Author

Topic: [BUG] My suggestions to improve Electrum and possible bugs detected (Read 1309 times)

hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK

There are two possible scenarios:
 - (1) A generic virus, that does not target a specific wallet, but all wallets at the same time. For example, it can be a virus that changes bitcoin addresses as they are copy pasted in your clipboard. Such a virus is fairly easy to write, and it can target all wallets all the same time. There are reports that such virus do exist today. Another possibility for a generic virus is to modify bitcoin: URIs that are passed from your browser to your wallet.
 - (2) A virus that targets specifically your wallet software, eg Electrum. Such a virus is much more difficult to write, and targets a smaller amount of users. At this point, there is no evidence that such malware exists, but it is theoretically possible.

To protect yourself against (1) is fairly easy, you just need to double check the address that you paste. Unfortunately, lots of users do not do this.
Signed payment requests, as in BIP70, also protect you from that. Note that I am working on making signed payment requests easier to use, allowing users to sign them with a bitcoin key instead of SSL certificate.

To protect you against (2) is more difficult. If you have a hardware wallet with a screen (eg Trezor), then you can check the bitcoin address on the screen.
Another method is to use two-factor authentication with email (we are working on adding this to Electrum), where you receive a confirmation email with the recipient address, amount, and a link to accept the transaction. The advantage of email is that it can display the recipient full name (using BIP70), something harware wallets cannot do.

Alright thanks, I think I`m shielded against those threats for now.

Thanks for the great work so far, if you can look at the minor issues in the OP, they could still be added in a next release of Electrum.

And sorry I was rude earlier. Electrum is really the best wallet now Smiley


I`ll keep testing it and if I find any more issues I`ll let you know in this thread.
legendary
Activity: 1896
Merit: 1353
How does electrum shield agains viruses that change the sending address in the RAM before signing? There have been some viruses that steal bitcoins by changing the output address.

There are two possible scenarios:
 - (1) A generic virus, that does not target a specific wallet, but all wallets at the same time. For example, it can be a virus that changes bitcoin addresses as they are copy pasted in your clipboard. Such a virus is fairly easy to write, and it can target all wallets all the same time. There are reports that such virus do exist today. Another possibility for a generic virus is to modify bitcoin: URIs that are passed from your browser to your wallet.
 - (2) A virus that targets specifically your wallet software, eg Electrum. Such a virus is much more difficult to write, and targets a smaller amount of users. At this point, there is no evidence that such malware exists, but it is theoretically possible.

To protect yourself against (1) is fairly easy, you just need to double check the address that you paste. Unfortunately, lots of users do not do this.
Signed payment requests, as in BIP70, also protect you from that. Note that I am working on making signed payment requests easier to use, allowing users to sign them with a bitcoin key instead of SSL certificate.

To protect you against (2) is more difficult. If you have a hardware wallet with a screen (eg Trezor), then you can check the bitcoin address on the screen.
Another method is to use two-factor authentication with email (we are working on adding this to Electrum), where you receive a confirmation email with the recipient address, amount, and a link to accept the transaction. The advantage of email is that it can display the recipient full name (using BIP70), something harware wallets cannot do.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
....

Alright sorry for my previous inapropriate feedback, I was a bit excited back then.

I downloaded the latest version 2.5.4, and I see quite a few improvements, so the project is going on the good route. Thanks for the great development.

Now I figured that showing the transaction window after the broadcast is done, might be a bug , however its still useful because you can verify the transaction after you sent it.

I like how it shows the transaction before signing, after signing, and after broadcast, so that you can verify the amount and address.


1 quick question though? How does electrum shield agains viruses that change the sending address in the RAM before signing? There have been some viruses that steal bitcoins by changing the output address.

legendary
Activity: 1896
Merit: 1353
Guys electrum is a 3 year old wallet and devs still cant fix basic shit on it, let me list here my problems with electrum:

Thank you for your feedback. We try to make a wallet that is easy to use for both basic and more advanced users.
For that reason, we do not provide all the functionality in the GUI.

Quote
Cant right click and copy the balance of my address nor the description, only the address itself. It's annoying I always have to write down my balance myself: If i got 1.79268367 bitcoin, it have to fking type all digits myself, its really inconvenient.
This is the kind of thing for which I would use the command line.
I would be willing to such a functionality to the GUI, if it does not overload it.

Quote
When I send bitcoins why isn't there an option of "max", so that it fills out that textbox where I put the amount, with the maximum btc available on that address. Since I cannot copy the balance itself, i have to write every digit there, if i want to transfer all the money from 1 address to another
There is one, but it is not visible: you have to type ! in the amount field.
(For the record, Electrum was the first wallet to provide this option)
Electrum will deduct the transaction fee from the total. (if you set the fee to zero, it will just write your total balance)
You can also combine the ! key with 'send from': select several addresses, click 'send from', and type !

I hope this also answers your first point.

Quote
Why doesn't the fee automatically been set to 0.0001 by default, and then I modify that if I have to. Instead it's blank when I have to send, so I have to type it in.
This sentence lacks grammar. I guess you are referring to a bug in the Windows GUI, that should be fixed soon.
Anyway, next version will have an option to use dynamic fees suggested by the server.

Quote
When I send a transaction, I enter password, It gets signed, Then I hit broadcast,Broadcast window closes ,Transaction is sent ,Then broadcast window will be open again if I hit ALT+TAB, fix this bug fast! I HOPE PRIVATE KEY DOESN'T LEAK INTO THE RAM AND STAYS THERE FOR LONG!!!
I am not a Windows user, so I don't really know what Alt-tab does; I did not know it reopens the broadcast window on windows.
In any case, I fail to understand how you relate the apparition of a popup to your private keys being unencrypted.
You might become victim to all sorts of scams if you believe that the security of your private keys is reflected by the presence/absence of windows in your GUI. That's not how computers work.

Quote
When I export history, it should ask for password, it's just basic logic, if my wallet is somewhat anonymized by new change addresses, and such, then why would you let somebody export all my wallet info without password.
Ex: a burglar breaks into my house and gets all my privacy related info, without a password.
Fix this FAST!
This is done in order to protect users against their own stupidity.
See the FAQ for more details.

Quote
When I add a contact, it should show the amount of btc he has on his address, and also it should be copyable , both key and address and balance, as pointed out in point 1.
these are good points.

Quote
For the record I use Windows 7, but i`m sure these issues are persistent on all OS.
you should not use Windows if you are serious about security.

hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK

Let me try and break down your arguments one by one:

-PRIVATE KEY DIRECTLY LINKED TO PC: The private keys on the Trezor aren't linked to the PC at all. When you send a transaction through the Trezor, all it sends to the PC is the signed transaction, which the PC broadcasts. The PC never sees the private keys on the Trezor.

-THE LOGIN WEBSITE LOOKS UNSECURE: Don't use MyTrezor then. There are plenty of alternatives to use instead (Electrum, Mycellium, etc) if users are comfortable with MyTrezor. However, you don't need to trust the MyTrezor site anyway, since all outputs must be verified by the user before a transaction is sent. So if there was malicious code on the MyTrezor website, users would notice before sending a transaction.

-WHEN THE TX INFO IS SENT TO THE DEVICE TO SIGN IT, IT COULD LEAK PRIVATE KEY: Like I mentioned when replying to your first point, the PC never sees the private keys on the Trezor.

Also, the EMP signal point you brought up earlier could affect an air gapped PC as well. When signing a transaction on an offline PC, it's possible that the private key may be broadcast through airwaves, similar to how you think that might occur with a Trezor, so I don't think that's really a valid concern.

Finally, your hardware concern point could be used against cold storage PC's as well. Cold storage depends only on hardware too, so if the hardware used to generate private keys on doesn't have a truly random number generator, then your coins could potentially be at risk as well.

Ah man this is getting very offtopic, but here we go

1) The PC first sends the transaction history to the trezor (without this you cannot sign a valid hash file), then it signs it, then it sends back the hash to the PC. If there is a firmware exploit in the hardware then it can leak the private key when the TX info is sent there with an easy and undetectable swap

2) It constantly downloads updates into the firmware of the trezor, that's what I meant, which is pretty dangerous. It's enough for the network to get hijacked once, and next TX your money leaves your wallet for good

3) Trezor works like a SDD / memorycard type USB 2.0 OR 3.0 stick which uses firmware solid writing into the data, which means that if a malware gets into the firmware it can rewrite it. It might require sophisticated hack skills, but wait until many rich people start using trezor the incentives to theft will be big so its very unsafe

4) You cannot detect passwords by EMP analysis from a PC without a trojan horse inside broadcasting the exact data requested. The static noise is too big impossible to pinpoint data packets that way.
However with trezor there is only 1 operation that is going on on that device so it can be much easier to steal data that way from it. It's not like it comes with a built in jamming device Cheesy
sr. member
Activity: 373
Merit: 252
Ok look here, these are the vulnerabilities of trezor:


-PRIVATE KEY DIRECTLY LINKED TO PC (even if programatically its not retrievable, it might leave EMP signals when it decodes it)
-THE LOGIN WEBSITE LOOKS UNSECURE
-WHEN THE TX INFO IS SENT TO THE DEVICE TO SIGN IT, IT COULD LEAK PRIVATE KEY.

Basically an air gapped PC has double gap between priv key and online pc:   Signed offline, then using QR code to scan the hash from the monitor and broadcast that to online PC. So it's double gapped.

Not to mention HARDWARE can be intercepted and compromized, and since TREZOR only depends on hardware (and hardware cant be open source can't it?), it's significantly higher risk than cold storage.
Let me try and break down your arguments one by one:

-PRIVATE KEY DIRECTLY LINKED TO PC: The private keys on the Trezor aren't linked to the PC at all. When you send a transaction through the Trezor, all it sends to the PC is the signed transaction, which the PC broadcasts. The PC never sees the private keys on the Trezor.

-THE LOGIN WEBSITE LOOKS UNSECURE: Don't use MyTrezor then. There are plenty of alternatives to use instead (Electrum, Mycellium, etc) if users are comfortable with MyTrezor. However, you don't need to trust the MyTrezor site anyway, since all outputs must be verified by the user before a transaction is sent. So if there was malicious code on the MyTrezor website, users would notice before sending a transaction.

-WHEN THE TX INFO IS SENT TO THE DEVICE TO SIGN IT, IT COULD LEAK PRIVATE KEY: Like I mentioned when replying to your first point, the PC never sees the private keys on the Trezor.

Also, the EMP signal point you brought up earlier could affect an air gapped PC as well. When signing a transaction on an offline PC, it's possible that the private key may be broadcast through airwaves, similar to how you think that might occur with a Trezor, so I don't think that's really a valid concern.

Finally, your hardware concern point could be used against cold storage PC's as well. Cold storage depends only on hardware too, so if the hardware used to generate private keys on doesn't have a truly random number generator, then your coins could potentially be at risk as well.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
Ok look here, these are the vulnerabilities of trezor:


-PRIVATE KEY DIRECTLY LINKED TO PC (even if programatically its not retrievable, it might leave EMP signals when it decodes it)
-THE LOGIN WEBSITE LOOKS UNSECURE
-WHEN THE TX INFO IS SENT TO THE DEVICE TO SIGN IT, IT COULD LEAK PRIVATE KEY.

Basically an air gapped PC has double gap between priv key and online pc:   Signed offline, then using QR code to scan the hash from the monitor with phone and broadcast that to online PC. So it's double gapped.

Not to mention HARDWARE can be intercepted and compromized, and since TREZOR only depends on hardware (and hardware cant be open source can't it?), it's significantly higher risk than cold storage.
sr. member
Activity: 373
Merit: 252
This is a bit offtopic but i`ll respond.

First of all bitaddress.org i dont know what RNG they use but i heard that it sucks. Secondly there are cryptographic pseurodrandom number generators that will generate CRNG numbers, even if the seed is generated with a compromized generator, but the individual number is not known.

So basically if I got a compromized RNG, and i generate this 2903428905890289035801902902903529038172890318341093980189201890 (secret but flawed) number, then running a CRNG algo on it, could generate a perfectly secure K variable, to send transaction from my address.

Besides if I`d have 100 BTC offline I`d use the address once, so no leak will happen there.

So it is safer than trezor!
I haven't heard that Bitaddress uses a poor random number generator before. I know that in the past year and a half or so they've implemented a feature that allows user input to increase the randomness of the seed, which is definitely a nice feature. I'm not sure how you're showing that a cold storage wallet is safer than a Trezor in your post either. Trezors (try to) only use addresses once, obviously this can be overridden by the user but the Trezor takes advantage of change addresses with every transaction made.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
trezor signs the transaction, and sends the signed tx back to your computer


you broadcast it.



using an airgapped computer means you are putting a lot of faith into the rng. Trezor allows you to select your own pin & passphrase on top of the 256bit private key.

saying that you wouldnt trust more than 10 btc into trezor, but believe that airgapping a computer solely for wallet generation of btc over 10 is laughable. I mean, do you seriously believe that an offline version of bitaddress.org is safer than trezor?

This is a bit offtopic but i`ll respond.

First of all bitaddress.org i dont know what RNG they use but i heard that it sucks. Secondly there are cryptographic pseurodrandom number generators that will generate CRNG numbers, even if the seed is generated with a compromized generator, but the individual number is not known.

So basically if I got a compromized RNG, and i generate this 2903428905890289035801902902903529038172890318341093980189201890 (secret but flawed) number, then running a CRNG algo on it, could generate a perfectly secure K variable, to send transaction from my address.

Besides if I`d have 100 BTC offline I`d use the address once, so no leak will happen there.

So it is safer than trezor!
newbie
Activity: 11
Merit: 0
trezor signs the transaction, and sends the signed tx back to your computer


you broadcast it.



using an airgapped computer means you are putting a lot of faith into the rng. Trezor allows you to select your own pin & passphrase on top of the 256bit private key.

saying that you wouldnt trust more than 10 btc into trezor, but believe that airgapping a computer solely for wallet generation of btc over 10 is laughable. I mean, do you seriously believe that an offline version of bitaddress.org is safer than trezor?
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
Who knows if the private key is not leaking, since normally the private key would only be decrypted until it's signed, and then quickly ereased from RAM.

But with this bug i`m not sure if the private key is not leaking for more time than that.

THIS MIGHT BE A FATAL FLAW, SO DEVS PLEASE CHECK THE BROADCAST BUG ASAP!

Can anybody confirm or deny this, i`m a bit (very) concerned about this flaw!

Unless you permanently airgap a computer that was built specifically for wallet generation.... how exactly is cold storage safer than trezor?

Those are the exact same thing.

(Or did you thought that cold storage meant that I keep my bitcoins in the fridge Cheesy ?)
newbie
Activity: 11
Merit: 0
Unless you permanently airgap a computer that was built specifically for wallet generation, and nothing else, how exactly is cold storage safer than trezor? And unless you are a programmer who can inspect code, how can you trust any of the wallet generators that do not use bip32/39/44 like trezor or a MS wallet like copay?

trezor is superior to printing paper wallets.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
Want protection? Get a Trezor to use with Electrum. That is all the protection you need.  Cheesy

I dont think Trezor is secure, it's convenient, and it gives "high" security but not "very high" security, but i would not store more than 10 btc with it.

Its the equivalent of a debit card, you dont want your card have access to 1 million $.

For sums bigger than 10 btc, you definitely want cold storage only. I`m not sure if electrum is safe enough yet, since these bugs make me have less trust in it.

Especially the one where your broadcast window opens again after you sent the transaction already. Who knows if the private key is not leaking, since normally the private key would only be decrypted until it's signed, and then quickly ereased from RAM.

But with this bug i`m not sure if the private key is not leaking for more time than that.

THIS MIGHT BE A FATAL FLAW, SO DEVS PLEASE CHECK THE BROADCAST BUG ASAP!
sr. member
Activity: 336
Merit: 251
Want protection? Get a Trezor to use with Electrum. That is all the protection you need.  Cheesy

I have a Trezor and I do use it with Electrum. All my transactions are however still open and visible to anybody who opens Electrum.

Guess I should have said Privacy and not Security.
legendary
Activity: 1246
Merit: 1024
Want protection? Get a Trezor to use with Electrum. That is all the protection you need.  Cheesy
sr. member
Activity: 336
Merit: 251
Herewith some issues I've picked up...

1) Accounts

Tried creating more than two accounts and was unable to do so. Created two, funded both and tried to create a third but nothing happens, it asks for the name of the account and when you click OK nothing happens.

2) Account labels

Account labels do not work. You can change account 1 but the moment you change another it reverts the change you did just before that. When you close Electrum all changes are lost. This was broken in the version before 2.3.2, in 2.3.2 and seems like 2.4 still have the same issue.

3) Contacts

After entering a contact it jumps back to the Address tab instead of staying on the Contacts tab. Not a big issue but very annoying when you enter all your contacts the first time.

4) Security

As mentioned in earlier post, it would be nice if Electrum has some (optional) access protection, even if only a basic pin code. It does not have to be a Fort knox type solution but enough to keep prying eyes at bay when the pc is unattended.

5) Documentation

The documentation needs a serious update. Its all fine and well for technically minded people but for those who make use of a wallet for the first time it will be a nightmare as the documentation is not 100% up to date and it also does not cover all aspects of Electrum.


Not much else to say other than the above except that Electrum is my favourite wallet.




sr. member
Activity: 336
Merit: 251
Quote
When I send bitcoins why isn't there an option of "max", so that it fills out that textbox where I put the amount, with the maximum btc available on that address. Since I cannot copy the balance itself, i have to write every digit there, if i want to transfer all the money from 1 address to another

Just type ! in the Amount field, it will enter the max you can send

Quote
Why doesn't the fee automatically been set to 0.0001 by default, and then I modify that if I have to. Instead it's blank when I have to send, so I have to type it in.

There is a setting in the preferences that you can set so Electrum automatically calculate the fee for you which will be entered in the fee field.

Quote
When I export history, it should ask for password, it's just basic logic, if my wallet is somewhat anonymized by new change addresses, and such, then why would you let somebody export all my wallet info without password.

Have to agree on this, would like to see a basic pin or password to protect access to Electrum as a whole.

I have some issues which I'll post here a little later.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
Electrum is a 3 year old wallet and there are still numerous problems that need to be worked on it, let me list here my problems with electrum:

  • Cant right click and copy the balance of my address nor the description, only the address itself. It's annoying I always have to write down my balance myself: If i got 1.79268367 bitcoin, it have to fking type all digits myself, its really inconvenient.
  • When I send bitcoins why isn't there an option of "max", so that it fills out that textbox where I put the amount, with the maximum btc available on that address. Since I cannot copy the balance itself, i have to write every digit there, if i want to transfer all the money from 1 address to another
  • Why doesn't the fee automatically been set to 0.0001 by default, and then I modify that if I have to. Instead it's blank when I have to send, so I have to type it in.
  • When I send a transaction, I enter password, It gets signed, Then I hit broadcast,Broadcast window closes ,Transaction is sent ,Then broadcast window will be open again if I hit ALT+TAB, fix this bug fast!
  • When I export history, it should ask for password, it's just basic logic, if my wallet is somewhat anonymized by new change addresses, and such, then why would you let somebody export all my wallet info without password.
    Ex: a burglar breaks into my house and gets all my privacy related info, without a password.
  • When I add a contact, it should show the amount of btc he has on his address, and also it should be copyable , both key and address and balance, as pointed out in point 1.

For the record I use Windows 7, but i`m sure these issues are persistent on all OS.

C`mon these are just basic things every wallet has, fix these issues, otherwise electrum looks like an amateur project. Make it look more professional, so that more people can use it. I`m not asking for much, no fancy buttons or design is needed (yet), but just fix basic bugs and inconveniences.
Jump to: