Pages:
Author

Topic: Can electrum cold storage be attacked through transactions? - page 2. (Read 370 times)

newbie
Activity: 11
Merit: 2
Side channels through the analysis of time delays and CPU spikes when signing could present an issue if someone with plenty of resources is really really interested in your coins.

what do you mean with that? Can any relevant information be obtained through how the transaction was signed?


Could you tell me some way to make my system stronger?

I am simply curious to know how people with more experiences do it, I am not a very specialized person in the technical field but I try to learn everything I can

thanks so much
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Side channels through the analysis of time delays and CPU spikes when signing could present an issue if someone with plenty of resources is really really interested in your coins.

The main vulnerability would lie with how Electrum is designed, might somehow generate weak keys. It's a possibility but you bet that's one of the few areas (address generation process) we look at when inspecting the code. Besides with RFC6979, you don't have to worry about address reuse. And this could happen with hardware wallets with a faulty firmware as well.

Aside from the lack of physical protection, I think it's a decent set up for a moderate amount of coins. I have a similar set up to yours and I've felt pretty safe with it.
newbie
Activity: 11
Merit: 2
I may sound a bit paranoid, but I ask the following:

I have a pc without a network card
does not have usb
it will never be connected to the internet
run a live version of linux with electrum 3.3.8 loaded and its signatures verified
I use it with cold signatures through QR codes

Let's imagine that I create a transaction from the online version of electrum on my usual PC.
I bring it to my pc offline through a qr code and sign the transaction
I go through another qr code back to the online pc and launch it to the bitcoin network verifying the addresses and amounts in each case.

is there any way to break this system and attack it?

I also use trezor for another part of my coins but I don't like to put all the eggs in one basket or company

thanks so much
Pages:
Jump to: