Author

Topic: P2SH electrum addresses insecure seed backup (Read 231 times)

legendary
Activity: 1453
Merit: 1030
August 16, 2018, 03:17:34 AM
#13
Thanks for all the input, appreciate it. I tried recreating the 3-addresses from a BIP39 generation page (on an offline computer, obviously) but it doesn't recognize the seed [as HCP said]. The steps to recreate the wallet in electrum are easy enough and I'll note the extra steps in the written backup [taking Abdussamad's advise here]. Electrum utilizes suggestion spelling, by the way, so human error is kind of out of the question. Next to that, I'll make some file backups too.
HCP
legendary
Activity: 2086
Merit: 4361
It is however not really a bip39 seed mnemonic.
Quoted for emphasis... the OP really needs to understand the significance of this statement.

Electrum seed mnemonics ARE NOT BIP39 compatible. They may (currently) use the same wordlists and have 12 words like a BIP39 seed, but they are actually constructed in such a way that if you put one into a BIP39 compatible wallet, it will tell you that it is "invalid".

Most BIP39 wallets I've seen will refuse to import an "invalid" seed mnemonic... they don't have an "ignore checksum" option.

The article linked to in the OP should be thought of as a "hack" to force Electrum to generate "P2SH-P2WPKH" (aka "3-type") SegWit wallets. Unless you fully understand what you are doing and how this may affect wallet restoration/recovery in the future, you should probably not be messing around with this.


Another (possibly safer) option, is to simply use a BIP39 wallet to generate a BIP39 seed mnemonic... and use that with Electrum to generate your P2SH-P2WPKH Segwit wallet. At least that way, you can be sure that your seed mnemonic is actually BIP39 compatible Wink
legendary
Activity: 3682
Merit: 1580
If you would have clicked on the link, you would have seen that it indeed is a BIP39 seed.

I own bitcoinelectrum.com. I wrote that article.

That's an electrum seed being used as convenient source of entropy for the generation of a p2sh segwit wallet because electrum doesn't support those out of the box. When creating the wallet you tell electrum that the seed is bip39 which is what gives you the option to set the derivation path in the next step. It is however not really a bip39 seed mnemonic.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Compatibility is a big pro regarding BIP 39 seeds.
You can definitely rely on that since multiple wallets do use BIP39. And even if you don't want to rely on other wallets, you always can simply download tools to convert from BIP39 to private keys.
Just to add to this, this site does a lot with derivation of BIP39 seeds into private keys. It has also be archived by at least one archive site on at least one occasion so far.

If coinimi take their site down, there is still access to the seeds in the private keys.
There is more of a worry of doing what I do in that if electrum ever stops being produced, our seeds could be at risk (however, I keep offline backups of almost every version since 2.6.x - a bit extreme but it means I can always get my coins back if the site and apps go down).

(P.S, I was going to post when this was originally created by my computer failed to work out what links were yesterday Grin).

In Abdussamad's defense, it's not for us to second guess what the op is saying and it's not always a good idea to expect people will click links to what could easily be stated in the OP.
legendary
Activity: 1624
Merit: 2481
@OP
If you feel your question has been answered, please lock your topic in the lower left corner of this thread (click 'lock topic').





The seed in question is not a bip39 seed

You obviously weren't even able to read the OP properly:

If you would have clicked on the link, you would have seen that it indeed is a BIP39 seed.



No one is claiming cross wallet compatibility and you can't rely on that.

 Huh
Compatibility is a big pro regarding BIP 39 seeds.
You can definitely rely on that since multiple wallets do use BIP39. And even if you don't want to rely on other wallets, you always can simply download tools to convert from BIP39 to private keys.



To add to the above to use it as a bip39 seed you have to turn off checksum checking and that also means that typos in seed entry/seed notation can go unchecked. Then there's the question of the derivation path. You have to note that down too. So overall if you make a copy of the wallet file it'll contain everything that electrum needs to know to recreate your wallet and you don't have to rely on an human's getting it right.

The derivation path is not that hard to find out..
Legacy: m/44'/0'/0'
p2sh-segwit: m/49'/0'/0'
native segwit: m/84'/0'/0'

Its not really necessary to write it down.. this information can always be found with google within 1 minute.

A copy of the wallet file has a way higher chance to get corrupted than a proper handwritten backup. Such a backup is inalienable. While a backup of the file definitely is faster to restore, it is no way that reliable.

legendary
Activity: 3682
Merit: 1580
you will forget those steps 2 years from now unless you note them down in explicit detail on the same paper where you wrote down the seed. also 2 years from now electrum's UI may have changed a lot so the instructions won't make sense. hence the warning not to rely on seed backup and just make a copy of the wallet file.

BIP39 seeds will be supported way longer than 2 years. Not necessarily by electrum, but by enough other wallets to regenerate all private keys.
BIP39 has been adopted by many wallets/services. You'll find a lot of tools regarding BIP39 <-> private key conversion.

The risk of not being able to reproduce private keys out of a bip39 phrase is very small. But the chance of not being able to access the private keys with a 2 year old wallet file is way bigger.

A copy of the wallet file can be handy, but does NOT replace a 'traditional' hand-written backup in form of a 12/18/24 word bip39 phrase.


The seed in question is not a bip39 seed but an electrum one. No one is claiming cross wallet compatibility and you can't rely on that.

To add to the above to use it as a bip39 seed you have to turn off checksum checking and that also means that typos in seed entry/seed notation can go unchecked. Then there's the question of the derivation path. You have to note that down too. So overall if you make a copy of the wallet file it'll contain everything that electrum needs to know to recreate your wallet and you don't have to rely on an human's getting it right.
legendary
Activity: 1624
Merit: 2481
you will forget those steps 2 years from now unless you note them down in explicit detail on the same paper where you wrote down the seed. also 2 years from now electrum's UI may have changed a lot so the instructions won't make sense. hence the warning not to rely on seed backup and just make a copy of the wallet file.

BIP39 seeds will be supported way longer than 2 years. Not necessarily by electrum, but by enough other wallets to regenerate all private keys.
BIP39 has been adopted by many wallets/services. You'll find a lot of tools regarding BIP39 <-> private key conversion.

The risk of not being able to reproduce private keys out of a bip39 phrase is very small. But the chance of not being able to access the private keys with a 2 year old wallet file is way bigger.

A copy of the wallet file can be handy, but does NOT replace a 'traditional' hand-written backup in form of a 12/18/24 word bip39 phrase.
legendary
Activity: 3682
Merit: 1580
you will forget those steps 2 years from now unless you note them down in explicit detail on the same paper where you wrote down the seed. also 2 years from now electrum's UI may have changed a lot so the instructions won't make sense. hence the warning not to rely on seed backup and just make a copy of the wallet file.
legendary
Activity: 1453
Merit: 1030
The electrum client says they don't guarantee BIP39 will always be supported. I take it I can, however, always generate the same addresses+keys in version 3.1.3 with my seed.
Just checking to make absolutely sure I don't send anything into a black hole.
As long as your addresses are generated using the seed, you will always be able to recover your addresses with your seeds. The main issue that they've highlighted is that you could forget to add the extra parameters when restoring your wallet in the future and get confused. Its totally fine if you can deal with this.

Thanks for confirming, as I went through the steps to get those 3-addresses, it's well ingrained to retrieve them the same way.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
The electrum client says they don't guarantee BIP39 will always be supported. I take it I can, however, always generate the same addresses+keys in version 3.1.3 with my seed.
Just checking to make absolutely sure I don't send anything into a black hole.
As long as your addresses are generated using the seed, you will always be able to recover your addresses with your seeds. The main issue that they've highlighted is that you could forget to add the extra parameters when restoring your wallet in the future and get confused. Its totally fine if you can deal with this.
legendary
Activity: 1453
Merit: 1030
Because you aren't using Electrum's default procedure to create a wallet. But this doens't really make your wallet backup insecure. It's just that you'll need to do the same extra steps when recovering your wallet (checking BIP39, etc...) to specify the wallet type.

The electrum client says they don't guarantee BIP39 will always be supported. I take it I can, however, always generate the same addresses+keys in version 3.1.3 with my seed.
Just checking to make absolutely sure I don't send anything into a black hole.
legendary
Activity: 2758
Merit: 6830
Because you aren't using Electrum's default procedure to create a wallet. But this doens't really make your wallet backup insecure. It's just that you'll need to do the same extra steps when recovering your wallet (checking BIP39, etc...) to specify the wallet type.
legendary
Activity: 1453
Merit: 1030
Hi, can anyone explain to me why a seed backup of an electrum wallet generated in client 3.1.3 can't be relied on?

It says so at the end of this article: https://bitcoinelectrum.com/creating-a-p2sh-segwit-wallet-with-electrum/

I assume I could, in a future moment in time, just use electrum version 3.1.3 to recreate the addresses.

Jump to: