Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Pages:
Author

Topic: Time to move from Electrum - page 3. (Read 785 times)

pooya87
legendary
Activity: 3472
Merit: 10611
Re: Time to move from Electrum
January 09, 2018, 12:36:32 AM
#7
Quote from: shamzblueworld on January 08, 2018, 08:07:58 AM
another option?

ingredients:
  • pen/pencil for writing: 1
  • paper to write on: as much as rquired
  • 16-sided hexadecimal dice: 1
  • an even ground to roll the dice 64 times: as big as possible!

congratulations you now own a private key. not to get your bitcoin address you need:
  • some tool to convert the hexadecimal result to a bitcoin address.
  • a DVD with live linux to run that tool

now you are only trusting ECDSA and hashes to be safe. Grin
HCP
legendary
Activity: 2086
Merit: 4361
Re: Time to move from Electrum
January 08, 2018, 07:03:30 PM
#6
Quote from: shamzblueworld on January 08, 2018, 08:07:58 AM
...because tomorrow maybe another one like this.
and who is to say that [insert any bitcoin wallet name here] wallet won't also discover a security vulnerability tomorrow? Roll Eyes


Quote from: shamzblueworld on January 08, 2018, 08:07:58 AM
... and also that their first fix wasn't a fix either, that have upgraded it again.
Actually their "first fix" WAS a fix... it was just very blunt and simply disabled the unsecure functionality completely, until the devs had time to implement a "proper" fix. Hence why there were "two" upgrades.

What is really important to me in situations like this is the response of the devs... which, in my opinion, has been fantastic. Once the issue was identified as being serious, they IMMEDIATELY released a "fix" which helped to secure the wallet, which then gave them time to implement a "clean" fix that enabled them to keep the original JSON-RPC functionality, but secure it properly.

They also didn't try to hide anything... it would appear they tried their best to make it known that there was an issue and that people needed to upgrade. Full credit to ThomasV and the Electrum devs.


Quote from: theymos on January 08, 2018, 12:33:07 PM
...this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.
#QFT Undecided
RGBKey
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
Re: Time to move from Electrum
January 08, 2018, 12:57:25 PM
#5
Quote from: theymos on January 08, 2018, 12:33:07 PM
Electrum is still one of my favorite wallets, but you have to understand its limitations:

 - Its privacy (and security, to some degree) is inherently bad due to its verification model.
 - It's written in an interpreted language, which makes me instantly suspicious of its security.
 - It has a very small team.

I'm OK with using Electrum for smallish amounts, with the assumption that all transactions/BTC in a single Electrum wallet can be trivially linked to each other.

IMO Electrum is still in the top two or three wallets. But although ThomasV is one of the best devs in Bitcoin, and some other wallet devs are also very good, this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.

Agreed. Just look at Meltdown, it has been a vulnerability in Intel chips for years, and was only now discovered. The two aren't completely analogous, but a mistake/vulnerability free environment isn't likely when you still have humans writing the code.
theymos
administrator
Activity: 5222
Merit: 13032
Re: Time to move from Electrum
January 08, 2018, 12:33:07 PM
#4
Electrum is still one of my favorite wallets, but you have to understand its limitations:

 - Its privacy (and security, to some degree) is inherently bad due to its verification model.
 - It's written in an interpreted language, which makes me instantly suspicious of its security.
 - It has a very small team.

I'm OK with using Electrum for smallish amounts, with the assumption that all transactions/BTC in a single Electrum wallet can be trivially linked to each other.

IMO Electrum is still in the top two or three wallets. But although ThomasV is one of the best devs in Bitcoin, and some other wallet devs are also very good, this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.
bob123
legendary
Activity: 1624
Merit: 2481
Re: Time to move from Electrum
January 08, 2018, 10:14:26 AM
#3
Quote from: shamzblueworld on January 08, 2018, 08:07:58 AM
..
Its just that they have discovered it now
..
So is it time to move from electrum to another option?

Just because there hasn't been found a vulnerability in a wallet with a lower userbase, it doesn't mean those are safer than electrum..
You can move to another wallet. But the question is what you expect from this wallet.
A desktop wallet shouldn't be used to store larger amounts of money anway. It may be easier to exploit this vulnerability.. but generally its easy enough to get malware spread around.
So you should never consider your desktop wallet as a safe place to store cryptos. Electrum has a ton of features. Besides core i would not know which has such a variety of functions.
Its up to you which wallet you prefer. Electrum in combination with the nano s is an extremely safe way (not vulnerable in this situation) of storing btc and having a ton of features.
Lucius
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Re: Time to move from Electrum
January 08, 2018, 08:46:29 AM
#2
Quote from: shamzblueworld on January 08, 2018, 08:07:58 AM
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?

You should always consider another option,there is many other wallets out there and they are free to use.But if you have some significant amount of BTC or any other altocins every desktop wallet can represent potential threat in any moment.Electrum is fix their vulnerablity in version 3.0.5 and it should be safe to use it now,but as you say they can discover some other vulnerablity next day or in few months/year.

Although this vulnerablity could have been full exploited only if user did not set decent password on wallet,and I think that most users of Electrum set password when they install wallet,so except reputations of Electrum there is no major damage to users.

Only thing which I can suggest is to seriously consider some hardware wallet,I use my Ledger Nano S in combination with Electrum BTC-It have nice&functional interface and your private keys are always safe inside device.
shamzblueworld
hero member
Activity: 714
Merit: 500
Re: Time to move from Electrum
January 08, 2018, 08:07:58 AM
#1
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Jump to: