solution though. There's a big privacy issue there. The server knows all your addresses and transactions. And if there's no https, it might be even worse. I would only use such client-server solution if I'm running the server myself, but then, better to run a lightweight client like BitcoinJ.
If setting up a server becomes easy this might be a good thing for families or roommates who trust each other, and want to use bitcoin on the same home network. It could save them some bandwidth.

Congratulations for your client, Thomas!
legendary
Activity: 1896
Merit: 1353
ok, thanks to RylandAlmanza for reporting that bug.
I just released version 0.25, where it should be fixed.
Changelog:
 * client asks for a new session after creating a change address
 * command-line options (will document them later)
Pages:
Jump to: