Pages:
Author

Topic: [GUIDE] How to Safely Download and Verify Electrum [Guide] - page 8. (Read 55340 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Using solely the hash of the files as a validation is insecure. There is a reason why Bitcoin Core hash sums are included within a PGP signed message and users are encouraged to verify them first before trusting it.
This is exactly what I said. To upload a signed message containing the hash instead of leaving a hash solely.

There shouldn't be anything wrong with this and it's quite faster than the other method.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
I don't want to speak for Dabs, but I think that's the point he's trying to make.  If you only rely on checksum hashes and the site is compromised, the checksums could easily be replaced by the hackers.  If we rely on GPG signatures the hacker wouldn't be able to sign the releases (or a list of checksums) with ThomasV's key, and we would know something was wrong.  To defeat this type of security the hacker would have to gain access to multiple unconnected servers.  Not impossible, but highly unlikely.
This assumes that the attacker won't also replace the PGP public key for ThomasV as well. PGP is best used in conjunction with an established web of trust which can be hard to get for some users and I would probably recommend users to at least get another source of information to validate if the imported public key is also correct.

I agree with the above sentiments as well. Using solely the hash of the files as a validation is insecure. There is a reason why Bitcoin Core hash sums are included within a PGP signed message and users are encouraged to verify them first before trusting it. Using the hashes as it is would merely serve as a way to verify data integrity but not guarantee its security.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
It's a quick way to see if something is good, but without verifying the signature anyway, it's possible that the site was compromised and showing a hash that matches the executable or binary.
But if the site was compromised, and it showed a different hash, the signature using Thomas' key wouldn't be valid.

I don't want to speak for Dabs, but I think that's the point he's trying to make.  If you only rely on checksum hashes and the site is compromised, the checksums could easily be replaced by the hackers.  If we rely on GPG signatures the hacker wouldn't be able to sign the releases (or a list of checksums) with ThomasV's key, and we would know something was wrong.  To defeat this type of security the hacker would have to gain access to multiple unconnected servers.  Not impossible, but highly unlikely.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
You'd still need to verify the hash using the GPG signature.
There are other simpler ways to verify a signed message, but GPG does fine, yes.

It's a quick way to see if something is good, but without verifying the signature anyway, it's possible that the site was compromised and showing a hash that matches the executable or binary.
But if the site was compromised, and it showed a different hash, the signature using Thomas' key wouldn't be valid.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I like hashes such as SHA256. But it's more like a super secure checksum that your download is not corrupted. You'd still need to verify the hash using the GPG signature.

It's a quick way to see if something is good, but without verifying the signature anyway, it's possible that the site was compromised and showing a hash that matches the executable or binary.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Specifically with GPG? How could that happen, I don't understand. Once you hash an executable, don't you hash its binaries?

GPG uses RSA-2048 or RSA-4096 keypairs to encrypt and decrypt messages. It just so happens that it is also possible to sign a message using RSA keypairs, where the "message" here is the binary file contents, and this makes an RSA signature along with some metadata that GPG adds. There's also a verification process[1] that exists for RSA which GPG uses to verify these signatures (which are also binary data).


[1]: https://www.cs.cornell.edu/courses/cs5430/2015sp/notes/rsa_sign_vs_dec.php
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I remember asking this before and the answer I got is that the risk of checksum collision with a bad executable is mitigated if it's signed with GPG.

Specifically with GPG? How could that happen, I don't understand. Once you hash an executable, don't you hash its binaries?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
April showers bring may flowers, and allowed me some time to work on this tutorial.  I've updated the OP to include "BAD" signatures.  I also rearranged the post to consolidate instructions based on operating system.  I think it flows better this way.

That's great, it means I don't have to wait until a rainy November to update the Bitcoin Wiki page. It's already rainy season here anyway Wink

Can't Thomas provide a signed hash of each executable? Why should one, that isn't familiar with GPG, go though all this procedure just to verify a signature since he/she could do that really easily?

I remember asking this before and the answer I got is that the risk of checksum collision with a bad executable is mitigated if it's signed with GPG.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Can't Thomas provide a signed hash of each executable? Why should one, that isn't familiar with GPG, go though all this procedure just to verify a signature since he/she could do that really easily?
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
April showers bring may flowers, and allowed me some time to work on this tutorial.  I've updated the OP to include "BAD" signatures.  I also rearranged the post to consolidate instructions based on operating system.  I think it flows better this way.

Suggestions are always welcome.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
This is Thomas V public key as gotten from the website:

Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBE34z9wBEACT31iv9i8Jx/6MhywWmytSGWojS7aJwGiH/wlHQcjeleGnW8HF
Z8R73ICgvpcWM2mfx0R/YIzRIbbT+E2PJ+iTw0BTGU7irRKrdLXReH130K3bDg05
+DaYFf0qY/t/e4WDXRVnr8L28hRQ4/9SnvgNcUBzd0IDOUiicZvhkIm6TikL+xSr
5Gcn/PaJFS1VpbWklXaLfvci9l4fINL3vMyLiV/75b1laSP5LPEvbfd7W9T6HeCX
63epTHmGBmB4ycGqkwOgq6NxxaLHxRWlfylRXRWpI/9B66x8vOUd70jjjyqG+mhQ
+1+qfydeSW3R6Dr2vzDyDrBXbdVMTL2VFXqNG03FYcv191H7zJgPlJGyaO4IZxj+
+O8LaoJuFqAr8/+NX4K4UfWPvcrJ2i+eUkbkDJHo4GQK712/DtSLAA+YGeIF9HAn
zKvaMkZDMwY8z3gBSE/jMV2IcONvpUUOFPQgTmCvlJZAFTPeLTDv+HX8GfhmjAJY
T5rTcvyPEkoq9fWhQiFp5HRpYrD36yLVrpznh2Mx7B1Iy8Rq/7avadwVn87C6scJ
ouPu+0PF3IeVmYfCScbfxtx1FaEczm8wGBlaB/jkDEhx0RR8PYKKTIEM7T2LH2p6
s/+Ei4V7mqkcveF/DPnScMPBprJwuoGNFdx2qKmgCKLycWlSnwec+hdyTwARAQAB
tBlUaG9tYXNWIDx0aG9tYXN2MUBnbXguZGU+iQI4BBMBAgAiBQJN+M/cAhsDBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAr1YJLf5Rw5hlhD/9T4I/sBCleS9nH
njTJqcOnG28c9C3CRYIizjEui/pKmXz9fB1N9QrCaruPUQx2UacDVCl6dKxac+7s
s3/a6lsjaRn0/2OM/sCVLScyxNPNPQs2b6jkodSNPIM8zv51g+flhwtfrO6h6B4j
IhZgSjFdvqtZd5jaly9rA0uMX045CC4K6HGnq8n4F2p31z0L0LaHBf5EcsCM0MMp
QVkY0aUrNg9uVMGXBHn3osHnOtQaODqcIbpa/OG+Tlt6pVOiDJ7i8TkpQKT7sOaM
VdL//TEoDIOC7qVCN82q2q/gtiBXbziaERVs/eU0O52aX5qUhXu3VIjXTp/riRim
R/f9BPB1dgDZbF2aPZ/rJm26v82ft7gP1Sf52E9MrAaZATTfI0/TUHXeBzN93EA9
xb6/ENAMTX74u+NjlynWPD+hl64eBzJ2ionZF1bJFTgBkMfRYnhllvleCjcq9YfX
md5HKCwtxfygBIujUQSwyUzn0f5DbVCJ7/B19bKdvHGSSBgBEjxqXWQskm2wc0In
ww63goZAGDQliKhIT8xnwOBbLkqSobq4tD9zpQyxvMA2rhy7/gfFRp7TTak7MZHf
lTJ37S5LvcWHm/ccWUZDUN7akoEDc+m6jX3uIEPMD3PQvcHhWv0amco3zDr1qb/+
rXM7TJKd7DPX0E2dRzKu6aYRMTbklbQhVGhvbWFzIFZvZWd0bGluIDx0aG9tYXN2
MUBnbXguZGU+iQI4BBMBAgAiBQJTQDaRAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIe
AQIXgAAKCRAr1YJLf5Rw5hOBD/9o/NqHLvjhrCfy6/SblSC/udV9ujFnvhZZZprb
r8Oe6GdMwfw+ktZd2nYb09KjxXYmGoZeZKmvCb0LoMKSVWgisH1rgzDzI6UzFL4b
pV2+PqCSiWaekfnBm+oHbGgJCuAXebGXjVL8JsvhAl0HQZzTA1RX0u8TEAHOxOI5
l+mXSN+cwVZuDMpt5v+JDyPGHM/KqaXCw1WJY50mqlan6/15XHilmvY/CaxmbXNH
ZOXucmPxyCTeiQTqyhHsIBb4RxWYCaUXv9+svriotv2HZpQ110NN09ml1K1kDlNL
Zh3jNqMsbImFArbN8GikjqhRBV3K77Np4lccnsBPllQMqqQULG7UshcQTatkmTMb
j2TQ0oQWEZt0uJmnmxgz18ijs6m2fJZhlH0QYVYOwUvK6GfAFluHwOZHIXonv8Ck
uTW+P90lOB/9ZnREZeYb2wlvV6fCTMHxptIbT31kbLTzu4KEI6+ShQXT+YAKiC5S
JC9heheaeApH3wcLiZJcCKYv6ubY+3Uf/EoXcqWywwpS/nWkSpMSYjq+V9xCcGHI
MZ4vZkiZ6OS5Mu739rgGfP7Yi3pqUYLIpUa5QiNOMEhPtWbj/oH5ldaZowwgZ4MK
2Mzxex8IhFppPtZgqJfu9NZQLICpxcd2hUe3XWvB+jcvboZ1p7RO7ax3Vo9zy1fy
YEFML7Q9VGhvbWFzIFZvZWd0bGluIChodHRwczovL2VsZWN0cnVtLm9yZykgPHRo
b21hc3ZAZWxlY3RydW0ub3JnPokCOAQTAQIAIgUCVMYFygIbAwYLCQgHAwIGFQgC
CQoLBBYCAwECHgECF4AACgkQK9WCS3+UcOZ7BQ//VJuRmM7kQd5DcJS76BKpMtKt
gUNV3hi2h8kNGtkIeKhpeiK+PeweFJCb0nQDiEYsg5Xd/l5ZwN34cqlhgaQ8uWBY
rmNnSYGECLrxejx6WTWHp2AtD9BXrj73HEox2abC0Bdky39aCTyuRhSzbFnV2unh
L7IarKqr5bat6ywFZWsOcaisEjWXlTSD/hYqnkRX8vnBZRnRgHyi1yOvHsXGFB3x
O+P7JUb4E7BVzVRDJzMgcBhY5vTZ4Mnc8eIplNVI1TaF2hmhmnezvRF6XNYV1Ew9
t2/HE85+DqIBikUWYPTTxJiWUOwxXP9dVOEmNTcAgVThvMN7W+WoF7//qcNKmbPI
DyGU5xb/MLNrM+MWfavtkHNqcY0+cFf27z4mOxd2eEMDVxN/Fhq0HipugMEawaZ0
G9xsF/rZBzKgpu7+SvqRqxUn36vNz59vDlBYEXSng6nJobUdNb6iHo/rpZ6ZYHKx
mzrK5ROpmKs6zpPTOn8Hw29jxx07auzEIVEa8hzZaiqTfwI9yBwzhFQwNxmNaKRE
adxosvU1VyTvaEVmMmTx227MF1qhwq9yrSXtmKZJGiHRzyL4B4vAGrf9uK9GwzS2
TlyksRdjapw6Cqp8sUB2PUzHqYNWs0wSsZuxwVt6JSD4N8vpYTTF00LONKe2oLhj
GNxpH+BV3SqMHXQl9Ki5Ag0ETfjP3AEQAL5LYJiX5S4PG891TMihejh5KVgc36/R
zgWYJkE26K855t+WdAa6spHKR1RmpTTsnaTXaC/bNxJZq+0vi9GKlw94twEueu0v
Cniinpy6AFeydveCi+qdr5XQ4hx1DY11kntGBL2wMOtrZ4oAeFnntHYcAMYaMBY5
p8gd3WVR2dgIvpOcezQBLwhoMHnN6A+JEQ27ZHcolwDO9ic+t4YAtl552DP1xKbc
T4D1JD0J6W6FbUJElOXReSjNGCuSLZZTsCzMg0P6RHwWUKtDvRKrK/M3Nh/L2EsW
5mAQnYps6a+hyVkVd9kLsogtHPE4xv33pzbDB5Yj+2zqdjYUqO/ODfkP+HjNRvyj
uHL6W3bjU6FnuJQXX4llskls4hlKDPawa3cuWnsdafouAZOxWwBlGysRZ7BaHOFE
TOlAeUN1EYfFrckcfkYzTX7NDA0S99aX730z/c9XrnqM52OO9LrSFRnYZ+K3M8z2
FFvo9/ZtqqTDH0/oH+ay0CwtowSovZUoljAQ8zmmi8CtPDFHg4srae8YxW4fetn7
QtP6rOVRwQCyP12LztC7oYGOectU5G9GkVDubNW48Vuex0/upP9RORjKN8atBroS
cmomR5hShxmgdJBy4I/TDkVFbZq/hRPSTAHgnciEC67TYhszzXP3nTn5/Ah0wCGC
d3HfiNX6G7MdABEBAAGJAh8EGAECAAkFAk34z9wCGwwACgkQK9WCS3+UcOaJRA//
dLHRBjeAkNbRsY5GNTWUZzXr3VC5vNqpwpP9rK4QTAmpl3iU5F+wsgMG78iS2XOV
+ijZA8KvishletQJoNMxS1PU4sA4Y34hYb61ptHs+PmwNpcdgjAX+mCh9xQ0816G
yIaXtxtxacJJW3K07fqKIkJjISPOyTLSd+wl1LtRE2fA67pMmpMHG8t+RPq1dp/e
3qp6L7jc6X3U+bn2m7u2cgEVbuAnSaKGoMSMnsd71Ltf1b6/DwvZz/HBttEgcgSm
PleHUVyBD4LDrcjTDK7zdEMw7b/cPBnu6CmTcogFEqvB4n9Yodo+4ij7AndUTz4J
j1p8vFlnHvhRg82MDfGUPJ+ujBjbYXROs+WAmaCQ8TgjZ3dAFNFrOqAbYu6QlY2x
fu7vj+ruc6ArdmBrOlsJFmNsxFRJfgdUug5JFIUN77GbjisHjWem8cY3szuyEke8
H2pi803CAuVtkaoNmNDHsEBieft34Zo0V+A/q2wkix3S9vyRjOKqhGrW30qxnV6Z
FexueWuO3qOQ0ZU5/TIH0kft2n45/RexeBq/Ip52zE1vEvTkQmBCfCGZmqTu+9Ro
8qsjecxVNxyVPlwhlimryiQ+dPaJYaOSfiwEEMh2MyV5c6t6qN9n6jFdiCLOlmmH
ZFA8xDodsofQEmlv+I/xyEZ7na6nxbpZVuPC3B0JFtY=
=sUYl
-----END PGP PUBLIC KEY BLOCK-----

Please do not use this without checking from another source that it matches the same key from another source or someone else quotes this and says it's matched.

Fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6

I copied it here so we have another source that's not changed if the official website gets compromised.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I strongly believe this thread should be stickied by a global mod or admin. It will save us from having to repeat that using Electrum without verifying it is unsafe to use. People generally only read the first few results on a page, whether it's bitcointalk or Google, and this page doesn't even appear in google search results (well it looks something like a footnote and not an actual result).

Before people come to this board and ask a new question, this will reduce the number of people that need hand-holding.

You all agree that this should be stickied or what?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
There is a tool included with Visual Studio that lets you sign any executable before you distribute it. Most people just make a self-signed certificate and those cannot be trusted by themselves because those certificates aren't signed by a chain of CAs.

When windows displays a warning about running a program from an "unknown publisher" then it used a self-signed certificate. That's why the embedded signature can't be relied upon for Electrum integrity. Unless somebody is willing to pay hundreds of dollars for a CA to sign it.
I don't think it was self-signed. I analysed it on my VM (on an old computer, to be safe) and it appeared to be issued by DigiCert, IIRC and it didn't throw a warning to me. I don't want to download it again but I've found the MalwareBytes analysis.

https://blog.malwarebytes.com/cybercrime/2019/04/electrum-bitcoin-wallets-under-siege/
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Also, some of the binaries during the Electrum phishing were actually digitally signed by the hackers using some presumably compromised CA.

There is a tool included with Visual Studio that lets you sign any executable before you distribute it. Most people just make a self-signed certificate and those cannot be trusted by themselves because those certificates aren't signed by a chain of CAs.

When windows displays a warning about running a program from an "unknown publisher" then it used a self-signed certificate. That's why the embedded signature can't be relied upon for Electrum integrity. Unless somebody is willing to pay hundreds of dollars for a CA to sign it.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
great post, still one short question for Windows users: it's not enough to download the .exe (either installer or standalone) and to check its properties for digital signature, to see the certificates used? Can an attacker resign such .exe files with new certificates to mimic the original ones?
Good question. No and no. Hackers wouldn't be able to sign the file after modifying it's code which would result in the signature not matching for the file.

I wouldn't trust using the digital signature of the software as a guarantee that the software hasn't been modified in a malicious manner. CAs has been compromised before and some of them were able to issue fake certification to state actors or hackers. PGP is the only way to ensure that you're downloading the version that is signed by ThomasV.

Also, some of the binaries during the Electrum phishing were actually digitally signed by the hackers using some presumably compromised CA.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
great post, still one short question for Windows users: it's not enough to download the .exe (either installer or standalone) and to check its properties for digital signature, to see the certificates used? Can an attacker resign such .exe files with new certificates to mimic the original ones?
You're verifying the signature of ThomasV using his public key which is outside of the software. There is no reason to remove the certificate from the software, because the hacker's signature won't be verified using ThomasV's public key.
member
Activity: 178
Merit: 32
great post, still one short question for Windows users: it's not enough to download the .exe (either installer or standalone) and to check its properties for digital signature, to see the certificates used? Can an attacker resign such .exe files with new certificates to mimic the original ones?
legendary
Activity: 2366
Merit: 2054
I'm trying to acquire a "nested segwit address" from electrum but i guess it's hard for a newbie like me to download such a thing.
in the fact you are a senior member.

Open electrum wallet select already seed > select option > tick BIP39 > then select p2wpkh-p2sh:

or export your native private key then select import private key on beginning electrum then put p2wpkh-p2sh: on front.
legendary
Activity: 3472
Merit: 10611
Why can't we send BTC to native segwit address in Electrum? Is this just a limitation?

I am sending from my "I'm Token" mobile wallet. It says that I should send to an address that starts with "3" or "1".

because the other wallet you are currently using and are trying to send from appears to not support Bech32 addresses which has nothing to do with bitcoin. you should complain to the developers of that wallet and ask why they haven't added a feature that has been a part of bitcoin for 3 years already!
hero member
Activity: 2072
Merit: 542
DGbet.fun - Crypto Sportsbook
Why can't we send BTC to native segwit address in Electrum? Is this just a limitation?

I am sending from my "I'm Token" mobile wallet. It says that I should send to an address that starts with "3" or "1".

I'm trying to acquire a "nested segwit address" from electrum but i guess it's hard for a newbie like me to download such a thing.
Pages:
Jump to: