Topic: Wallet password protected and encrypted, is it safe ? (Read 279 times)

The probability is extremely small (at least if ThomasV knows how to secure his PGP key; which i think he does), but he deserves to get as much information as he wants to   

I am currently communicating with jerr0 via PM regarding hardware security of a laptop (encryption, bios, etc..). He seems to be very inquisitiv for knowledge.
Let him get as much knowledge as possible 

Even if a lot is quite theoretical and probably won't happen in the field, it is good to know whats theoretically possible (IMO).

In that case, there is no way for him to know if that’s what is happening and if ThomasV is uploading malware. I prefer to keep things simple to not complicate more in his mind (jerry sounds quite perfectionist ans that’s highly unlike to happen).

Not 100% correct.

You can think you are on the official electrum site (electrum.org shown in the browser, secured through TLS), while in fact you are on an attackers copy of the site.
There are multiple ways to accomplish this as an attacker (e.g. DNS spoofing / cache poisining, MITM, etc..).




Well.. yes.. in exactly 2 cases this would be possible:

1) TomasV publishes a malicious version of electrum (would be very dumb of him - legal consequences)
2) Someone gains access to ThomasV's signing key and uploads a malicious version signed with this key.

There are two things going on here:

- The seed is your backup in case you forget your password or your computer crashes. If you stored your seed on the PC as well you wouldn't be able to restore from it because it would be lost too. That's why they tell you to write it down.

- The wallet file does include your seed but it is encrypted with the password you set. Storing the seed in plaintext (unencrypted) on the computer would allow any program that can read that file to steal from you.

The primary reason is the first one - it serves as a backup. If you are confident you can remember the wallet password you can always rely on soft copy backups of the wallet file instead. You can do that via file > save copy.


The security of your PC matters. Doesn't matter what software you use if you get a malware infection you will lose money. Even with hardware wallets you can be fooled into paying to the wrong address or fooled into thinking you received money you didn't.

Electrum supports both cold storage and multisig setups. Another alternative is a 2fa wallet which is a form of multisig wallet that is easier for newbies to get started with.

Tryninja thanks.

No. But there are times where you think you are on the Electrum website, but you are actually at electrun.org or electrum.to or something like this. By verifying the signatures, you can always be 100% that the file is legit and that you downloaded it from the right place. Make this an obligatory step and you will never be phished for lacking attention.

No.

HCP, has there been cases where someone downloaded electrum from the actual electrum website and gotten a fake electrum installed?  You say the other half protection is verifying the signature of the downloaded file.  But is there a chance verifying the signature of the downloaded file could give you malware/keylogger/virus?

If you have set a password, then either the seed mnemonic (and other private key data) is stored "encrypted" within your wallet (password, no file encryption) and/or the entire wallet file itself is encrypted (default option)... using your password.

You can tell which option you are using depending on whether or not you're prompted for a password when you start Electrum (or open your wallet)... If you're prompted for a password, you are using full file encryption. If it opens up and you can view transactions and only prompts for a password when you are attempting to view the seed/private keys, then you do not have full file encryption.

As long as you have chosen a relatively "strong" password (minimum of 8 chars, and have included upper/lowercase, numbers and special chars), that should be fine... providing you don't have any other malware on the PC (keyloggers, fake wallet etc).


Actually, the wallet's security is also dependent on your general usage and security habits... if you're constantly downloading things from "questionable" sites... eventually you are likely to get hit with a virus/malware. If you practise "safe interneting"™, you will have less to worry about.

Other solutions are to go with the online/offline "airgapped" setup as explained by bob123... or consider using Electrum in conjunction with a hardware wallet (seed is then generated/stored within the hardware wallet and never on the PC)

That's the only way a pure desktop wallet can work.
Regarding the security.. i have mentioned a few attack scenarios and how to protect against them 3 posts above yours.




Depends on what you mean with "store wallet offline".

You can create a 2-wallet-setup, with 1 wallet on an online-connected machine (watch-only wallet) which does NOT have the seed stored, but the master public key and 1 wallet on an offline machine (wich the seed / private keys).
You would then create the transaction using your watch-only wallet (on the online PC), then move it to your offline computer to sign it there. Afterwards move it back to your online computer to broadcast it into the network.

If your PC with the seed stored goes online, you are vulnerable. Doesn't matter if online 24/7 or 1 second per week.

---

Relying on an electrum password + AV with Firewall is BY FAR not 'all available security measures'...




Sure.. one could obfuscate his malware and try to get a victim visit a shady website to steal 0.02381 BTC.
Or.. he targets 1) People who have a lot of BTC and 2) Companies to compromise their whole system (e.g. with a ransomware).

Not a hard decision being profit-orientated.

I'm not sending any malware just to prove that you are right, but by your explanation almost every user of Electrum should be hacked even if he / she is using all available security measures. That can not be true at all, otherwise hackers would easily emptied the majority of Electrum wallets.


But most users have lost coins because of fake wallets, compromised seed or clipboard malware , who is hacked in a way that malware is waiting to user decrypts wallet? It is possible that there are such cases as well, but as I have already written, I do not believe that such malware is a major threat.

When setting up my standard wallet with Electrum, I am given a seed, which I record, then I am asked for a password to encrypt it. When I go back into the new wallet after logging out, I am asked for my password and can then view my seed. Yet we are advised not to store the seed on computer.Is that safe?  The wallet's security is entirely dependent on the password and encryption.  If I then store that wallet offline, would it still be vulnerable when connecting to transact? Is there any good way around this? Please spell it out, I'm a noob.

AV's can be circumvented in less than 5 minutes. I can give you a proof.
Send me some malware which is being flagged as a trojan / malware / etc.. I will send you back the same application, obfuscated without any AV recognizing it as malware anymore. That's a trivial task.

Also, a firewall doesn't protect you at all in this scenario. A firewall is managing rules for incoming / outgoing traffic.
If YOU download and install malware (either by installig it manually or trough a drive-by download on a malicious website) and the malware does not try to connect to a C&C server (which is not necessary in this example to steal your coins), your firewall can't do anything (simply because it is not the job of a firewall).

And the password protection does only help if the malware tries to steal the private keys / creating a transaction instantly after installation.
If the malware waits until electrum is open, and then frequently checks if the wallet file is decrypted until stealing the coins, the password protection is useless in this scenario.




There are a ton of threads here stating that user have lost coins from electrum. Most of them are blaming ThomasV and want their money back (simply because they have no clue at all and are extremely easy targets).

Easy-to-use and user-friendly wallets will never be abandoned. As long as there is an 'easy' way to do something - even if it is way less secure - it will be favored by a lot of people (especially clueless people).

I do not agree that "It is terrifying easy" to steal coins from Electrum on Windows OS, especially if the wallet is protected by a strong password and user is have good AV+Firewall. If that was the case, most users of Electrum would be hacked and using of such wallets would be abandoned.

I can agree with the fact that any online, desktop or mobile wallet is not safe for storing large amounts of crypto, and this includes Electrum. My advice to any user who has serious intentions to invest / hold crypto is to first invest in security. Buy hardware wallet and these problems will cease to exist.

I still use Electrum, but only with Nano S - although I'm cautious and I know what I'm doing, using Electrum as my main wallet is simply an unacceptable risk.

That's only half-way true.

It heavily depends on the use case and on the kind of attacks you want to secure yourself against. For example:

• Against the low-severity-message-showing vulnerability which does nothing else but showing a message: Common sense
• Against malicious versions of electrum: Verifying the signature
• Against some browser exploits (no drive-by downloads): Protected by a password
• Against malware on the computer: Only offline- / hardware wallets help (being passsword protected doesn't help much - the next time he is decrypting his wallet file, the malware will steal everything. It takes about 5 minutes to make malware no longer being detected by AV's. AV's only help against very popular and often seen non-polymorph malware.
• Malware being installed in an evil-maid scenario: Wallet file encrypted + Filesystem encrypted + Booting from USB deactivated + BIOS password set
• ...

There are a lot of scenarios which all require different defensive mechanisms to protect against them. I listed just a few, the list is - by far - not complete.
It depends on how much BTC you want to store, how secure you want it to be stored and how paranoid you are about your security.

But IMO an AV + encrypted wallet file is NEVER enough. Especially not if you are using a windows machine.
It is just way too easy to infect a windows machine and to steal all BTC once the user opens his wallet file. It is terrifying easy.

yes, your pasword can protect from other one when he trying access your pc to open elcetrum. but, your pasword can't be uselless when your friend have your private key and seed.

Imo, if you plan to use the wallet to store a lot of bitcoins, then your best protection should be to never use it on any online computer, or offline computer which interacts a lot of times with stuff from 'the outside' like flash disk. Maybe generate an address and then send your bitcoin over there, keep the private key/seed safe and then open it years later.

Recent Electrum attacks won't directly steal your money tho. You will lose your money only if you install a fake Electrum.

Yeah, that is why it's not recommended if you are storing dust amount it is only good for storing big amount of bitcoin if you want to hold it for a long time.

However, if he only wants to use the wallet for daily basis antivirus and ecrypted electrum wallet with passphrase is enough

You should probably also warn them that 2FA comes at an added cost... as the 2FA system requires a prepayment of a service fee to TrustedCoin to buy credits. Read more (including current service fees) here: https://api.trustedcoin.com/#/electrum-help

Otherwise, already paranoid people are likely to get any more paranoid when unexpected outputs are added to their first 2FA transaction to buy credits

For me, adding password is must but you also need to protect your PC to any malware and viruses not only adding a password.

I can't assure if it's 100% safe but I recommend you to try the wallet with two-factor authentication to increase your wallet protection.

Actually, that's half right...

The only FULL protection, is to ALWAYS verify that you download Electrum only from the official site (https://electrum.org/#download) AND then verify the digital signature of the downloaded file BEFORE you install/run it.


This is possibly the single most important part of using Electrum safely.

The servers being under attack is really just an inconvenience if you're running the latest version. It doesn't affect the safety or security of your coins.