Topic: Time to move from Electrum (Read 734 times)
Electrum its really good, fast and easy solution to store and transfer your money.
If you want to use segwit, now that Bitcoin Core 0.16 is released, you can easily use segwit addresses on the GUI. The default one is the nested one (3....) and in the receive tab you can find a way to enable the Bech32 address generation. To use legacy you must do some extra step.
Im going to keep my Electrum wallet for the duration of this campaign because I don't like to change my address while im participating on a campaign, and once it's done I will send the funds to a Bitcoin Core segwit address and im done with Electrum, I only used it because I was basically forced to, but it was positive because I learned some things.
Im going to keep my Electrum wallet for the duration of this campaign because I don't like to change my address while im participating on a campaign, and once it's done I will send the funds to a Bitcoin Core segwit address and im done with Electrum, I only used it because I was basically forced to, but it was positive because I learned some things.
Like this (it's even in "hex"):
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
I'm willing to argue that flawed dice, such as ones that SDP warns about, have demonstrable irrefutable levels of randomness and hence have serious advantages over TRUST in pseudo random computer algorithms.
(onslaught of criticism expected...)
I would greatly love to point out the error in your argument.
I can't, so I'll just ask for links to those HEX dice
The biggest disadvantage of dice is if you are on secret camera. If anyone knows you are interested in crypto there's a risk someone installed secret cameras to get your private keys. It's unlikely, but possible.
Though I am new to using Electurm wallet, I find it worth and secured. The review and feedback was welcoming to open up this wallet. But you can still suggest me. I hold some btc in it and had few transactions from my Electurm wallet. As I required a segwit address, I had to choose Electurm. So far no issues I could come up with and I should admit that I do not have experience with another wallets then Coinbase, Electrum, myEtherwallet and Blockchain.info
i am starting to think that the hex dices may actually not be completely random as it has a top and bottom so it may depend a lot on the way you throw the dice. you may favor one side more than the other!
maybe using a regular dice is better, they are easier to come by too.
or maybe using a Teetotum with 16 sides (although i have never seen one with 16 sides). here is a picture of one with 12:
maybe using a regular dice is better, they are easier to come by too.
or maybe using a Teetotum with 16 sides (although i have never seen one with 16 sides). here is a picture of one with 12:
A simple google search for "hexadecimal dice" should get you what you want: http://bfy.tw/Gafd
My personal fav of the ones I've seen so far would be these: https://www.shapeways.com/product/NSPLK3A7C/hexadecimal-numbered-d16-pair-improved-larger?optionId=9261756
They look very cool!
And apparently people have even released "plans" for 3D Printers if you have access to one of those...
My personal fav of the ones I've seen so far would be these: https://www.shapeways.com/product/NSPLK3A7C/hexadecimal-numbered-d16-pair-improved-larger?optionId=9261756
They look very cool!
And apparently people have even released "plans" for 3D Printers if you have access to one of those...
Like this (it's even in "hex"):
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
I'm willing to argue that flawed dice, such as ones that SDP warns about, have demonstrable irrefutable levels of randomness and hence have serious advantages over TRUST in pseudo random computer algorithms.
(onslaught of criticism expected...)
I would greatly love to point out the error in your argument.
I can't, so I'll just ask for links to those HEX dice
Like this (it's even in "hex"):
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
I'm willing to argue that flawed dice, such as ones that SDP warns about, have demonstrable irrefutable levels of randomness and hence have serious advantages over TRUST in pseudo random computer algorithms.
(onslaught of criticism expected...)
Like this (it's even in "hex"):
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
another option?
ingredients:
- pen/pencil for writing: 1
- paper to write on: as much as rquired
- 16-sided hexadecimal dice: 1
- an even ground to roll the dice 64 times: as big as possible!
congratulations you now own a private key. not to get your bitcoin address you need:
- some tool to convert the hexadecimal result to a bitcoin address.
- a DVD with live linux to run that tool
now you are only trusting ECDSA and hashes to be safe.
There are no 16-faced Platonic solids. The only games in town are: tetra-hedron, cube, decahedron, do-decahedron, and icosahedron, which have four, six, ten, twelve, and twenty-sides respectively.
You may have other shapes with exactly 16-faces but it will mean there will be a bias to some outcomes more than others. You could use a 20-sided die and mark four of them as "re-roll".
Personally I think this is far superior to any method of computer-generating "random numbers." The simple reason is the certainty that you have that nobody has monkeyed with the subroutines, because there are none.
another option?
ingredients:
- pen/pencil for writing: 1
- paper to write on: as much as rquired
- 16-sided hexadecimal dice: 1
- an even ground to roll the dice 64 times: as big as possible!
congratulations you now own a private key. not to get your bitcoin address you need:
- some tool to convert the hexadecimal result to a bitcoin address.
- a DVD with live linux to run that tool
now you are only trusting ECDSA and hashes to be safe.
There are no 16-faced Platonic solids. The only games in town are: tetra-hedron, cube, decahedron, do-decahedron, and icosahedron, which have four, six, ten, twelve, and twenty-sides respectively.
You may have other shapes with exactly 16-faces but it will mean there will be a bias to some outcomes more than others. You could use a 20-sided die and mark four of them as "re-roll".
Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
If you've downloaded the update... checked the digital signature (in the case of Electrum)... And transfer it to the air gapped computer, do you think that a user would be running any more risk than copying your transactions back and forth via USB?Even if you messed up and downloaded a compromised version of the wallet... the fact that the computer itself is air gapped, should prevent any wallet/key leakage. At worst, the malware would only be able to try and slip something out via your USB... or potentially tamper with the transaction in some way (ie. change destination address during signing)
I would have thought that doing you due diligence of double checking your transactions and/or USB for anything "odd" should help prevent that.
lol, I Knew this concept would be controversial.
But here's where I was coming from.
Suppose you have an air gapped computer doing nothing but offline transactions. The intent is for it to sit in the corner for ten years and do that.
Now, how often and why would you mess with the programs on that thing?
Let's say for the ten years there are released 19 application program updates for a single wallet, and 26 operating system updates.
I look at that group of changes as major tampering with a secure air gapped machine. Too much too often for too little or zero return in terms of benefits.
It was my understanding that the vulnerability was specifically to ONLINE wallets, and that an air gapped cold wallet wouldn't be a problem at all. A signed raw transaction can be broadcast from any connected node, so that scenario really doesn't apply.
Unless I'm wrong
At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.
Unless I'm wrong
At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.
you are correct.
the wallet had to be OPEN and ONLINE and also you should have had a website open which tried to execute wallet commands through JSONRPC and your wallet had to have no password for this vulnerability to work!
just having Electrum installed, or having it always offline (cold storage), or setting the simplest password could prevent this.
issue with security is less with Electrum wallet but more with the personal device. If the device is compromised then it doesn’t matter how safe Electrum is.
It was my understanding that the vulnerability was specifically to ONLINE wallets, and that an air gapped cold wallet wouldn't be a problem at all. A signed raw transaction can be broadcast from any connected node, so that scenario really doesn't apply.
Unless I'm wrong
At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.
Unless I'm wrong
At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.
Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
If you've downloaded the update... checked the digital signature (in the case of Electrum)... And transfer it to the air gapped computer, do you think that a user would be running any more risk than copying your transactions back and forth via USB?Even if you messed up and downloaded a compromised version of the wallet... the fact that the computer itself is air gapped, should prevent any wallet/key leakage. At worst, the malware would only be able to try and slip something out via your USB... or potentially tamper with the transaction in some way (ie. change destination address during signing)
I would have thought that doing you due diligence of double checking your transactions and/or USB for anything "odd" should help prevent that.
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.
A finding of a problem with Electrum 3.03 and earlier certainly is a reason to move from those versions of Electrum. Logically that would be to later versions of Electrum that do not have the problem.
Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
Do you mean that cold wallet on a computer without internet may not work with the latest version of Electrum on another computer?
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.
A finding of a problem with Electrum 3.03 and earlier certainly is a reason to move from those versions of Electrum. Logically that would be to later versions of Electrum that do not have the problem.
Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.
However the charges of this wallet was so high, when I tried to withdraw or transfer my amount into different wallet charges was almost half of my amount, that's why I can't used now my electrum. But in terms of services and features of this wallet no problem, only the charges amount for me is the problem.
It isn't the wallet causing that problem... it's most likely the way you've been accumulating Bitcoins. I would guess you have collected a large number of very small amounts of Bitcoin. This leads to transactions that you attempt to send having a large "data" size. Fees are calculated on the "data" size of your transaction, not the amount of BTC being sent.If this is indeed the case (lots of small coins), then pretty much any wallet that you used would probably "suggest" just as much for you transaction fees, if not more.
NOTE: If you have a look at the "coins" tab (View -> Show Coins), you'll see all the different coins you've amassed and how much they're worth individually.
Also, Electrum supports completely custom fees, so you can set ANY fee you want.
Jump to: