Pages:
Author

Topic: Time to move from Electrum (Read 798 times)

copper member
Activity: 127
Merit: 0
March 01, 2018, 02:35:14 PM
#47
Electrum its really good, fast and easy solution to store and transfer your money.
legendary
Activity: 1372
Merit: 1252
March 01, 2018, 02:09:09 PM
#46
If you want to use segwit, now that Bitcoin Core 0.16 is released, you can easily use segwit addresses on the GUI. The default one is the nested one (3....) and in the receive tab you can find a way to enable the Bech32 address generation. To use legacy you must do some extra step.

Im going to keep my Electrum wallet for the duration of this campaign because I don't like to change my address while im participating on a campaign, and once it's done I will send the funds to a Bitcoin Core segwit address and im done with Electrum, I only used it because I was basically forced to, but it was positive because I learned some things.
member
Activity: 83
Merit: 14
February 25, 2018, 06:31:29 PM
#45
Like this (it's even in "hex"):



There is another version of a d16... like this:



I believe you can also get this type in "hex" as well.

I'm willing to argue that flawed dice, such as ones that SDP warns about, have demonstrable irrefutable levels of randomness and hence have serious advantages over TRUST in pseudo random computer algorithms.

(onslaught of criticism expected...)

I would greatly love to point out the error in your argument.

I can't, so I'll just ask for links to those HEX dice Cheesy



The biggest disadvantage of dice is if you are on secret camera. If anyone knows you are interested in crypto there's a risk someone installed secret cameras to get your private keys. It's unlikely, but possible.
sr. member
Activity: 1246
Merit: 261
★ Investor | Trader | Promoter
February 25, 2018, 04:43:50 PM
#44
Though I am new to using Electurm wallet, I find it worth and secured. The review and feedback was welcoming to open up this wallet. But you can still suggest me. I hold some btc in it and had few transactions from my Electurm wallet. As I required a segwit address, I had to choose Electurm. So far no issues I could come up with and I should admit that I do not have experience with another wallets then Coinbase, Electrum, myEtherwallet and Blockchain.info
legendary
Activity: 3472
Merit: 10611
February 13, 2018, 10:53:23 PM
#43
i am starting to think that the hex dices may actually not be completely random as it has a top and bottom so it may depend a lot on the way you throw the dice. you may favor one side more than the other!

maybe using a regular dice is better, they are easier to come by too.
or maybe using a Teetotum with 16 sides (although i have never seen one with 16 sides). here is a picture of one with 12:
HCP
legendary
Activity: 2086
Merit: 4363
February 13, 2018, 07:56:27 PM
#42
A simple google search for "hexadecimal dice" should get you what you want: http://bfy.tw/Gafd

My personal fav of the ones I've seen so far would be these: https://www.shapeways.com/product/NSPLK3A7C/hexadecimal-numbered-d16-pair-improved-larger?optionId=9261756

They look very cool!  Cool

And apparently people have even released "plans" for 3D Printers if you have access to one of those...
legendary
Activity: 1372
Merit: 1022
Anarchy is not chaos.
February 13, 2018, 03:51:33 PM
#41
Like this (it's even in "hex"):



There is another version of a d16... like this:



I believe you can also get this type in "hex" as well.

I'm willing to argue that flawed dice, such as ones that SDP warns about, have demonstrable irrefutable levels of randomness and hence have serious advantages over TRUST in pseudo random computer algorithms.

(onslaught of criticism expected...)

I would greatly love to point out the error in your argument.

I can't, so I'll just ask for links to those HEX dice Cheesy

legendary
Activity: 2926
Merit: 1386
February 12, 2018, 09:53:34 PM
#40
Like this (it's even in "hex"):



There is another version of a d16... like this:



I believe you can also get this type in "hex" as well.

I'm willing to argue that flawed dice, such as ones that SDP warns about, have demonstrable irrefutable levels of randomness and hence have serious advantages over TRUST in pseudo random computer algorithms.

(onslaught of criticism expected...)
HCP
legendary
Activity: 2086
Merit: 4363
February 12, 2018, 08:40:33 PM
#39
Like this (it's even in "hex"):



There is another version of a d16... like this:



I believe you can also get this type in "hex" as well.
legendary
Activity: 2926
Merit: 1386
February 12, 2018, 03:45:12 PM
#38
another option?

ingredients:
  • pen/pencil for writing: 1
  • paper to write on: as much as rquired
  • 16-sided hexadecimal dice: 1
  • an even ground to roll the dice 64 times: as big as possible!

congratulations you now own a private key. not to get your bitcoin address you need:
  • some tool to convert the hexadecimal result to a bitcoin address.
  • a DVD with live linux to run that tool

now you are only trusting ECDSA and hashes to be safe. Grin

There are no 16-faced Platonic solids.  The only games in town are: tetra-hedron, cube, decahedron, do-decahedron, and icosahedron, which have four, six, ten, twelve, and twenty-sides respectively.

You may have other shapes with exactly 16-faces but it will mean there will be a bias to some outcomes more than others.  You could use a 20-sided die and mark four of them as "re-roll".
These dice have a top and a bottom, each with eight sides, those being 45 degrees each. Top and bottom is an eight sided pyramid.  Given that symmetry it seems reasonable to consider them as a combo of a coin flip (top or bottom) and a random one of eight.

Personally I think this is far superior to any method of computer-generating "random numbers." The simple reason is the certainty that you have that nobody has monkeyed with the subroutines, because there are none.
sdp
sr. member
Activity: 470
Merit: 281
February 12, 2018, 01:12:02 PM
#37
another option?

ingredients:
  • pen/pencil for writing: 1
  • paper to write on: as much as rquired
  • 16-sided hexadecimal dice: 1
  • an even ground to roll the dice 64 times: as big as possible!

congratulations you now own a private key. not to get your bitcoin address you need:
  • some tool to convert the hexadecimal result to a bitcoin address.
  • a DVD with live linux to run that tool

now you are only trusting ECDSA and hashes to be safe. Grin

There are no 16-faced Platonic solids.  The only games in town are: tetra-hedron, cube, decahedron, do-decahedron, and icosahedron, which have four, six, ten, twelve, and twenty-sides respectively.

You may have other shapes with exactly 16-faces but it will mean there will be a bias to some outcomes more than others.  You could use a 20-sided die and mark four of them as "re-roll".
legendary
Activity: 2926
Merit: 1386
February 12, 2018, 12:54:23 PM
#36
Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
If you've downloaded the update... checked the digital signature (in the case of Electrum)... And transfer it to the air gapped computer, do you think that a user would be running any more risk than copying your transactions back and forth via USB?

Even if you messed up and downloaded a compromised version of the wallet... the fact that the computer itself is air gapped, should prevent any wallet/key leakage. At worst, the malware would only be able to try and slip something out via your USB... or potentially tamper with the transaction in some way (ie. change destination address during signing)

I would have thought that doing you due diligence of double checking your transactions and/or USB for anything "odd" should help prevent that.

lol, I Knew this concept would be controversial.

But here's where I was coming from.

Suppose you have an air gapped computer doing nothing but offline transactions. The intent is for it to sit in the corner for ten years and do that.

Now, how often and why would you mess with the programs on that thing?

Let's say for the ten years there are released 19 application program updates for a single wallet, and 26 operating system updates.

I look at that group of changes as major tampering with a secure air gapped machine. Too much too often for too little or zero return in terms of benefits.
legendary
Activity: 3472
Merit: 10611
February 11, 2018, 12:26:16 AM
#35
It was my understanding that the vulnerability was specifically to ONLINE wallets, and that an air gapped cold wallet wouldn't be a problem at all. A signed raw transaction can be broadcast from any connected node, so that scenario really doesn't apply.

Unless I'm wrong Cheesy

At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.

you are correct.
the wallet had to be OPEN and ONLINE and also you should have had a website open which tried to execute wallet commands through JSONRPC and your wallet had to have no password for this vulnerability to work!

just having Electrum installed, or having it always offline (cold storage), or setting the simplest password could prevent this.
newbie
Activity: 57
Merit: 0
February 10, 2018, 10:04:12 PM
#34
 issue with security is less with Electrum wallet but more with the personal device. If the device is compromised then it doesn’t matter how safe Electrum is.
legendary
Activity: 1372
Merit: 1022
Anarchy is not chaos.
February 10, 2018, 05:38:12 PM
#33
It was my understanding that the vulnerability was specifically to ONLINE wallets, and that an air gapped cold wallet wouldn't be a problem at all. A signed raw transaction can be broadcast from any connected node, so that scenario really doesn't apply.

Unless I'm wrong Cheesy

At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.
HCP
legendary
Activity: 2086
Merit: 4363
February 10, 2018, 05:30:04 PM
#32
Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
If you've downloaded the update... checked the digital signature (in the case of Electrum)... And transfer it to the air gapped computer, do you think that a user would be running any more risk than copying your transactions back and forth via USB?

Even if you messed up and downloaded a compromised version of the wallet... the fact that the computer itself is air gapped, should prevent any wallet/key leakage. At worst, the malware would only be able to try and slip something out via your USB... or potentially tamper with the transaction in some way (ie. change destination address during signing)

I would have thought that doing you due diligence of double checking your transactions and/or USB for anything "odd" should help prevent that.
jr. member
Activity: 31
Merit: 15
February 10, 2018, 12:43:52 PM
#31
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?

Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.

A finding of a problem with Electrum 3.03 and earlier certainly is a reason to move from those versions of Electrum. Logically that would be to later versions of Electrum that do not have the problem.

Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.

Do you mean that cold wallet on a computer without internet may not work with the latest version of Electrum on another computer?
legendary
Activity: 2926
Merit: 1386
February 09, 2018, 07:59:15 AM
#30
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?

Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.

A finding of a problem with Electrum 3.03 and earlier certainly is a reason to move from those versions of Electrum. Logically that would be to later versions of Electrum that do not have the problem.

Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
jr. member
Activity: 31
Merit: 15
February 09, 2018, 07:37:04 AM
#29
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?

Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.
HCP
legendary
Activity: 2086
Merit: 4363
February 08, 2018, 11:57:30 PM
#28
However the charges of this wallet was so high, when I tried to withdraw or transfer my amount into different wallet charges was almost half of my amount, that's why I can't used now my electrum. But in terms of services and features of this wallet no problem, only the charges amount for me is the problem.
It isn't the wallet causing that problem... it's most likely the way you've been accumulating Bitcoins. I would guess you have collected a large number of very small amounts of Bitcoin. This leads to transactions that you attempt to send having a large "data" size. Fees are calculated on the "data" size of your transaction, not the amount of BTC being sent.

If this is indeed the case (lots of small coins), then pretty much any wallet that you used would probably "suggest" just as much for you transaction fees, if not more.

NOTE: If you have a look at the "coins" tab (View -> Show Coins), you'll see all the different coins you've amassed and how much they're worth individually.

Also, Electrum supports completely custom fees, so you can set ANY fee you want.
Pages:
Jump to: