Author

Topic: Electrum 3.2.0 has been released (Satoshi's Vision) (Read 205 times)

legendary
Activity: 3038
Merit: 2162

can someone explain what this change is:
Quote
* SPV proofs: check inner nodes not to be valid transactions

https://github.com/spesmilo/electrum/pull/4436

https://bitcointechweekly.com/front/cve-2017-12842-leaf-node-weakness-trusted-merkle-tree-depth-for-safe-tx-inclusion-proofs-without-a-soft-fork/

"This exploit can be used to attack SPV nodes, these are nodes that verify the existence of a payment without downloading the entire block through the Merkle tree. An attacker can provide a Merkle tree that has a fake transaction as a proof of payment to a transaction he didn’t actually pay."

Yet another reason to never use SPV wallet for big amounts/business. Maybe this vulnerability is relatively small, but who knows how many vulnerabilities are undiscovered.
legendary
Activity: 3472
Merit: 10611
beware that if you are on Linux (and Mac i guess) you might not want to upgrade to this version yet. there is a bug in it. the wordlists weren't included in the releases. wait for the next version 3.2.1 to be released or just compile the source.

# Release 3.2.1 - (unreleased)

 * fix Windows binaries: due to build process changes, the locale files
   were not included; the language could not be changed from English
 * fix Linux distributables: wordlists were not included (#4475)

i don't know what the windows bug fix was for though.



can someone explain what this change is:
Quote
* SPV proofs: check inner nodes not to be valid transactions
hero member
Activity: 900
Merit: 1014
advocate of a cryptographic attack on the globe
# Release 3.2.0 - Satoshi's Vision (June 30, 2018)

 * If present, libsecp256k1 is used to speed up elliptic curve
   operations. The library is bundled in the Windows, MacOS, and
   Android binaries. On Linux, it needs to be installed separately.
 * Two-factor authentication is available on Android. Note that this
   will only provide additional security if one time passwords are
   generated on a separate device.
 * Semi-automated crash reporting is implemented for Android.
 * Transactions that are dropped from the mempool are kept in the
   wallet as 'local', and can be rebroadcast. Previously these
   transactions were deleted from the wallet.
 * The scriptSig and witness part of transaction inputs are no longer
   parsed, unless actually needed. The wallet will no longer display
   'from' addresses corresponding to transaction inputs, except for
   its own inputs.
 * The partial transaction format has been incompatibly changed. This
   was needed as for partial transactions the scriptSig/witness has to
   be parsed, but for signed transactions we did not want to do the
   parsing.  Users should make sure that all instances of Electrum
   they use to co-sign or offline sign, are updated together.
 * Signing of partial transactions created with online imported
   addresses wallets now supports significantly more
   setups. Previously only online p2pkh address + offline WIF was
   supported.  Now the following setups are all supported:
   - online {p2pkh, p2wpkh-p2sh, p2wpkh} address + offline WIF,
   - online {p2pkh, p2wpkh-p2sh, p2wpkh} address + offline seed/xprv,
   - online {p2sh, p2wsh-p2sh, p2wsh}-multisig address + offline seeds/xprvs
     (potentially distributed among several different machines)
   Note that for the online address + offline HD secret case, you need
   the offline wallet to recognize the address (i.e. within gap
   limit).  Having an xpub on the online machine is still the
   recommended setup, as this allows the online machine to generate
   new addresses on demand.
 * Segwit multisig for bip39 and hardware wallets is now enabled.
   (both p2wsh-p2sh and native p2wsh)
 * Ledger: offline signing for segwit inputs (#3302) This has already
   worked for Trezor and Digital Bitbox. Offline segwit signing can be
   combined with online imported addresses wallets.
 * Added Revealer plugin. ( https://revealer.cc ) Revealer is a seed
   phrase back-up solution. It allows you to create a cold, analog,
   multi-factor backup of your wallet seeds, or of any arbitrary
   secret. The Revealer utilizes a transparent plastic visual one time
   pad.
 * Fractional fee rates: the Qt GUI now displays fee rates with 0.1
   sat/byte precision, and also allows this same resolution in the
   Send tab.
 * Hardware wallets: a "show address" button is now displayed in the
   Receive tab of the Qt GUI. (#4316)
 * Trezor One: implemented advanced/matrix recovery (#4329)
 * Qt/Kivy: added "sat" as optional base unit.
 * Kivy GUI: significant performance improvements when displaying
   history and address list of large wallets; and transaction dialog
   of large transactions.
 * Windows: use dnspython to resolve dns instead of socket.getaddrinfo
   (#4422)
 * Importing minikeys: use uncompressed pubkey instead of compressed
   (#4384)
 * SPV proofs: check inner nodes not to be valid transactions (#4436)
 * Qt GUI: there is now an optional "dark" theme (#4461)
 * Several other minor bugfixes and usability improvements.
Jump to: