Pages:
Author

Topic: Electrum 2FA Wallet (Read 1021 times)

HCP
legendary
Activity: 2086
Merit: 4363
December 31, 2017, 08:34:20 PM
#26
When you setup a wallet in Electrum, you get the options:

- Standard Wallet
- Wallet with Two-Factor Authentication
- Multi-Signature Wallet
- Import Bitcoin Addresses or Private Keys

The 2nd option "Wallet with Two-Factor Authentication" is the "2FA" wallet option. It is a special kind of "2-of-3" Multi-Signature (aka "MultiSig") wallet that utilises a "third party" service called TrustedCoin.

Being "2-of-3", means that any two out of the original 3 private keys are able to sign a transaction.

The seed creates 3 private keys... #1 is put into your wallet file... #2 is "protected" by the seed and is "hidden" (unless you disable 2FA functionality when restoring the wallet)... #3 is held by TrustedCoin.

The system uses Google Auth "One Time Passwords" (OTP)... so you can use any GAuth app like Google Authenticator, Authy, Authenticator Plus etc...

The idea is, when you want to spend from your wallet, you create the transaction and sign it with key #1... the system then sends the transaction to TrustedCoin... and after you put in the GAuth OTP code, TrustedCoin signs the transaction with key #3... and then gives the fully signed transaction back to you for broadcasting.

The system is "safe" in two ones... one, you get the benefits of 2FA, no-one can spend from your wallet without the seed or 2FA device... and two, it has the safety backup, in that if you lose your phone, or TrustedCoin goes out of business, you can simply restore the wallet with your seed, disable 2FA functionality during the restore and Electrum will put both key#1 AND key#2 into the wallet file, so you can sign transactions without needing TrustedCoin or your 2FA device. (Note: this is meant to be an "emergency recovery" tool, and the idea is you can just rescue your funds and send them to a new wallet.)


You can read more here: https://api.trustedcoin.com/#/electrum-help
and here: http://docs.electrum.org/en/latest/2fa.html
full member
Activity: 1792
Merit: 186
December 31, 2017, 06:28:41 PM
#25
Hey all notice few threads about 2FA.  Can someone explain this very quickly?  When you set up electrum, they give you option for that?  I don't ever recall it.  Also do most people use 2FA on electrum or not?  Isn't just putting an encryption before you can check your balance good enough?


So if you put 2FA, which 2FA are you using?  Google authent, authy or something else?  So basically if you have 2FA on, that means a hacker cannot hack your wallet?
HCP
legendary
Activity: 2086
Merit: 4363
December 16, 2017, 01:33:10 PM
#24
Because it was generated from a 2fa seed... And it's still technically a 2FA wallet... Ie. MultiSig, you've just disabled The requirement to use TrustedCoin on THIS copy of the wallet as it now contains two private keys, so can sign the "2of3" transactions without using TrustedCoin.

The other output is most likely change... You can tell if the output address in the preview window is highlighted in "yellow"... That equals Change address. Receive addresses should be highlighted in green.
newbie
Activity: 3
Merit: 0
December 16, 2017, 07:19:51 AM
#23
WAIT, is the second output my change Huh?

Original balance
-tansaction fee
-speccified amount asked to be transferred


So is OUTPUT ADDRESS 1 where I want my money to go
and is OUTPUT ADDRESS 2 a new address that is created for the left over amount instead of the original address retaining the difference?

Where is this documented to confirm this and why doesn't the GUI reflect this if this is the case?  I HAVE BEEN SO STRESSED OVER THIS

p.s.  it still says 2fa in the header.  if 2fa is disabled, why does it still say 2fa? 
newbie
Activity: 3
Merit: 0
December 16, 2017, 07:04:10 AM
#22
You can click on preview to see how much you will be charged. If 2fa is disabled then you are no longer paying trusted coin's fee so that second output to trusted coin's address won't be there.

BTW even if 2fa was enabled what you were paying for is a whole bunch of spending transactions in one go. You can click on the blue shield icon in the bottom right to see trusted coin's fee schedule. To switch wallets go to file > recently open or file > open.

When I check preview there is the input address and 2 output addresses.  One for the amount I want to send, and one that is about .04BTC.  This is the address
https://blockchain.info/address/3D9kMCEW2MajXy6rXbse6jKCWZvCdTf13D if that even means anything.

I feel like I am losing my mind over this.
legendary
Activity: 3710
Merit: 1586
December 16, 2017, 06:36:53 AM
#21
You can click on preview to see how much you will be charged. If 2fa is disabled then you are no longer paying trusted coin's fee so that second output to trusted coin's address won't be there.

BTW even if 2fa was enabled what you were paying for is a whole bunch of spending transactions in one go. You can click on the blue shield icon in the bottom right to see trusted coin's fee schedule. To switch wallets go to file > recently open or file > open.
newbie
Activity: 3
Merit: 0
December 16, 2017, 06:00:56 AM
#20
How do I disable the 2FA "feature"?

I almost sent a transaction but decided to preview it first. 
>three segments, miner fee, my amount, and a third amount for $775 that I assume is 2FA
$775
HOW IS THAT A SMALL FEE. 

So I went to file > new and followed the screens to set up a standard wallet from seed.  when prompted for 2fa I clicked Disable.

However, in the new wallet the header still says 2fa and in the preview window the miner fee is gone but 2FA IS STILL THERE.  I can't afford $775 to send a small amount and test it.   I had an important purchase to make and now my funds are held hostage in my own wallet. 

Please let me know what I have to do to remove 2FA from my wallet.  I am so stressed right now.  Almost dropping $775 on a "small fee" is nerve racking.
sr. member
Activity: 443
Merit: 260
October 30, 2017, 12:44:52 AM
#19
Ok I understand

Thank you!
HCP
legendary
Activity: 2086
Merit: 4363
October 29, 2017, 08:46:10 PM
#18
Yep, you're right... I got myself confused with all the TrustedCoin entries I had in GAuth! Tongue

After I put the "I've lost my GAuth" code in, it was generating different OTP codes to the existing ones... But have now realised they were for other test wallets! DOH!

I've tested this with what I know is the same seed and regardless of whether you just enter the original or select "I've lost my Google Authenticator" and get a "new" key... It generates identical OTPs...

So yes, if someone has your old wallet+old phone, they could theoretically spend your coins!
legendary
Activity: 3710
Merit: 1586
October 29, 2017, 08:07:40 PM
#17
If you enter the current GAuth code, you can just continue using it... However, If you reset it, then you'll be given a new 2FA secret key which you must enter and sync up with Google Authenticator App and use for all future transactions... The old one will no longer work, as TrustedCoin will have changed the matching key on their end.


..... The old one will no longer work, as TrustedCoin will have changed the matching key on their end.

OK, thank you, thats what I wanted to know!

Hello this is incorrect. In my experience trusted coin will show you the same key it showed you before. You can try it yourself. Create a 2fa wallet and then restore it from seed. You will be shown the same TOTP shared secret you were originally given. Anyone with access to your old wallet file and the google authenticator app on your lost phone can spend your bitcoins!
sr. member
Activity: 443
Merit: 260
October 29, 2017, 06:42:21 AM
#16
..... The old one will no longer work, as TrustedCoin will have changed the matching key on their end.

OK, thank you, thats what I wanted to know!
HCP
legendary
Activity: 2086
Merit: 4363
October 29, 2017, 05:44:36 AM
#15
The 2FA key has nothing to do with decoding the wallet... The 2FA key is simply the key generated by TrustedCoin and given to you, so you can create the necessary Google Authenticator app entry... And start generating time based OTPs (one time passwords)

When you restore your 2FA wallet, and select to "Keep" the 2FA functionality, it'll ask you to confirm your current code from Google Authenticator app (to prove you still have it)... Or you can reset it ( "I don't have my Google Authenticator code" option)

If you enter the current GAuth code, you can just continue using it... However, If you reset it, then you'll be given a new 2FA secret key which you must enter and sync up with Google Authenticator App and use for all future transactions... The old one will no longer work, as TrustedCoin will have changed the matching key on their end. - WRONG... You get the same GAuth code regardless
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
October 29, 2017, 05:35:59 AM
#14
Hi, I have another question regarding the 2FA wallet.

If I recover a wallet with my Seed for testing purposes and create a new 2FA-Key with trustedcoin.

Will the 2FA-key from my original wallet file overwritten on trustedcoin?

Sorry but I cannot really test this without sending transactions and I want to avoid this because of the fees.

Your 2FA key from trusted coin is unique to decoding your wallet. Only that is able to decrypt the private keys so I sense you've gone wrong somewhere? It would not be secure and would be like a standard walet if this easnt implemented.
legendary
Activity: 3710
Merit: 1586
October 29, 2017, 04:32:30 AM
#13
trustedcoin shows you the same 2fa key that you originally got. if some else has that 2fa key and a copy of your wallet file then they can still spend from your wallet. you should create a new wallet and move your coins to that. you can begin the process with file menu > new/restore, enter a name for the new wallet file and then continue as per on-screen instructions. to open a different wallet file in future use file > open.
sr. member
Activity: 443
Merit: 260
October 29, 2017, 02:02:37 AM
#12
Hi, I have another question regarding the 2FA wallet.

If I recover a wallet with my Seed for testing purposes and create a new 2FA-Key with trustedcoin.

Will the 2FA-key from my original wallet file overwritten on trustedcoin?

Sorry but I cannot really test this without sending transactions and I want to avoid this because of the fees.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
October 26, 2017, 07:29:41 AM
#11
Fact is in previous Electrum versions 2fa wallets had 24 or 25 word seeds. But now it's just 12 words.

In previous versions half the 24 word seed was viewable via the wallet menu > seed after the wallet had been created. So you could view 12 of the words there but they were useless and misleading because they wouldn't restore your wallet. You needed all the seed words i.e. 24 or 25. Maybe this is the source of the jackg's confusion.
Learn something new every day... I've never seen any reference to 24 word seeds with Electrum before. Huh...  Undecided

I stand corrected.
Ah yes... That's it. I guess the 24 word seed is no longer in use (I've previously given help with getting coins out using that seed, guess there's something else to learn now)...
OK thank you both very much!

Now everything is clear.

I could also try this out by creating a 2FA wallet and then trying to restore it.

My initial question about the 24 word seed is because https://api.trustedcoin.com/#/electrum-help writes it on their help-site .... they should probably update this.
Try exactly what you say. Try sending a small amount to the wallet so you can test it definitely works (1mbtc if possible).
sr. member
Activity: 443
Merit: 260
October 26, 2017, 01:14:52 AM
#10
OK thank you both very much!

Now everything is clear.

I could also try this out by creating a 2FA wallet and then trying to restore it.

My initial question about the 24 word seed is because https://api.trustedcoin.com/#/electrum-help writes it on their help-site .... they should probably update this.
HCP
legendary
Activity: 2086
Merit: 4363
October 25, 2017, 10:05:11 PM
#9
Fact is in previous Electrum versions 2fa wallets had 24 or 25 word seeds. But now it's just 12 words.

In previous versions half the 24 word seed was viewable via the wallet menu > seed after the wallet had been created. So you could view 12 of the words there but they were useless and misleading because they wouldn't restore your wallet. You needed all the seed words i.e. 24 or 25. Maybe this is the source of the jackg's confusion.
Learn something new every day... I've never seen any reference to 24 word seeds with Electrum before. Huh...  Undecided

I stand corrected.
legendary
Activity: 3710
Merit: 1586
October 25, 2017, 09:37:37 PM
#8
Hi

I am reading everywhere that 2FA wallets use a 24 word seed.

But when I create a new 2FA wallet in electrum it only uses a 12 word seed.

Can anyone explain this to me?

Thanks

2FA comes with two seeds: The original (regular) seed and the 2FA seed.
The regular seed that you see is a regular seed (that gets produced in electrum).
There is also a 2FA seed stored in electrum that is a recovery seed for if the 2FA fails, I'm not sure as to the dynamics of where to find this but this is the 24 word seed that others refer to.

Like HCP said this is all nonsense.

Fact is in previous Electrum versions 2fa wallets had 24 or 25 word seeds. But now it's just 12 words.

In previous versions half the 24 word seed was viewable via the wallet menu > seed after the wallet had been created. So you could view 12 of the words there but they were useless and misleading because they wouldn't restore your wallet. You needed all the seed words i.e. 24 or 25. Maybe this is the source of the jackg's confusion.

In newer versions of electrum the 12 seed words are only shown during the wallet creation process. You can't see them later so you better write them down during the wallet creation process.

Electrum strives to maintain backward compatibility so all types of 2fa wallets can be restored from seed in Electrum.
HCP
legendary
Activity: 2086
Merit: 4363
October 25, 2017, 06:13:20 PM
#7
NO. You need either the 24 word seed or the "secret key" you got from the wallet.
Did you write down this "secret key" by any chance - you should really do that anyway? You can either do that or use the 24 word seed, although it should've given you a 24 word seed when you made the wallet - but search as to how to do this.
Ahhh. I get it.
The key is sort-of a representation of the 24 word seed. If you have a copy of that and the regular seed you SHOULD be fine - as you seed is stored with TrustedCoin as I understand it (although, if someone else here could suggest how to get the 24 word seed that'd also be useful).
What on earth are you talking about? Huh A 2FA wallet in Electrum generates a 12 word seed. That is all. Where did all this nonsense about 24 word seeds and "secret keys" come from? Huh And TrustedCoin don't store your seed. All they have is the 3rd master private key from your 2-of-3 MultiSig wallet (which is what an Electrum 2FA wallet is). The "2FA key" is simply the master key for Google Authenticator to be able to start generating 2FA codes. It has NOTHING to do with Electrum or seeds.


So If my computer is damaged (wallet file) AND I loose my cellphone (Google 2FA) I can recover my wallet with just this 12 word seed?
YES! The 12 word seed you wrote down when you first created the wallet is ALL that you need to recover your wallet in case your computer explodes or you lose your phone with the GAuth on it or TrustedCoin go out of business and you can't use their service anymore. If any of those things happen, you simply create a new wallet, enter in your 12 word seed and when prompted if you want to "Keep or Disable" 2FA, simply select "Disable".

This will create a copy of your 2FA wallet that actually contains 2 master private keys, so you can then create and sign transactions yourself, without needing TrustedCoin to provide the 2nd signature.

You can actually test this functionality by simply creating a "new" wallet and putting in your seed and selecting "disable" now. Once you're satisfied that it all works and you are comfortable that you can recover everything, you can safely delete the "restored" wallet and continue using the original 2FA wallet.
Pages:
Jump to: