Topic: Time to move from Electrum (Read 734 times)
Electrum its really good, fast and easy solution to store and transfer your money.
If you want to use segwit, now that Bitcoin Core 0.16 is released, you can easily use segwit addresses on the GUI. The default one is the nested one (3....) and in the receive tab you can find a way to enable the Bech32 address generation. To use legacy you must do some extra step.
Im going to keep my Electrum wallet for the duration of this campaign because I don't like to change my address while im participating on a campaign, and once it's done I will send the funds to a Bitcoin Core segwit address and im done with Electrum, I only used it because I was basically forced to, but it was positive because I learned some things.
Im going to keep my Electrum wallet for the duration of this campaign because I don't like to change my address while im participating on a campaign, and once it's done I will send the funds to a Bitcoin Core segwit address and im done with Electrum, I only used it because I was basically forced to, but it was positive because I learned some things.
Like this (it's even in "hex"):
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
I'm willing to argue that flawed dice, such as ones that SDP warns about, have demonstrable irrefutable levels of randomness and hence have serious advantages over TRUST in pseudo random computer algorithms.
(onslaught of criticism expected...)
I would greatly love to point out the error in your argument.
I can't, so I'll just ask for links to those HEX dice
The biggest disadvantage of dice is if you are on secret camera. If anyone knows you are interested in crypto there's a risk someone installed secret cameras to get your private keys. It's unlikely, but possible.
Though I am new to using Electurm wallet, I find it worth and secured. The review and feedback was welcoming to open up this wallet. But you can still suggest me. I hold some btc in it and had few transactions from my Electurm wallet. As I required a segwit address, I had to choose Electurm. So far no issues I could come up with and I should admit that I do not have experience with another wallets then Coinbase, Electrum, myEtherwallet and Blockchain.info
i am starting to think that the hex dices may actually not be completely random as it has a top and bottom so it may depend a lot on the way you throw the dice. you may favor one side more than the other!
maybe using a regular dice is better, they are easier to come by too.
or maybe using a Teetotum with 16 sides (although i have never seen one with 16 sides). here is a picture of one with 12:
maybe using a regular dice is better, they are easier to come by too.
or maybe using a Teetotum with 16 sides (although i have never seen one with 16 sides). here is a picture of one with 12:
A simple google search for "hexadecimal dice" should get you what you want: http://bfy.tw/Gafd
My personal fav of the ones I've seen so far would be these: https://www.shapeways.com/product/NSPLK3A7C/hexadecimal-numbered-d16-pair-improved-larger?optionId=9261756
They look very cool!
And apparently people have even released "plans" for 3D Printers if you have access to one of those...
My personal fav of the ones I've seen so far would be these: https://www.shapeways.com/product/NSPLK3A7C/hexadecimal-numbered-d16-pair-improved-larger?optionId=9261756
They look very cool!
And apparently people have even released "plans" for 3D Printers if you have access to one of those...
Like this (it's even in "hex"):
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
I'm willing to argue that flawed dice, such as ones that SDP warns about, have demonstrable irrefutable levels of randomness and hence have serious advantages over TRUST in pseudo random computer algorithms.
(onslaught of criticism expected...)
I would greatly love to point out the error in your argument.
I can't, so I'll just ask for links to those HEX dice
Like this (it's even in "hex"):
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
I'm willing to argue that flawed dice, such as ones that SDP warns about, have demonstrable irrefutable levels of randomness and hence have serious advantages over TRUST in pseudo random computer algorithms.
(onslaught of criticism expected...)
Like this (it's even in "hex"):
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
There is another version of a d16... like this:
I believe you can also get this type in "hex" as well.
another option?
ingredients:
- pen/pencil for writing: 1
- paper to write on: as much as rquired
- 16-sided hexadecimal dice: 1
- an even ground to roll the dice 64 times: as big as possible!
congratulations you now own a private key. not to get your bitcoin address you need:
- some tool to convert the hexadecimal result to a bitcoin address.
- a DVD with live linux to run that tool
now you are only trusting ECDSA and hashes to be safe.
There are no 16-faced Platonic solids. The only games in town are: tetra-hedron, cube, decahedron, do-decahedron, and icosahedron, which have four, six, ten, twelve, and twenty-sides respectively.
You may have other shapes with exactly 16-faces but it will mean there will be a bias to some outcomes more than others. You could use a 20-sided die and mark four of them as "re-roll".
Personally I think this is far superior to any method of computer-generating "random numbers." The simple reason is the certainty that you have that nobody has monkeyed with the subroutines, because there are none.
another option?
ingredients:
- pen/pencil for writing: 1
- paper to write on: as much as rquired
- 16-sided hexadecimal dice: 1
- an even ground to roll the dice 64 times: as big as possible!
congratulations you now own a private key. not to get your bitcoin address you need:
- some tool to convert the hexadecimal result to a bitcoin address.
- a DVD with live linux to run that tool
now you are only trusting ECDSA and hashes to be safe.
There are no 16-faced Platonic solids. The only games in town are: tetra-hedron, cube, decahedron, do-decahedron, and icosahedron, which have four, six, ten, twelve, and twenty-sides respectively.
You may have other shapes with exactly 16-faces but it will mean there will be a bias to some outcomes more than others. You could use a 20-sided die and mark four of them as "re-roll".
Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
If you've downloaded the update... checked the digital signature (in the case of Electrum)... And transfer it to the air gapped computer, do you think that a user would be running any more risk than copying your transactions back and forth via USB?Even if you messed up and downloaded a compromised version of the wallet... the fact that the computer itself is air gapped, should prevent any wallet/key leakage. At worst, the malware would only be able to try and slip something out via your USB... or potentially tamper with the transaction in some way (ie. change destination address during signing)
I would have thought that doing you due diligence of double checking your transactions and/or USB for anything "odd" should help prevent that.
lol, I Knew this concept would be controversial.
But here's where I was coming from.
Suppose you have an air gapped computer doing nothing but offline transactions. The intent is for it to sit in the corner for ten years and do that.
Now, how often and why would you mess with the programs on that thing?
Let's say for the ten years there are released 19 application program updates for a single wallet, and 26 operating system updates.
I look at that group of changes as major tampering with a secure air gapped machine. Too much too often for too little or zero return in terms of benefits.
It was my understanding that the vulnerability was specifically to ONLINE wallets, and that an air gapped cold wallet wouldn't be a problem at all. A signed raw transaction can be broadcast from any connected node, so that scenario really doesn't apply.
Unless I'm wrong
At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.
Unless I'm wrong
At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.
you are correct.
the wallet had to be OPEN and ONLINE and also you should have had a website open which tried to execute wallet commands through JSONRPC and your wallet had to have no password for this vulnerability to work!
just having Electrum installed, or having it always offline (cold storage), or setting the simplest password could prevent this.
issue with security is less with Electrum wallet but more with the personal device. If the device is compromised then it doesn’t matter how safe Electrum is.
It was my understanding that the vulnerability was specifically to ONLINE wallets, and that an air gapped cold wallet wouldn't be a problem at all. A signed raw transaction can be broadcast from any connected node, so that scenario really doesn't apply.
Unless I'm wrong
At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.
Unless I'm wrong
At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.
Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
If you've downloaded the update... checked the digital signature (in the case of Electrum)... And transfer it to the air gapped computer, do you think that a user would be running any more risk than copying your transactions back and forth via USB?Even if you messed up and downloaded a compromised version of the wallet... the fact that the computer itself is air gapped, should prevent any wallet/key leakage. At worst, the malware would only be able to try and slip something out via your USB... or potentially tamper with the transaction in some way (ie. change destination address during signing)
I would have thought that doing you due diligence of double checking your transactions and/or USB for anything "odd" should help prevent that.
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.
A finding of a problem with Electrum 3.03 and earlier certainly is a reason to move from those versions of Electrum. Logically that would be to later versions of Electrum that do not have the problem.
Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
Do you mean that cold wallet on a computer without internet may not work with the latest version of Electrum on another computer?
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.
A finding of a problem with Electrum 3.03 and earlier certainly is a reason to move from those versions of Electrum. Logically that would be to later versions of Electrum that do not have the problem.
Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.
However the charges of this wallet was so high, when I tried to withdraw or transfer my amount into different wallet charges was almost half of my amount, that's why I can't used now my electrum. But in terms of services and features of this wallet no problem, only the charges amount for me is the problem.
It isn't the wallet causing that problem... it's most likely the way you've been accumulating Bitcoins. I would guess you have collected a large number of very small amounts of Bitcoin. This leads to transactions that you attempt to send having a large "data" size. Fees are calculated on the "data" size of your transaction, not the amount of BTC being sent.If this is indeed the case (lots of small coins), then pretty much any wallet that you used would probably "suggest" just as much for you transaction fees, if not more.
NOTE: If you have a look at the "coins" tab (View -> Show Coins), you'll see all the different coins you've amassed and how much they're worth individually.
Also, Electrum supports completely custom fees, so you can set ANY fee you want.
~
However the charges of this wallet was so high, when I tried to withdraw or transfer my amount into different wallet charges was almost half of my amount, that's why I can't used now my electrum. But in terms of services and features of this wallet no problem, only the charges amount for me is the problem.
However the charges of this wallet was so high, when I tried to withdraw or transfer my amount into different wallet charges was almost half of my amount, that's why I can't used now my electrum. But in terms of services and features of this wallet no problem, only the charges amount for me is the problem.
what charges?
you mean the transaction fees that you are paying the miners to process your transaction? also known as network fees?
what does that have to do with Electrum. it was the huge backlog of 200,000 unconfirmed transactions which caused the high fees. and Electrum is simply suggesting fees you can change them if you think the suggestion is not appropriate.
I'm probably close to being the average Bitcoin user:
- with very average technical understanding
- owning a modest sum of coins (and in possession of and controlling even less)
- using mainstream consumer hardware and OS
- transacting at most once a day
I've tried many wallets in my time and Electrum is still the best fit for me, based on above reasons. As others point out, that the developer(s) behind Electrum respond quickly and effectively to vulnerabilities makes me even more confident. That said, I don't think I can ever trust anything I don't fully understand. That's not a criticism of Electrum, that's probably just a best practice of security.
However the charges of this wallet was so high, when I tried to withdraw or transfer my amount into different wallet charges was almost half of my amount, that's why I can't used now my electrum. But in terms of services and features of this wallet no problem, only the charges amount for me is the problem. - with very average technical understanding
- owning a modest sum of coins (and in possession of and controlling even less)
- using mainstream consumer hardware and OS
- transacting at most once a day
I've tried many wallets in my time and Electrum is still the best fit for me, based on above reasons. As others point out, that the developer(s) behind Electrum respond quickly and effectively to vulnerabilities makes me even more confident. That said, I don't think I can ever trust anything I don't fully understand. That's not a criticism of Electrum, that's probably just a best practice of security.
I'm probably close to being the average Bitcoin user:
- with very average technical understanding
- owning a modest sum of coins (and in possession of and controlling even less)
- using mainstream consumer hardware and OS
- transacting at most once a day
I've tried many wallets in my time and Electrum is still the best fit for me, based on above reasons. As others point out, that the developer(s) behind Electrum respond quickly and effectively to vulnerabilities makes me even more confident. That said, I don't think I can ever trust anything I don't fully understand. That's not a criticism of Electrum, that's probably just a best practice of security.
- with very average technical understanding
- owning a modest sum of coins (and in possession of and controlling even less)
- using mainstream consumer hardware and OS
- transacting at most once a day
I've tried many wallets in my time and Electrum is still the best fit for me, based on above reasons. As others point out, that the developer(s) behind Electrum respond quickly and effectively to vulnerabilities makes me even more confident. That said, I don't think I can ever trust anything I don't fully understand. That's not a criticism of Electrum, that's probably just a best practice of security.
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
I'm afraid your logic is backwards.
Cryptography exists and is used for security because methods are published, put into use, flaws are discovered and the method is improved, repeatedly.
This has been the case since the 1950s.
Electrum is an example of this process, is it not?
(Real Hacking)
....do not allow https (website) to http (RPC) access to localhost, so the attacking website commonly has to be http only as well.
Source : https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/
....do not allow https (website) to http (RPC) access to localhost, so the attacking website commonly has to be http only as well.
Source : https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/
do you know what is https?
Always thought Electrum was a popular choice and it actually is for many people.
So I think they'll resolve their issues, it's been around for so long.
Core seems to be the best way to go If you don't mind running a full node.
I do mind running a full node, I wanted to kill myself after realizing that I'd get nothing if I run a full node. lol. Electrum is a good choice, it is open source and if you have something to add to the code to make it better, you should do it. if any other wallet is better than Electrum, you should use it. So I think they'll resolve their issues, it's been around for so long.
Core seems to be the best way to go If you don't mind running a full node.
Always thought Electrum was a popular choice and it actually is for many people.
So I think they'll resolve their issues, it's been around for so long.
Core seems to be the best way to go If you don't mind running a full node.
So I think they'll resolve their issues, it's been around for so long.
Core seems to be the best way to go If you don't mind running a full node.
The person behind Electrum is ThomasV which is doing a great work to keep Electrum as safe and secure as possible. As you can read in their website Electrum is run only on donations so you should respect ThomasV work. Electrum is as safe as a hardware wallet when used properly which means to be installed in newly formatted computer. Bugs happen to any software and as ThomasV is only human without supernatural powers he can make errors too. He fixed it in just 2 days and that is a record time.
Of course everyone is free to move from Electrum but so far there is not any other wallet which is free and more secure than Electrum. Since you are worried, a hardware wallet maybe a good option for you if you have made your decision to move away from Electrum.
Of course everyone is free to move from Electrum but so far there is not any other wallet which is free and more secure than Electrum. Since you are worried, a hardware wallet maybe a good option for you if you have made your decision to move away from Electrum.
another option?
ingredients:
- pen/pencil for writing: 1
- paper to write on: as much as rquired
- 16-sided hexadecimal dice: 1
- an even ground to roll the dice 64 times: as big as possible!
congratulations you now own a private key. not to get your bitcoin address you need:
- some tool to convert the hexadecimal result to a bitcoin address.
- a DVD with live linux to run that tool
now you are only trusting ECDSA and hashes to be safe.
Or just sit in an outdoor cafe, and write down license plates numbers of passing cars.
Interesting read.
I take from this thread that electrum is one of the better and widely used desktop type wallets.
It like all wallets of its type have flaws, and are fine for smaller bitcoin amounts.
The only 3 viable absolute secure options are: paper, cold storage and hardware.
?
I take from this thread that electrum is one of the better and widely used desktop type wallets.
It like all wallets of its type have flaws, and are fine for smaller bitcoin amounts.
The only 3 viable absolute secure options are: paper, cold storage and hardware.
?
Which why I prefer to store less money in my online wallet because attack vectors are all over the internet world whether you have a strong or weak password hackers with a special type of abilities can gain easy accessed to your online wallet. Which why for me the safer tactics are first kept lesser amount of money stored in your wallet, the second download another wallet so that your bitcoin will be divided into parts and make sure the password you use for both is something you can easily remember and try writing the password in any paper.
Yes correct . The vulnerability issue has been on the ticker in the last few weeks . I have not flocked in any problem still . But i think time to move on . For BTC i would rather choose blockchain . Whats will be the ultimate solution ? I still believe on electrum wallet.
You realise that you can use Electrum WITH hardware wallets (Trezor and Ledger) right?
I prefer to use it this way, because I like the Electrum interface better than the "Ledger Wallet Bitcoin" and I feel that it gives me more flexibility with coin control and customised fees and "preview" which are not really available in the Ledger chrome app.
I prefer to use it this way, because I like the Electrum interface better than the "Ledger Wallet Bitcoin" and I feel that it gives me more flexibility with coin control and customised fees and "preview" which are not really available in the Ledger chrome app.
Why people still using Electrum for Bitcoin storage and transaction? I was using Electrum before because Bitcoin price was not high as now, so buying a hardware wallet was not worthy. I had some bitcoin but price of a hardware wallet was almost same as my bitcoin holding value.
But now things are changed and bitcoin price increased huge, Bitcoin owners made 20 times in one year, so I expect every Bitcoin owner has money to buy a hardware wallet and it really worth it
I can understand only if you are new to Bitcoin and do not have enough Bitcoin to store in a hardware wallet.
But now things are changed and bitcoin price increased huge, Bitcoin owners made 20 times in one year, so I expect every Bitcoin owner has money to buy a hardware wallet and it really worth it
I can understand only if you are new to Bitcoin and do not have enough Bitcoin to store in a hardware wallet.
Everyone is entitled for an option to use any wallet. But Electrum is still safe and useful we don't need to worry on anything because even if you use other wallets, still there is risk to it if hackers would really want to hack such.
I beleive that every wallet have some kind of vulnerability. Those who are popular among many users, like Electrum, are more exposed and hackers are always trying to find the way how to breake the protection. But that doesn't mean that Electrum is bad wallet.
Because of potential vulnerabilities is clever to use multiple wallets of multiple types. You can't never be safe enough.
Because of potential vulnerabilities is clever to use multiple wallets of multiple types. You can't never be safe enough.
there is an update available,should be safe from any vulnerability
there are not many lightweight,easy to use,user friendly wallets to migrate to
electrum can be used to store some funds for day to day transactions
I highly doubt hackers would be able to breach your system and even if they do,there will be not much for the taking anyways
there are not many lightweight,easy to use,user friendly wallets to migrate to
electrum can be used to store some funds for day to day transactions
I highly doubt hackers would be able to breach your system and even if they do,there will be not much for the taking anyways
Electrum was vulnerable but not if you used an offline computer as cold wallet and another online (watch only) for the transactions.
I think you can still use it this way, it is the safest option. If you have many coins, buy a hardware wallet or for more safety use paper wallets. They are still usable.
I think you can still use it this way, it is the safest option. If you have many coins, buy a hardware wallet or for more safety use paper wallets. They are still usable.
I've noticed that news either that was discovered by theymos. If you are studying IT or you have been into an IT course, most of your professors or instructors will say that there's no perfect system.
But what happened to electrum is that you just need to upgrade the client as suggested to 3.0.5 even you recently upgrade to the last 3.0.4 (which is written above).
But what happened to electrum is that you just need to upgrade the client as suggested to 3.0.5 even you recently upgrade to the last 3.0.4 (which is written above).
So is it time to move from electrum to another option?
It's your choice if you want to move. I still trust electrum, it's one of the best wallets that I've used. 
why all take Electrum vulnerability seriously (Real Hacking)
I quote this from Reddit @etmetm.
The common vector is javascript code on a malicious website scanning and connecting to the RPC interface for electrum running on localhost. More modern browsers do not allow https (website) to http (RPC) access to localhost, so the attacking website commonly has to be http only as well.
It can only steal funds if your wallet is passwordless, which is not usually the case. It's serious in that RPC can also be used to change settings in the electrum config.
Edit: CORS access https -> http should not work. POST requests from https to http seem to be possible indeed but they should be a lot slower. Brute forcing password will take time (especially on post requests) but good point for really short passwords. You'd need to keep open the attacker webpage for quite a while though.
Source : https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/
I quote this from Reddit @etmetm.
The common vector is javascript code on a malicious website scanning and connecting to the RPC interface for electrum running on localhost. More modern browsers do not allow https (website) to http (RPC) access to localhost, so the attacking website commonly has to be http only as well.
It can only steal funds if your wallet is passwordless, which is not usually the case. It's serious in that RPC can also be used to change settings in the electrum config.
Edit: CORS access https -> http should not work. POST requests from https to http seem to be possible indeed but they should be a lot slower. Brute forcing password will take time (especially on post requests) but good point for really short passwords. You'd need to keep open the attacker webpage for quite a while though.
Source : https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/
another option?
ingredients:
- pen/pencil for writing: 1
- paper to write on: as much as rquired
- 16-sided hexadecimal dice: 1
- an even ground to roll the dice 64 times: as big as possible!
congratulations you now own a private key. not to get your bitcoin address you need:
- some tool to convert the hexadecimal result to a bitcoin address.
- a DVD with live linux to run that tool
now you are only trusting ECDSA and hashes to be safe.
...because tomorrow maybe another one like this.
and who is to say that [insert any bitcoin wallet name here] wallet won't also discover a security vulnerability tomorrow? 
... and also that their first fix wasn't a fix either, that have upgraded it again.
Actually their "first fix" WAS a fix... it was just very blunt and simply disabled the unsecure functionality completely, until the devs had time to implement a "proper" fix. Hence why there were "two" upgrades.What is really important to me in situations like this is the response of the devs... which, in my opinion, has been fantastic. Once the issue was identified as being serious, they IMMEDIATELY released a "fix" which helped to secure the wallet, which then gave them time to implement a "clean" fix that enabled them to keep the original JSON-RPC functionality, but secure it properly.
They also didn't try to hide anything... it would appear they tried their best to make it known that there was an issue and that people needed to upgrade. Full credit to ThomasV and the Electrum devs.
...this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.
#QFT 
Electrum is still one of my favorite wallets, but you have to understand its limitations:
- Its privacy (and security, to some degree) is inherently bad due to its verification model.
- It's written in an interpreted language, which makes me instantly suspicious of its security.
- It has a very small team.
I'm OK with using Electrum for smallish amounts, with the assumption that all transactions/BTC in a single Electrum wallet can be trivially linked to each other.
IMO Electrum is still in the top two or three wallets. But although ThomasV is one of the best devs in Bitcoin, and some other wallet devs are also very good, this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.
- Its privacy (and security, to some degree) is inherently bad due to its verification model.
- It's written in an interpreted language, which makes me instantly suspicious of its security.
- It has a very small team.
I'm OK with using Electrum for smallish amounts, with the assumption that all transactions/BTC in a single Electrum wallet can be trivially linked to each other.
IMO Electrum is still in the top two or three wallets. But although ThomasV is one of the best devs in Bitcoin, and some other wallet devs are also very good, this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.
Agreed. Just look at Meltdown, it has been a vulnerability in Intel chips for years, and was only now discovered. The two aren't completely analogous, but a mistake/vulnerability free environment isn't likely when you still have humans writing the code.
Electrum is still one of my favorite wallets, but you have to understand its limitations:
- Its privacy (and security, to some degree) is inherently bad due to its verification model.
- It's written in an interpreted language, which makes me instantly suspicious of its security.
- It has a very small team.
I'm OK with using Electrum for smallish amounts, with the assumption that all transactions/BTC in a single Electrum wallet can be trivially linked to each other.
IMO Electrum is still in the top two or three wallets. But although ThomasV is one of the best devs in Bitcoin, and some other wallet devs are also very good, this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.
- Its privacy (and security, to some degree) is inherently bad due to its verification model.
- It's written in an interpreted language, which makes me instantly suspicious of its security.
- It has a very small team.
I'm OK with using Electrum for smallish amounts, with the assumption that all transactions/BTC in a single Electrum wallet can be trivially linked to each other.
IMO Electrum is still in the top two or three wallets. But although ThomasV is one of the best devs in Bitcoin, and some other wallet devs are also very good, this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.
..
Its just that they have discovered it now
..
So is it time to move from electrum to another option?
Its just that they have discovered it now
..
So is it time to move from electrum to another option?
Just because there hasn't been found a vulnerability in a wallet with a lower userbase, it doesn't mean those are safer than electrum..
You can move to another wallet. But the question is what you expect from this wallet.
A desktop wallet shouldn't be used to store larger amounts of money anway. It may be easier to exploit this vulnerability.. but generally its easy enough to get malware spread around.
So you should never consider your desktop wallet as a safe place to store cryptos. Electrum has a ton of features. Besides core i would not know which has such a variety of functions.
Its up to you which wallet you prefer. Electrum in combination with the nano s is an extremely safe way (not vulnerable in this situation) of storing btc and having a ton of features.
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
You should always consider another option,there is many other wallets out there and they are free to use.But if you have some significant amount of BTC or any other altocins every desktop wallet can represent potential threat in any moment.Electrum is fix their vulnerablity in version 3.0.5 and it should be safe to use it now,but as you say they can discover some other vulnerablity next day or in few months/year.
Although this vulnerablity could have been full exploited only if user did not set decent password on wallet,and I think that most users of Electrum set password when they install wallet,so except reputations of Electrum there is no major damage to users.
Only thing which I can suggest is to seriously consider some hardware wallet,I use my Ledger Nano S in combination with Electrum BTC-It have nice&functional interface and your private keys are always safe inside device.
So as you can see from the notice above, ( https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.
So is it time to move from electrum to another option?
What do you guys think?
Jump to: