Author

Topic: Ideas for increased security (Read 192 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
January 03, 2020, 02:22:44 PM
#8
Why do I get the feeling like the OP is just shilling for IPFS and their shit-file-coin?

Am I being overly cynical, is it just me?  I did have to go back to work today after two weeks off, so maybe it's just me.

You don't need any cryptocurrency to use IPFS, in fact i never touch any cryptocurrency when i use IPFS.

Any cryptocurrency (e.g. filecoin) is as extension or build on top of IPFS.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
January 02, 2020, 04:10:44 PM
#6
Why do I get the feeling like the OP is just shilling for IPFS and their shit-file-coin?

Am I being overly cynical, is it just me?  I did have to go back to work today after two weeks off, so maybe it's just me.
legendary
Activity: 3472
Merit: 10611
January 01, 2020, 11:30:33 PM
#5
  • Publish the releases on IPFS.  (The link is also the hash & it's decentralized)
i don't think it can be a viable option because IPFS requires peers to continue seeding content. for example right now that we are on version 3.x peers have to continue seeding version 1.9 because someone might need it (eg. recovering a wallet file that doesn't work in new versions). and that is not something that people would do. best case scenario is decent seeds for new versions and older ones dying.

Quote
  • Digitally sign the releases (whether published on the legacy website or on IPFS)
the releases are already signed using PGP.

Quote
  • Let me see the software version # when I launch the app, without having to enter my wallet password!  I need this to see if there's an update before entering my pw into a potentially vulnerable version.
  • Let me check for updates before entering my password to my wallet.
this won't solve much. if you want security then you shouldn't be using the wallet online (on a computer that is connected to the internet). look into Electrum's cold storage options.
not to mention that the initial entering of your password only decrypts the public information such as your addresses and transaction history not your private keys.

Quote
  • Establish a presence on the new, decentralized web platforms.  Operate under the assumption that your domain name will eventually be compromised either by thieves or the government (yet, I repeat myself! Smiley )
it won't matter as long as users continue doing these two things:
1. verify the deterministic builds hashes
2. verify the PGP signature of each release.
or simply build from source code.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
January 01, 2020, 07:49:14 PM
#4
I think op means the current implementation. As currently there's either a yes or no option or an OK one (I forget which).

It is probably a good idea to enable users to check for an update before the password is entered but implementation might be difficult as it then changes how the software loads from the very start(....)
This is something like, if ever there is an update you will be notify before to enter your password. Is it something like forcing the user to update their electrum client?
Might be difficult if that so, what if the user don't want to update their client? do they can still proceed?
Difficult implementation for sure .
legendary
Activity: 2534
Merit: 1397
January 01, 2020, 07:29:14 PM
#3
It is probably a good idea to enable users to check for an update before the password is entered but implementation might be difficult as it then changes how the software loads from the very start(....)
This is something like, if ever there is an update you will be notify before to enter your password. Is it something like forcing the user to update their electrum client?
Might be difficult if that so, what if the user don't want to update their client? do they can still proceed?
Difficult implementation for sure .
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
January 01, 2020, 04:50:42 PM
#2
This is probably the wrong place to make this also as you're better off posting it on their github... I don't think the electrum deva are as active here as elsewhere...

It is probably a good idea to enable users to check for an update before the password is entered but implementation might be difficult as it then changes how the software loads from the very start: which in theory should be easy to implement but turn out to be difficult to implement depending on how their engine renders screens...
newbie
Activity: 1
Merit: 0
January 01, 2020, 04:37:46 PM
#1
Here are some ideas for increased security with the Electrum wallet:

  • Publish the releases on IPFS.  (The link is also the hash & it's decentralized)
  • Digitally sign the releases (whether published on the legacy website or on IPFS)
  • Let me see the software version # when I launch the app, without having to enter my wallet password!  I need this to see if there's an update before entering my pw into a potentially vulnerable version.
  • Let me check for updates before entering my password to my wallet.
  • Establish a presence on the new, decentralized web platforms.  Operate under the assumption that your domain name will eventually be compromised either by thieves or the government (yet, I repeat myself! Smiley )
Jump to: