Author

Topic: How to I get rid of electrum? (Read 374 times)

legendary
Activity: 2268
Merit: 18771
July 09, 2020, 03:40:12 AM
#22
He used Electrum to generate a private key, which means that private key must have come from a seed phrase. Whether or not he backs up the seed phrase or not makes no difference to the fact that his address is only as secure as the seed phrase which generated it.
Does Electrum not work like BIP39 in the sense that you start with a random seed (ie. very large random number)... and then convert that seed to the mnemonic phrase? As opposed to generating a mnemonic phrase and then going from that to the seed? Huh
pooya has already answered, but you can see the relevant code here: https://github.com/spesmilo/electrum/blob/master/electrum/mnemonic.py#L190

My point wasn't about the order of generation, though - it was with OP's apparent distrust of seed phrases. If he incorrectly believes seed phrases are somehow insecure, or does not trust how Electrum generates them, then simply choosing not to back his up doesn't solve those issues. If he wants to avoid seed phrases altogether then he would need to generate individual private keys directly from an entropy source, such as flipping a coin.

Having said all that, even if he does that, then there would still be multiple possible seed phrases which would lead to that private key at some derivation path.
legendary
Activity: 3472
Merit: 10611
July 08, 2020, 11:02:44 PM
#21
Does Electrum not work like BIP39 in the sense that you start with a random seed (ie. very large random number)... and then convert that seed to the mnemonic phrase? As opposed to generating a mnemonic phrase and then going from that to the seed?

yes, it is the same but with an additional step before converting the seed to mnemonic. here are the steps:
1. generate a random entropy/seed (which is random 132 bits to get 12 words)
2. convert the entropy to a mnemonic
3. compute HMACSHA512 of 2 using the key = "Seed version"
4. check if the initial 8-bit or 12-bits match the seed version you are trying to create. for example if you want a SegWit wallet it has to be 0x100 or 0b00010000_0000
5. if 4 failed then increment the entropy by 1 and restart at step 2 otherwise return the result

so basically each time you create an Electrum mnemonic you are using brute force to find one that gives you a certain initial "string", similar to what Vanity generators do!
HCP
legendary
Activity: 2086
Merit: 4363
July 08, 2020, 06:44:26 PM
#20
He used Electrum to generate a private key, which means that private key must have come from a seed phrase. Whether or not he backs up the seed phrase or not makes no difference to the fact that his address is only as secure as the seed phrase which generated it.
Does Electrum not work like BIP39 in the sense that you start with a random seed (ie. very large random number)... and then convert that seed to the mnemonic phrase? As opposed to generating a mnemonic phrase and then going from that to the seed? Huh

It's been such a long time since I looked at the inner workings of the Electrum code Wink
legendary
Activity: 2268
Merit: 18771
July 08, 2020, 02:41:35 AM
#19
Electrum-style seed phrases select a word from a dictionary of 2048 words, so take the exponent of that by eleven (the last word is a checksum as o_e_l_e_o said) and you get 2.658456e+36
Further to pooya87's reply above, when we are considering BIP39 phrases (and not Electrum phrases) the last word is not wholly a checksum. It contains the checksum, but it also contains some of your entropy as well. The exact proportions of each are dependent on how long your phrase is.

In BIP39 seed phrases, there is 1 bit of checksum for every 32 bits of entropy, and each word encodes 11 bits of data. So for a 12 word phrase, which contains 12*11 = 132 bits of data, 128 bits are entropy and 4 bits are checksum. This means the final word encodes 7 bits of entropy and the 4 bits of checksum. For a 24 word phrase, the final word encodes 3 bits of entropy and 8 bits of checksum.

Because of this, it's not accurate to calculate the security of BIP39 phrases by calculating 2048 raised to the number of words. Instead you have to calculate 2 raised to the bits of entropy - 2128 in the case of 12 word seed phrases, or 2256 in the case of 24 words.
legendary
Activity: 3472
Merit: 10611
July 07, 2020, 10:18:01 PM
#18
Electrum-style seed phrases select a word from a dictionary of 2048 words, ~~ (the last word is a checksum as o_e_l_e_o said) ~.
this is wrong.
you are thinking of BIP39 mnemonics not Electrum since the later do not use checksum at all. there is an initial version byte that must be satisfied and could act as a checksum but it isn't exactly a checksum specially since it is too small (8-bits or 12-bits depending on the type).
as for the dictionary, Electrum is not limited to the default dictionaries and can have any custom ones that contain any number of words.

Quote
Still, it's easier to disguise a seed phrase when you write it down than a private key. You could put several dummy words in the phrase and arrange them in a pattern that only you know, and that's possible because they are just a bunch of words. You can even write them in a different language if you want to obscure them. Whereas a private key has a fixed format that anybody with technical knowledge can recognize.
that does not give you any kind of meaningful security.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
July 07, 2020, 09:55:26 PM
#17
It's much easier to back up 12 words than a long private key for a single address, isn't it?

In my opinion? It's the same thing.

Seed and private keys are very different things

A seed is a master key which is able to generate all of your private keys, which are mathematically related. Saving a bunch of private keys without their mathematical relationship in a piece of paper is very uncomfortable, dangerous, tiresome and inefficient.

From mastering bitcoin:

Quote
https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc
Deterministic wallets were developed to make it easy to derive many keys from a single "seed." The most advanced form of deterministic wallets is the HD wallet defined by the BIP-32 standard. HD wallets contain keys derived in a tree structure, such that a parent key can derive a sequence of children keys, each of which can derive a sequence of grandchildren keys, and so on, to an infinite depth. This tree structure is illustrated in Type-2 HD wallet: a tree of keys generated from a single seed.

Saving a seed results in:


You are doing this:
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
July 07, 2020, 07:02:56 PM
#16
Electrum-style seed phrases select a word from a dictionary of 2048 words, so take the exponent of that by eleven (the last word is a checksum as o_e_l_e_o said) and you get 2.658456e+36, while the number of valid private keys is many times larger, 2**256 minus a relatively smaller, but still extremely large, number, to give 1.1579209e+77 combinations.

Still, it's easier to disguise a seed phrase when you write it down than a private key. You could put several dummy words in the phrase and arrange them in a pattern that only you know, and that's possible because they are just a bunch of words. You can even write them in a different language if you want to obscure them. Whereas a private key has a fixed format that anybody with technical knowledge can recognize.
legendary
Activity: 2268
Merit: 18771
July 03, 2020, 06:18:16 AM
#15
My bad - deleted the wrong line from the reply. Fixed. Smiley
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
July 03, 2020, 06:03:12 AM
#14
@o_e_l_e_o: you are 100% correct, but you messed up the quote in your previous post...

I never claimed that:
Private key 1 = Hash(seed +"1")
Private key 2 = Hash (seed + "2")

I was quoting BlackHatCoiner when he assumed this fact, but the quote has been messed up so it looks like i was the one who made this assumption Smiley
legendary
Activity: 2268
Merit: 18771
July 03, 2020, 05:03:29 AM
#13
Private key 1 = Hash(seed +"1")
Private key 2 = Hash (seed + "2")
It's actually:

Seed phrase and passphrase (if used) are fed in to 2048 rounds of PBKDF2 using HMAC-SHA512 to derive a 512 bit seed number.
512 bit seed number undergoes HMAC-SHA512 to generate master private key and master chain code.
Master public key is calculated from master private key using elliptic curve multiplication.
Master public key, master chain code, and index number are fed in to HMAC-SHA512, and the left 256 bits added to the master private key to generate a child private key. The right 256 bits become the child chain code.
Repeat the last step multiple times to work down the derivation path to reach your desired private key - for a legacy address on Electrum this will be m/44'/0'/0'/0/0.

Backing up a seed phrase is better than backing up an individual private key for multiple reasons. It is easier to do (since you should be writing it down by hand on paper and not storing it electronically), it is less prone to errors, it provides access to all your addresses instead of just one, it doesn't encourage address reuse, it solves problems with change outputs, and the list goes on.

-snip-
Although you are obviously correct regarding a seed phrase being secure, it actually doesn't matter if BlackHatCoiner thinks it is more secure or not. He used Electrum to generate a private key, which means that private key must have come from a seed phrase. Whether or not he backs up the seed phrase or not makes no difference to the fact that his address is only as secure as the seed phrase which generated it.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 03, 2020, 03:06:04 AM
#12
I think that you are doing it wrong. If the computer had any "surprise" on it you'll find out very late, when the funds from your safe wallet get vanished.
I'd consider using a live OS (maybe on a stick) which you use only for this purpose (with no internet, obviously). And then you'll format the stick and you are pretty much OK. If you use Tails with default settings you'll have Electrum on it and it will never save the wallet, so you are sure the data is lost at reboot.

Ah don't tell me that stuff... I think I've been a big paranoid enough. I don't think anyone will stole my funds, like ever...
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
July 03, 2020, 02:57:59 AM
#11
I had installed it months ago, in order to generate an address, and I wanted keep that address' private key somewhere safe. I did.

I think that you are doing it wrong. If the computer had any "surprise" on it you'll find out very late, when the funds from your safe wallet get vanished.
I'd consider using a live OS (maybe on a stick) which you use only for this purpose (with no internet, obviously). And then you'll format the stick and you are pretty much OK. If you use Tails with default settings you'll have Electrum on it and it will never save the wallet, so you are sure the data is lost at reboot.

Also writing down the private key is easy to mistake, be careful.


It's much easier to back up 12 words than a long private key for a single address, isn't it?

In my opinion? It's the same thing.

Actually writing down seed is easier. But beware, Electrum seed works only with Electrum (if you use it with a different wallet you'll get different addresses).
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
July 03, 2020, 02:32:13 AM
#10
Yes but isn't easier for someone to brute force a seed? Sorry, but I don't get how the seed works. You say that by having it you have access to all of your keys. Does it work like that?

Private key 1 = Hash(seed +"1")
Private key 2 = Hash (seed + "2")

And so on.

Many interesting discussions have been devoted to this topic... For example: bitcointalk.org/index.php?topic=1716725.0

Bottom line is pretty simple: no, it's not easy to brute force a seed...

A seed might look like just 12 words out of a fixed wordlist... So a normal person would assume it's as safe as a 12 character password... But it's not... It's as safe as a 12 character password using random characters out of a 2048 character set (well, the last word is a checksum)... And to top it off, one iteration while brute-forcing a seed is very resouce intensive (seed => master private key => derivation of private key 1 => public key 1 => address 1 => checking for balance... derive the next private key, check all derivation paths,...).

So far, i haven''t heared about any key collisions that weren't caused by some bug in the rng...

It's just one of those things that are hard to grasp, a seed looks really easy to brute-force since it's just a string of 12 words you actually know... But if you'd try to write a small script to scan the complete keyspace, you'd very soon learn that it's basically "allmost impossible" (defenately with the hardware we currently have)
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 03, 2020, 02:23:05 AM
#9
Yes but isn't easier for someone to brute force a seed? Sorry, but I don't get how the seed works. You say that by having it you have access to all of your keys. Does it work like that?

Private key 1 = Hash(seed +"1")
Private key 2 = Hash (seed + "2")

And so on.
legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
July 02, 2020, 10:08:35 PM
#8
-snip- When I opened it after the installation it seems that it "remembered" my previous wallet's name. How is this possible? Because I'm a little paranoid.
As BitCryptex said, uninstalling Electrum only removes software, while wallet files, configuration settings, blockchain headers, etc. are not deleted and stored in the Electrum datadir. You can find it at the following location:

Also, what's the point of that seed since I have the private key in a safe place?
In summary, a the private key is what lets you access the funds associated with one public address in your wallet. But when you create new public addresses for each new deposit to your wallet for security reasons, it also creates a new private key which means when you backup your wallet, you’ll have to save all these public key - private key pairs. Instead if your wallet is Deterministic, you could simply use the seed words to restore your wallet. Seed words can be used to programatically generate all the public key - private key pairs you own.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
July 02, 2020, 09:49:43 PM
#7
Since you can save your seed why don't you just export your keys in csv. You will consume the same space.
Is this a response to their posts or another question?
Because seed phrase should be saved in a "physical form", written in a piece of paper or other alternatives.
That key dump in csv format is too troublesome/long to write.

And obviously, they won't consume the same amount of space.
Seed phrase is only 12-words (+extension), a key dump will consume one or more notebook pages.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 02, 2020, 06:50:19 PM
#6
Since you can save your seed why don't you just export your keys in csv. You will consume the same space.
hero member
Activity: 2940
Merit: 613
Winding down.
July 02, 2020, 06:14:46 PM
#5
All you need to keep is the seed and you can access it anytime and in any device, names can be changed so you will be able to change it also without a problem, as long as you can access the wallet with the seed, all transaction history will be seen intact.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
July 02, 2020, 06:05:47 PM
#4
Thanks.

It's much easier to back up 12 words than a long private key for a single address, isn't it?

In my opinion? It's the same thing.
Most people don't want to use the same address over and over again, mostly for privacy reasons. A seed offers much more leverage and convenience over backing up the many addresses generated when you spend your funds.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 02, 2020, 06:03:30 PM
#3
Thanks.

It's much easier to back up 12 words than a long private key for a single address, isn't it?

In my opinion? It's the same thing.
legendary
Activity: 1876
Merit: 3139
July 02, 2020, 06:01:12 PM
#2
When I open it after the installation it seems that it "remembered" my previous wallet's name. How is this possible? I uninstalled it.

The uninstaller doesn't delete the data from the AppData. Press WIN + R, enter %appdata% and you should see 'Electrum' folder among some other folders.

Also, what's the point of that seed since I have the private key in a safe place?

It's much easier to back up 12 words than a long private key for a single address, isn't it? Especially, if one wants to keep the backup on some piece of paper or engrave it on some kind of metal.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 02, 2020, 05:57:57 PM
#1
I had installed it months ago, in order to generate an address, and I wanted keep that address' private key somewhere safe. I did. And then, uninstalled electrum. But few minutes ago I needed to generate another address so I downloaded it again. When I opened it after the installation it seems that it "remembered" my previous wallet's name. How is this possible? Because I'm a little paranoid.

Also, what's the point of that seed since I have the private key in a safe place?
Jump to: