Author

Topic: Electrum? Trezor? Safety? (Read 2054 times)

legendary
Activity: 2758
Merit: 6830
July 21, 2017, 02:56:07 PM
#12
Couldn't thieves try many passphrases and eventualy guess the right one?
The way you talk, it seems so easy to do that...

Also, you missed that part:

Quote
You could stage your bare seed wallet as a "decoy" so if your seed becomes compromise, someone would see the small btc stored on the bare seed wallet and never even think to brute force attack your hidden wallets =)

This is just an "extra" security measure. It's not like he's depending on that password alone.
hero member
Activity: 1260
Merit: 524
July 14, 2017, 02:39:59 AM
#11
Thank you for the original question. The resulting answers are a source of learning. I have some values of Bitcoin that I have been holding in a website for some months. This fork that everyone is worried about is beginning to worry me. So am I correct to understand,,, No one has met success hacking Electrum. Yet.

Electrum wallet can be hacked only if the hacker hack your computer and gets your seed key, because without seek key you cannot load the electrum wallet. I have been using electrum for more then 14 months and till now i have not faced any problem.
hero member
Activity: 2352
Merit: 953
Temporary forum vacation
July 14, 2017, 02:28:49 AM
#10
Thank you for the original question. The resulting answers are a source of learning. I have some values of Bitcoin that I have been holding in a website for some months. This fork that everyone is worried about is beginning to worry me. So am I correct to understand,,, No one has met success hacking Electrum. Yet.
HCP
legendary
Activity: 2086
Merit: 4363
July 13, 2017, 11:49:07 PM
#9
That is really handy info! You saying those conversion tools can be used to convert Electrum priv keys?  That would be easier then having your own Electrum full node server =) ... in the event Electrums server network goes down.
Yes. Assuming that by "Electrum priv keys" you mean the master private key that is generated by the "Mnemonic -> Seed -> xprv" conversion in Electrum.

Once you have the "master" xprv, you can just put it into the BIP39 tool as described above and it will do most of the hard work for you...

AFAIK no-one has, as yet, created a standalone Electrum Mnemonic converter... but I've had a quick look at the existing BIP39 tool code and compared it with the Electrum source code... it seems like it would be a relatively trivial task to modify it to accept Electrum Mnemonics so you wouldn't even need to use the "getmasterprivate()" command to get the xprv... you could just put in your 12 word seed (and/or custom words) and away you go.

The only difference in "Mnemonic -> Seed -> xprv" conversion between Electrum and BIP39 is that Electrum uses a "default" passphrase of "electrum" instead of "mnemonic"... the other differences relate to the structure and checksum validation of the mnemonic, which would probably be just as trivial to implement, but aren't necessarily required if all you want is to convert the seed to addresses/keys.

NOTE: I actually did a quick dirty mod on the BIP39 tool code to test it... I just forced the mnemonic checksum validation to always return true, changed the default passphrase from "mnemonic" to "electrum" and voilà... it will take an Electrum seed, you set BIP32 and path as m/0 (or m/1 for change addresses) and it spits out the correct addresses/private keys Wink
legendary
Activity: 2450
Merit: 1002
July 13, 2017, 09:59:55 AM
#8
In case Electrum as a wallet/code/program dies and stop being updated etc. - are my bitcoins still safe? Will my private keys created on Electrum still be available for use on different platforms?
As no one seems to have addressed this concern as yet... private keys are really just very large numbers. They are NOT wallet specific. A private key generated by WalletA should be able to be used by Wallets B through Z (assuming of course that these wallets allow importing of private keys).

There are also several open source and freely available services (like bitaddress.org) that will "convert" private keys in multiple formats to (WIF, WIFC, HEX, B64, B6, MINI, BIP38) and output WIF, WIF Compressed, Hex and Base64 representations of these private keys... They provide full sources and are able to be downloaded and run on airgapped/offline machines etc.

The maths and algorithms behind all of the address conversions etc are also widely known and published.

In the specific case of Electrum, which uses a "proprietary" mnemonic to seed calculation method (ie. Not BIP39)... if you're super paranoid that the software may die and/or stop being updated... you can also simply store a copy of the source code or application on your secure pendrive along with your seed/keys...

or alternatively use the getmasterprivate() command on the Electrum console to get the BIP32 Root Key aka "xprv" (that can be plugged into an offline copy of https://iancoleman.github.io/bip39/):



and used with a BIP32 derivation path of m/0 and m/1 to get your "receive" and "change" address/keys respectively.


That is really handy info! You saying those conversion tools can be used to convert Electrum priv keys?  That would be easier then having your own Electrum full node server =) ... in the event Electrums server network goes down.
HCP
legendary
Activity: 2086
Merit: 4363
July 10, 2017, 11:27:09 PM
#7
In case Electrum as a wallet/code/program dies and stop being updated etc. - are my bitcoins still safe? Will my private keys created on Electrum still be available for use on different platforms?
As no one seems to have addressed this concern as yet... private keys are really just very large numbers. They are NOT wallet specific. A private key generated by WalletA should be able to be used by Wallets B through Z (assuming of course that these wallets allow importing of private keys).

There are also several open source and freely available services (like bitaddress.org) that will "convert" private keys in multiple formats to (WIF, WIFC, HEX, B64, B6, MINI, BIP38) and output WIF, WIF Compressed, Hex and Base64 representations of these private keys... They provide full sources and are able to be downloaded and run on airgapped/offline machines etc.

The maths and algorithms behind all of the address conversions etc are also widely known and published.

In the specific case of Electrum, which uses a "proprietary" mnemonic to seed calculation method (ie. Not BIP39)... if you're super paranoid that the software may die and/or stop being updated... you can also simply store a copy of the source code or application on your secure pendrive along with your seed/keys...

or alternatively use the getmasterprivate() command on the Electrum console to get the BIP32 Root Key aka "xprv" (that can be plugged into an offline copy of https://iancoleman.github.io/bip39/):



and used with a BIP32 derivation path of m/0 and m/1 to get your "receive" and "change" address/keys respectively.

newbie
Activity: 31
Merit: 0
July 10, 2017, 09:40:51 PM
#6
Grateful for the replies guys. I haven't tried any other methods beforehand or any other wallet, but i did not dump all my coins because exactly as you said, in case something didn't work. Everything seem to work fine so my BTC is already stored cold.

Thanks for the replies, guess i'll be just adding money to that bag of btc stored cold and won't swap to anything else for time being.
I definitely am interested in the Trezor though, when operating with big money an investment of 80-100 euros is nothing really and it seems to be incredibly useful and provides a lot of good functions.
Having a cold storage you can safely spend money from and also generate an additional security layer like you mentioned is interesting and i'll be looking into it for sure. Storing ETH at the same time sounds good too.
legendary
Activity: 2450
Merit: 1002
July 10, 2017, 07:36:16 PM
#5
OP:
With your goals, I think u did pretty well. An encrypted "paper" wallet stored many places may have been easier.
Before dumping all ur coins, into your wallet, did you run a small test scenario on a different wallet using the same method? I always like to test my methods w/ a small amount of coin in case something doesnt work on trying to "spend" the coin, before I commit to dumping all my coin onto the same method =)

Lastly, what I personally like is Trezor backed up by a "cryptosteel" and a 2nd paper seed backup, or as many other backups you want to store or hand out to people =P
The reason why I mentioned the last part is("hand out to people" sarcastically), even if you gave your trezor seed to folks ... if you used the "password protected/hidden" wallet feature of Trezor, you arent really storing your entire seed on backup. The password you use almost "becomes an additional word in the seed" ... meaning, you can make as many hidden & unique wallets as passwords you can remember.
You could stage your bare seed wallet as a "decoy" so if your seed becomes compromise, someone would see the small btc stored on the bare seed wallet and never even think to brute force attack your hidden wallets =)

Anyways, Ive always thought it was a neat implementation on Trezor dev team part.

Also, Trezor + Seed + Electrum + Electrum full local node + Mycelium for android app(paired w/ trezor wallets) = high utility & high security & high reliability.
Another bonus is a Trezor can simultaneously store BTC, ETH, LTC and some other cryptocurrencies using the same seed(and password protection mechanism) =)

Anyways, I know your goals are quite different, but in case you ever wanted to easily spend some as you go, this is just food for thought =)
full member
Activity: 168
Merit: 100
Snip - The Future of News on the Blockchain
July 10, 2017, 07:07:37 PM
#4
What you did is exactly creating a paper wallet. You don't really have to print it in order to call it a paper wallet Smiley
Storing it offline on a pen-drive is the same...

Again, in my opinion is as safe as storing it on hardware wallet like Trezor.
newbie
Activity: 31
Merit: 0
July 10, 2017, 06:57:59 PM
#3
If you're planning buy BTC and just holding it, it's safe enough to use paper wallet IMO.
It's safer to create the wallet on a clean VM (almost the same as formatting your pc) and offline.

Don't expect it reach $100K... so you won't be disappointed later...

Oh, and keep your private key (or the 12 words seed) in a place you'll remember in 5-10 years Smiley

I appreciate the reply but it's like listening to a spam auto-reply message when you contact customer support of some companies.

I know paper wallet is safe but i'm not interested in storing it on paper wallet due to my lack of printer. I'm looking to find questions to my answers that i posted in the first post.
full member
Activity: 168
Merit: 100
Snip - The Future of News on the Blockchain
July 10, 2017, 06:49:56 PM
#2
If you're planning buy BTC and just holding it, it's safe enough to use paper wallet IMO.
It's safer to create the wallet on a clean VM (almost the same as formatting your pc) and offline.

Don't expect it reach $100K... so you won't be disappointed later...

Oh, and keep your private key (or the 12 words seed) in a place you'll remember in 5-10 years Smiley
newbie
Activity: 31
Merit: 0
July 10, 2017, 06:21:23 PM
#1
Hello friends, i have recently joined the club and purchased some bitcoins. My opinion of BTC is pretty high and i believe this indeed is the future, and that it would be stupid of me to just ignore it.
So i just recently started but already own 1 BTC and plan to buy a lot more, though it would be irresponsible of me to go into it without any precautions and knowledge. I've read a lot and have a basic grasp of safety but decided to ask some questions as there is a lot of people holding for a long time already and i'm sure people have far more experience than me.

Note that all i want to do with Bitcoin is just store it until 2020-2025. I do not plan on withdrawing the money from this wallet beforehand and i just plan on adding money to it every week or month.

I have completely formatted my PC and disconnected it from Internet to create safe environment to create an Electrum wallet. After doing so i have transferred funds to it, saved the seed phrase and private keys on a brand new pen-drive that i also formatted beforehand just in case. I also have my seed phrase stored in a different safe place in case my pen-drive dies and i cant access it's data. I've put the pen-drive in my safe that is screwed to a wall, so i am technically safe from theft and fire. I formatted my PC once again to erase all data of Wallet being created.

How safe do you guys think is what i did? Is there a possibility of me getting my BTC hacked even though i did all this without internet connection, if i don't compromise the wallet by connecting it to internet?
Is there a possibility in future that 12-seed electrum phrases or electrum private keys stop being accepted by other services, so if Electrum magically dies i'd not be able to recover my BTC?
Is Trezor a better option than what i did there with Electrum? And if so, then how is it better?
Also, assuming i have 10 BTC on my electrum wallet and it's already 2025 where lets say price is 100.000$. It means i can cash-out 1m$.
Do you guys think that i should be using the signed signature thing that lets you pay with offline wallets?
Also i already went through that, and someone did calculations for me on how much it would take to crack electrum seed phrases but is it really so safe?

In case Electrum as a wallet/code/program dies and stop being updated etc. - are my bitcoins still safe? Will my private keys created on Electrum still be available for use on different platforms?
Jump to: