Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: Somewhat clueless questions about the Electrum seed, and security in general (Read 1122 times)

bizz
hero member
Activity: 492
Merit: 500
Somewhat clueless questions about the Electrum seed, and security in general
November 05, 2013, 04:55:25 PM
#6
Quote from: fireduck on November 05, 2013, 02:20:14 PM
Quote from: oda.krell on November 05, 2013, 01:34:12 PM
Okay, I see. My misconception was that I assumed the user password had to be stored somewhere, when in reality, it is itself the key for decrypting the seed. D'oh.

In other words, someone gaining physical access to my (Electrum) files will gain no additional benefit over trying to brute force the user password directly.

If they can run things on your computer (malware):
- Read the seed out of your computers RAM when you type in your password
- Read the electrum files off your drive and read your password when you type it
- Read the electrum files off your drive and brute force your password



To continue: if you create offline Electrum system (http://electrum.org/tutorials.html#offline-mpk) you can remove those risks.
fireduck
sr. member
Activity: 392
Merit: 251
Re: Somewhat clueless questions about the Electrum seed, and security in general
November 05, 2013, 02:20:14 PM
#5
Quote from: oda.krell on November 05, 2013, 01:34:12 PM
Okay, I see. My misconception was that I assumed the user password had to be stored somewhere, when in reality, it is itself the key for decrypting the seed. D'oh.

In other words, someone gaining physical access to my (Electrum) files will gain no additional benefit over trying to brute force the user password directly.

An attacker needs the seed.  If you are using a password their options are:

If they have physical access to your stuff:
- Read the piece of paper you probably have your seed words on

If they can run things on your computer (malware):
- Read the seed out of your computers RAM when you type in your password
- Read the electrum files off your drive and read your password when you type it
- Read the electrum files off your drive and brute force your password

oda.krell
legendary
Activity: 1470
Merit: 1007
Re: Somewhat clueless questions about the Electrum seed, and security in general
November 05, 2013, 01:34:12 PM
#4
Okay, I see. My misconception was that I assumed the user password had to be stored somewhere, when in reality, it is itself the key for decrypting the seed. D'oh.

In other words, someone gaining physical access to my (Electrum) files will gain no additional benefit over trying to brute force the user password directly.
ThomasV
legendary
Activity: 1896
Merit: 1353
Re: Somewhat clueless questions about the Electrum seed, and security in general
November 05, 2013, 01:10:15 PM
#3
The seed is 128 bits long. (which is very strong, because it corresponds, in terms of bruteforce iterations, to the strength of a 256 bits ecdsa public key, not to a 128 bits key)
The seed is encrypted with the user chosen password.

Whenever something needs to be signed (for example if you spend bitcoins), then the seed is temporarily decrypted with the user provided password.
al.matic
newbie
Activity: 57
Merit: 0
Re: Somewhat clueless questions about the Electrum seed, and security in general
November 05, 2013, 09:24:08 AM
#2
Quote from: oda.krell on November 05, 2013, 08:57:55 AM
But what about the password itself? I realized I have no clue how the password is stored, and if it is a possible attack vector to retrieve the password, and with the help of it, retrieving the seed.

I don't think the password is stored anywhere. When you type the password Electrum derives the wallet encryption/decryption key directly from the password (it does not compare the password or its hash with anything).
oda.krell
legendary
Activity: 1470
Merit: 1007
Re: Somewhat clueless questions about the Electrum seed, and security in general
November 05, 2013, 08:57:55 AM
#1
Hey.

I'm somewhere between "completely clueless" and "mildly informed" on this topic, so please forgive me if I get the terminology wrong or misunderstood something. That said, here's my question:

Electrum uses deterministic key generation, i.e. it derives my private keys "on demand" from the seed generated at the time of installation/wallet creation.

(Roughly) correct so far?

This key is stored *unencrypted* by default inside electrum.dat, but setting a transaction password will make electrum *encrypt* the seed. Correct?

Here's my question: say someone gets physical access of my computer. My hdd is not encrypted, so he will be able to receive a complete copy of all files on my computer.

The seed is encrypted with a 128 bit key, so assuming my password was chosen sufficiently random, the seed should be protected.

But what about the password itself? I realized I have no clue how the password is stored, and if it is a possible attack vector to retrieve the password, and with the help of it, retrieving the seed.

Can you explain how that approach is prevented (note that by "explain" I mean: a bit more technical than "Explain like I'm 5", but not with the full detail of "Explain like I'm an open source encryption software developer" :P)
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: