Author

Topic: Electrum and Import thoughts and question (Read 156 times)

hero member
Activity: 761
Merit: 606
January 10, 2021, 07:03:23 PM
#7
All great answers guys.  I never planned on risking my long term storage keys, but I am interested in reading through the math.  Following the links here and giving all this a look.  For now I simply created a watching only "import" wallet for the OLD addresses just to keep an eye on things.  Electrum only knows the addresses, didn't even add a public key for any of the addresses I am watching.  I am NOT using mpk's because I don't want the addresses I am watching to be associated with "newer" transactions that are in the wallet.  I really regret mixing some newer activity in these years old wallets.  Juggling TAX considerations sucks!
legendary
Activity: 3472
Merit: 10611
January 08, 2021, 11:36:40 PM
#6
Why not sever the connection between the two wallets already?
Create one "cold" storage with your hardware wallet and have your bulk of coins in there in addresses that you don't want to use.
Create another wallet as your hot wallet using Electrum and use the 3 addresses from that wallet (or any other number you want) then simply send coins between these two wallets when you want to change the amount of bitcoins in your hot wallet to go up or down.

This way you still remain safe while there isn't any way to compromise your "cold" storage at all while you continue having access to the coins you want in a riskier way in your hot wallet but it is smaller amount so the risk should be lower.
The Electrum wallet also has a seed phrase which you can backup and restore the wallet in the future if you wanted. It also offers you more options such as having more than X number of addresses so you wouldn't have any trouble in case you needed more (you don't have to go back to your "cold" storage).
HCP
legendary
Activity: 2086
Merit: 4363
January 08, 2021, 10:32:03 PM
#5
Here comes the "math" question.  In the unlikely event this seedless wallet were to get compromised and an attacker gained access to the 4 private keys, how easy (if at all) would it be to generate the private keys to gain access to the original main wallet?
I believe what is required for an "attack" like that is:

- The Master Public Key
- At least one Private Key

As described here: https://bitcointalksearch.org/topic/m.7385160

If you just have 4 private keys that get compromised, then there is no way to derive the other keys.

It also depends, to a certain extent, on whether or not the keys are "hardened", as per this Trezor wiki entry:
For security reasons, using hardened keys is safer, but there are use cases for using non-hardened keys. A parent extended public key together with a non-hardened child private key can expose the parent private key. This means that extended public keys must be treated more carefully than regular public keys. It is also the reason for the existence of hardened keys and why they are used for the account level in the tree. This way, a leak of account-specific (or below) private keys never risks compromising the master or other accounts.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
January 08, 2021, 03:04:50 PM
#4
I should have mentioned these are bip39 because the keys came from a Trezor combined with Electrum.  I know I could not have gained access to the private keys using my Trezor, but I used an air gap machine with the Trezor restore seed to learn of the private keys using only Electrum.  There is NO compromise of my keys.

I can't remember if they use hardened addresses but I don't think they do so you're probably better off making a new identical wallet and just right clicking and "freezing" the other addresses -this doesn't affect their spend ability you'll still be able to spend them from the other wallet.
hero member
Activity: 761
Merit: 606
January 08, 2021, 02:52:51 PM
#3

If you used the standard built in electrum mnemonic than I don't think it's possible to generate your master private from a few keys. I've seen it's possible in bip39 without using "hardened" keys.

I should have mentioned these are bip39 because the keys came from a Trezor combined with Electrum.  I know I could not have gained access to the private keys using my Trezor, but I used an air gap machine with the Trezor restore seed to learn of the private keys using only Electrum.  There is NO compromise of my keys.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
January 08, 2021, 02:44:40 PM
#2
You can just right click on an address and select "spend from" to transfer the funds into a new wallet.

You can also right click all the other addresses and select the freeze option to stop those from being spent in your current wallet.

If you used the standard built in electrum mnemonic than I don't think it's possible to generate your master private from a few keys. I've seen it's possible in bip39 without using "hardened" keys.
hero member
Activity: 761
Merit: 606
January 08, 2021, 02:37:48 PM
#1
Just considering the "math" on this.  I have an Electrum wallet that I have used somewhat and want to move some funds to another wallet.  BUT I only want to take coins from 4 specific addresses in the wallet in question.  I have two options;

1. Go to another wallet and SWEEP using the private keys of the specific 4 addresses.  Easy enough, but that means the coins move immediately when I do that.

2. Create a new Electrum seedless wallet and IMPORT the private keys of the 4 specific addresses.  This method means I will have an Electrum wallet with only 4 addresses and I am responsible for backing up my wallet file as there is NO SEED to restore the wallet.  I know that!  On the other hand an IMPORT does not move the funds, so I still have the transactions in the original wallet until I conduct the exchange.

Here comes the "math" question.  In the unlikely event this seedless wallet were to get compromised and an attacker gained access to the 4 private keys, how easy (if at all) would it be to generate the private keys to gain access to the original main wallet?  I know this is a strange topic to consider but exploring the math involved here helps me to consider different coding ideas as I pursue this hobby!  I don't have a need to move the coins from these addresses immediately so having a seedless wallet to use at a moments notice would be convenient and prevent me from moving coins from the other much older transactions in the main wallet.  Creating the SWEEP wallet as I mentioned above is not really what I want since the funds have to move now.  I will always have the private keys to these 4 addresses so that alone will be my backup (in lieu of SEED as normal).
Jump to: