Author

Topic: Is it possible ? (Read 714 times)

legendary
Activity: 1806
Merit: 1164
March 24, 2016, 01:29:36 PM
#15
I get tired of repeating myself but if you have more than a few bitcoin the private keys should be in a hardware wallet of your choice. I like Trezor more than the other options but if you are on a budget you can get a Ledger HW.1 for less than $20.

Sure you can do cold storage with Armory or Electrum using two computers but that is such a pain. It does not look like Armory will add Trezor support any time soon.

Trezor dev mentioned in this thread on reddit that soon Bitpay Bitcore full node will support Trezor. If you do not want to run your own Bitcore full node (will need a laptop running Linux) there will be an option in myTrezor.com to connect to public Bitcore servers like localbitcoinschain.com, insight.bitpay.com or blockexplorer.com instead of SatoshiLabs servers.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
March 24, 2016, 12:37:40 PM
#14
Would CHKROOTKIT application make my security even stronger , I learned by reading online its the best help against a rootkit, and a hacker only chance in Linux is only through rootkits?
I know 100% security doesn't exist, but I think this is the best security online.

A rootkit is just a mashed term for almost anything that has root access. Linux can be attacked on the user level, but its usually not effective. E.g. a keylogger would need root level access.

I cant recommend CHKROOTKIT or any other software of that kind as Im not a big fan of anti virus solutions in general. The less software your machine has the less software can have a vulnerability. Keep the system as simple as possible, be careful what you install and keep your software up to date. If you want to use anti virus software use them from a different OS (e.g. from a clean boot CD/DVD/).
copper member
Activity: 1442
Merit: 529
March 24, 2016, 05:08:38 AM
#13
Would CHKROOTKIT application make my security even stronger , I learned by reading online its the best help against a rootkit, and a hacker only chance in Linux is only through rootkits?
I know 100% security doesn't exist, but I think this is the best security online.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
March 24, 2016, 03:36:10 AM
#12
How my coins are gone, when you cannot have the seed ? Didn't understand that part, as no matter what part of keyloggers in Linux (which I think have 0 chances to come in my Pc) the seed is in another USB and was put there knowing for sure my PC was clean at that time.
Thats my definition of secure, but the more ideas in this thread the better.

If a thief have your wallet file and the password from the keylogger then they don't need the seed, they can simply make transactions from that wallet since they know the password.

It isn't easy on linux machine but still anything is possible, to protect from that you should make a cold wallet, keep your coins there, make a watch only wallet on the machine which stays online and then just transfer your transaction from the watch only wallet to the cold one to sign it and bring it back to broadcast it.

No thief can have my password in Electrum, if I lose it not even Electrum programmers can find it for me, of course I can recover my money via the seed.(premising that when I add the password my PC was clean, 100% sure about that)

I have my seed in an HP USB 3.0 but I guess I should by at least 2 more.

If you believe there is no chance that your machine will get infected you need to improve your knowledge. The chances are lower for Linux than they are for windows, but the chance is never zero. Just because you are no target, does not mean your defenses are good. The seed is stored in your wallet as well. Every time you spend coins the wallet is unlocked and your password is in your systems memory. If the system is infected the attacker has the password as soon as you enter it.

Btw Im not trying to convince you to change your setup (Im using electrum (hot & cold) myself). I just want you to be aware that 100% security is not possible.

newbie
Activity: 26
Merit: 0
March 24, 2016, 03:33:46 AM
#11
 I have been thinking about these issues a lot since losing aprox 5k a month ago. My client is also 2.5.4, it came with the tails 2.20 os i run from a usb. Protecting my persistant volume is a strong password.
 I copied a address to text editor, then saved it to a file. 30 min later i opened my electrum wallet, went to send tx pg, and pasted from file into pay to box. Then hit send.
 I went back to wallet a few hrs later to see if it had confirmed, one confirmation, pending. While checking i noticed the send to addy seemed different from the addy i originaly put in files, so i went to where i got the payees addy and found it was different. I should have noticed, it wasent even close.
 So tryed to cancel tx, didnt work, it had that one confirm, still pending, but no idea how to stop it. It now has 5,000 confirms, one for every dollar i lost.
 I dont blame electrum (the client not the gold silver alloy). I dont think the text editor exploit got me, its a mystery. I can see my coins, their not mooving.
copper member
Activity: 1442
Merit: 529
March 24, 2016, 01:53:57 AM
#10
How my coins are gone, when you cannot have the seed ? Didn't understand that part, as no matter what part of keyloggers in Linux (which I think have 0 chances to come in my Pc) the seed is in another USB and was put there knowing for sure my PC was clean at that time.
Thats my definition of secure, but the more ideas in this thread the better.

If a thief have your wallet file and the password from the keylogger then they don't need the seed, they can simply make transactions from that wallet since they know the password.

It isn't easy on linux machine but still anything is possible, to protect from that you should make a cold wallet, keep your coins there, make a watch only wallet on the machine which stays online and then just transfer your transaction from the watch only wallet to the cold one to sign it and bring it back to broadcast it.

No thief can have my password in Electrum, if I lose it not even Electrum programmers can find it for me, of course I can recover my money via the seed.(premising that when I add the password my PC was clean, 100% sure about that)

I have my seed in an HP USB 3.0 but I guess I should by at least 2 more.

sr. member
Activity: 412
Merit: 287
March 24, 2016, 12:01:03 AM
#9
I recommend against the trusted USB approach, they are too easily formatted/broken/lost. Keep several copies written down, and look into LUKS encrypting the USB if you're keen on that method.

Tails is also great - it has electrum installed by default, and integrates well with encrypted USB's.
hero member
Activity: 812
Merit: 1000
March 23, 2016, 09:57:56 PM
#8
How my coins are gone, when you cannot have the seed ? Didn't understand that part, as no matter what part of keyloggers in Linux (which I think have 0 chances to come in my Pc) the seed is in another USB and was put there knowing for sure my PC was clean at that time.
Thats my definition of secure, but the more ideas in this thread the better.

If a thief have your wallet file and the password from the keylogger then they don't need the seed, they can simply make transactions from that wallet since they know the password.

It isn't easy on linux machine but still anything is possible, to protect from that you should make a cold wallet, keep your coins there, make a watch only wallet on the machine which stays online and then just transfer your transaction from the watch only wallet to the cold one to sign it and bring it back to broadcast it.
copper member
Activity: 1442
Merit: 529
March 23, 2016, 04:37:04 PM
#7
How my coins are gone, when you cannot have the seed ? Didn't understand that part, as no matter what part of keyloggers in Linux (which I think have 0 chances to come in my Pc) the seed is in another USB and was put there knowing for sure my PC was clean at that time.
Thats my definition of secure, but the more ideas in this thread the better.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
March 23, 2016, 04:10:02 PM
#6
Thank you, that just empower my vision, Electrum is the most secure online wallet of all, especially if run in a much stronger than windows environment.

That certainly depends on your definition of secure.

Keep my coins here as the seed is in a usb i only have put once in my Linux system, password is a complete sentence which I remember so I guess for the moment I am secure. Never used the seed again, no matter what.

The thing you are missing is that there are keyloggers for Linux the same as there are for Windows. So if your machine is compromised your coins are gone no matter if its on Linux, Windows or Mac.
copper member
Activity: 1442
Merit: 529
March 23, 2016, 01:14:54 PM
#5
Thank you, that just empower my vision, Electrum is the most secure online wallet of all, especially if run in a much stronger than windows environment. Keep my coins here as the seed is in a usb i only have put once in my Linux system, password is a complete sentence which I remember so I guess for the moment I am secure. Never used the seed again, no matter what.
copper member
Activity: 924
Merit: 1007
hee-ho.
March 23, 2016, 11:30:06 AM
#4
I mean how can they get the coins if they don't have the seed and I only use the password in Linux when sending payments? I don't think this is possible so far, but I am glad to hear more ideas about it.

they can't send any coins without the wallet/seed/private keys and the private keys are stored in the wallet (unless you export them somewhere else.).
copper member
Activity: 1442
Merit: 529
March 23, 2016, 09:22:21 AM
#3
I mean how can they get the coins if they don't have the seed and I only use the password in Linux when sending payments? I don't think this is possible so far, but I am glad to hear more ideas about it.
legendary
Activity: 1512
Merit: 1012
March 23, 2016, 09:18:50 AM
#2
Yes, anything is possible. A password can be brute forced, or guessed. But if you have a strong password, you reduce the possibility of being stolen if you're hacked.

You should store the majority of your coins offline.
copper member
Activity: 1442
Merit: 529
March 23, 2016, 09:17:02 AM
#1
Is it possible that Electrum wallet to be hacked in a Linux environment? My specific question is if it is then how can the hacker get the private keys, when you have a lot of addresses and you have the seed which you stored securely when installing Electrum for first time, also you have add a very strong password which if you lose , you cannot get it back, but can get your money back by restoring the seed. Is this scenario possible? Asking this as I am saving all my btc in Electrum 2.5.4 online. Wanna hear some expert opinions about this scenario.
Jump to: