Author

Topic: Compromised seed ? (Read 641 times)

sr. member
Activity: 282
Merit: 250
May 01, 2017, 04:03:09 AM
#9
Thank you, you're right... I understand that the safest way is to re-initialize my hardware wallet and send the coins to it again (even is the risk is very limited)Smiley
legendary
Activity: 1736
Merit: 1023
April 30, 2017, 11:46:39 PM
#8
Most hardware wallets also have the option to create new accounts using a passphrase. The passphrase acts as an extra word for the seed. This is an interesting option as the addresses for the passphrase protected accounts can not be generated from the seed alone. In theory if you can remember a passphrase (and trust your memory) you can leave the seed in the open.

That doesn't seem like the best option to me. And if an attacker new that you used that method, it wouldn't be that hard to brute force an extra word on the seed.
legendary
Activity: 1806
Merit: 1164
April 30, 2017, 06:52:29 PM
#7
Most hardware wallets also have the option to create new accounts using a passphrase. The passphrase acts as an extra word for the seed. This is an interesting option as the addresses for the passphrase protected accounts can not be generated from the seed alone. In theory if you can remember a passphrase (and trust your memory) you can leave the seed in the open.
legendary
Activity: 1736
Merit: 1023
April 30, 2017, 06:28:56 PM
#6
The answer depends upon your level of paranoia.  Personally, if I ever had my SEED from a hardware wallet online I would re-initialize my hardware wallet, which creates a new wallet.  Then send my coins to the new hardware wallet.  NEVER place the hardware wallet SEED anywhere on ANY computer - not ever.  The advantage of a hardware wallet is that NO computer will ever see the SEED at any time, not even an offline computer.  I understand what you did perfectly.  When I started using my Trezors I too wanted to be certain that I could do a full restore without a Trezor present.  I was using Electrum and restored everything without any hitches.  The recovery is simple in fact, for anyone reading along here.  After confirming the process for myself on a small insignificant wallet amount, I then re-initialized my Trezors offline.  Never again will any SEED for one of my Trezors ever be placed on any computer.  Unless of course I need a restore without a Trezor.  This is my opinion.  Why would you use a hardware wallet with coins on it that has had the SEED on even a computer where you suspect its totally clean.  To me it defeats the one super big advantage of NO SEED EVER on a computer.  My .02!

I agree with the above. A hardware wallet's benefit is that the seed only remains on the hardware device and not on any PCs. By restoring the seed into Electrum, this is no longer true. Your best bet would be to create a new seed on the hardware wallet and send the coins to the new one to ensure the seed only remains on the hardware device.
hero member
Activity: 761
Merit: 606
April 30, 2017, 05:11:47 PM
#5
The answer depends upon your level of paranoia.  Personally, if I ever had my SEED from a hardware wallet online I would re-initialize my hardware wallet, which creates a new wallet.  Then send my coins to the new hardware wallet.  NEVER place the hardware wallet SEED anywhere on ANY computer - not ever.  The advantage of a hardware wallet is that NO computer will ever see the SEED at any time, not even an offline computer.  I understand what you did perfectly.  When I started using my Trezors I too wanted to be certain that I could do a full restore without a Trezor present.  I was using Electrum and restored everything without any hitches.  The recovery is simple in fact, for anyone reading along here.  After confirming the process for myself on a small insignificant wallet amount, I then re-initialized my Trezors offline.  Never again will any SEED for one of my Trezors ever be placed on any computer.  Unless of course I need a restore without a Trezor.  This is my opinion.  Why would you use a hardware wallet with coins on it that has had the SEED on even a computer where you suspect its totally clean.  To me it defeats the one super big advantage of NO SEED EVER on a computer.  My .02!
HCP
legendary
Activity: 2086
Merit: 4361
April 30, 2017, 05:06:00 PM
#4
There is always a possibility that the seed has been compromised... the probability of it is likely to be relatively low, assuming you have taken all the necessary precautions against malware etc... It just depends on your personal level of paranoia, which is likely related to how much BTC you have stored using that seed Wink

From my experience, Electrum won't even let you reveal the seed once it has been imported ("Wallet" -> "Seed" is greyed out)... so my understanding is that the imported seed (if it is not an Electrum generated seed) is just used to calculate the master private key and then Electrum imports that (encrypting it in the wallet file, even if the wallet file itself is not encrypted).





sr. member
Activity: 282
Merit: 250
April 30, 2017, 02:29:41 PM
#3
Thank you, but it was the seed of an hardware wallet ; I just wanted to see if Electrum could retreive my balance if I lost/reset my hardware wallet. Now I've deleted the Electrum wallet data but I wonder if my seed is compromised just by typing it once in Electrum (offline) on my Mac (Virus Scanner Plus tells me there is no virus on my computer...)
sr. member
Activity: 1344
Merit: 307
April 30, 2017, 04:35:29 AM
#2
Hello,

I've restored a wallet using a seed (written on a paper). Is my seed still safe if I've set it in Electrum (offline when typing it, then online to get the balance) ?

Thank you.

You can encrypt the wallet with a password but if you have malware on the pc it could be monitoring your key strokes so be careful on that. It would be best to have electrum on a offline machine, and sign transactions and send it back to a online machine. If it's just going to be to check the balances and transactions and not send coins you could get the master public key and create a new wallet with that
sr. member
Activity: 282
Merit: 250
April 30, 2017, 03:57:52 AM
#1
Hello,

I've restored a wallet using a seed (written on a paper). Is my seed still safe if I've set it in Electrum (offline when typing it, then online to get the balance) ?

Thank you.
Jump to: