How exactly can one seed save a thousand addresses? It can only 30 as I know.
Secondly, as I said, I'm not using it because it's unknown technology for me. I'm saving the private keys inside rars with very strong passwords in safe places. I don't have to worry about anything.
Topic: Where does verifying the signature help? - page 2. (Read 419 times)
I'm not using seed. I've just packed some thousands of addresses plus their private keys. Honestly, I'm not using seeds for one reason. I have not understood how they work (and I find them pretty less secure). Hence, I'm not touching them.
that makes no sense. if i am not mistaken, based on your other topic you have created these "thousands of addresses" using Electrum and seed(s) so you are using it just making things that much more difficult for yourself. specifically since you can not recover any of these addresses since they are not deterministic and you don't seem to have the back up of the seed(s) stored.
I'm not using seed. I've just packed some thousands of addresses plus their private keys. Honestly, I'm not using seeds for one reason. I have not understood how they work (and I find them pretty less secure). Hence, I'm not touching them.
I'm not sure why you consider one "very large randomly generated" number any less secure than 1000 "very large randomly generated" numbers... 
A seed is basically just another "private key"... For a deterministic wallet, it's the starting point for deriving all your other private keys... such that you will be able to recover all of your private keys, knowing just the seed. It makes backups ridiculously easy and means you only need to secure 1 thing... instead of 1000 things... which makes it a lot easier to create an "offline" backup that is non-digital and can be stored in "permanent" media (like paper, stamped into metal etc)
Whereas, for a non-deterministic wallet, if you lose your private keys, they're gone... you'll never be able to recreate them in a billion years of trying... and writing/printing out thousands of keys is a nightmare! Nevermind trying to recover from those backups! Your only real option would be "digital" backups of wallet files and such.
So, what is it exactly that you don't understand about seeds?
... and why do you consider them "less secure"? I have not tried recovering coins from a wallet installed in windows but so far base on what I've read is that you also need to keep the .dat file upon recovering. This is in case your computer mysteriously just died. Recovering will need your private key and seed and the .dat file, maybe just keep them all for to make sure yo ucan recover your wallet.
Signature is for checking whether the downloaded file isn't corrupted and the correct file. If the server is hacked then you could be downloading the different file.
In electrum.org it says that hackers can hack the site and replace their own software that hides malicious code in the electrum software.
It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too? Also, by that tutorial of how to verify electrum I don't get why should I trust gpg4win.org, couldn't this site get compromised as well?
And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?
Anyway, back to the point, I have reset my windows 10 laptop. I've downloaded from another laptop electrum-4.0.2-setup.exe and then I transfered it to a usb. The clear laptop (the one I reset) is not internet connected and it'll never be. I've verified the signature (same way, downloaded to my old laptop and transfered the file with a usb).
Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?
It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too? Also, by that tutorial of how to verify electrum I don't get why should I trust gpg4win.org, couldn't this site get compromised as well?
And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?
Anyway, back to the point, I have reset my windows 10 laptop. I've downloaded from another laptop electrum-4.0.2-setup.exe and then I transfered it to a usb. The clear laptop (the one I reset) is not internet connected and it'll never be. I've verified the signature (same way, downloaded to my old laptop and transfered the file with a usb).
Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?
digital signatures that are modified are no longer valid. they will not verify.
gpg4win provides an easy to use gui frontend to gnu privacy guard on windows. its releases are also gpg signed so you can verify them. there are alternative software that you can use gpg itself or kleopatra which is cross platform.
Quote
Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?
yep
In electrum.org it says that hackers can hack the site and replace their own software that hides malicious code in the electrum software.
It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too? Also, by that tutorial of how to verify electrum I don't get why should I trust gpg4win.org, couldn't this site get compromised as well?
And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?
Anyway, back to the point, I have reset my windows 10 laptop. I've downloaded from another laptop electrum-4.0.2-setup.exe and then I transfered it to a usb. The clear laptop (the one I reset) is not internet connected and it'll never be. I've verified the signature (same way, downloaded to my old laptop and transfered the file with a usb).
Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?
It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too? Also, by that tutorial of how to verify electrum I don't get why should I trust gpg4win.org, couldn't this site get compromised as well?
And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?
Anyway, back to the point, I have reset my windows 10 laptop. I've downloaded from another laptop electrum-4.0.2-setup.exe and then I transfered it to a usb. The clear laptop (the one I reset) is not internet connected and it'll never be. I've verified the signature (same way, downloaded to my old laptop and transfered the file with a usb).
Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?
digital signatures that are modified are no longer valid. they will not verify.
gpg4win provides an easy to use gui frontend to gnu privacy guard on windows. its releases are also gpg signed so you can verify them. there are alternative software that you can use gpg itself or kleopatra which is cross platform.
The short answer is if you cannot verify every line of the code, then you must trust the developers. Verify signature gives you an opportunity to make sure (Not 100%), that the code was signed by the real developer and not scam.
You can verify the signature using several programs, and hacking a site like electrum.org will not pass without making a fuss but again, unless you can read every line in soruce code, you must trust dev.
Cold storage is simply that private keys/wallet seed are created in an environment that does not and will not connect to the Internet, so if the device connects at any moment to the Internet, it will not be considered a cold storage.
BTW: I am currently studying a subject related to probability, but in an advanced way, so if I find some time, I will create some chart for you to the possibility of losing your money if electrum.org hacked, wallet bugs, gpg4win.org, and all of them.
You can verify the signature using several programs, and hacking a site like electrum.org will not pass without making a fuss but again, unless you can read every line in soruce code, you must trust dev.
Cold storage is simply that private keys/wallet seed are created in an environment that does not and will not connect to the Internet, so if the device connects at any moment to the Internet, it will not be considered a cold storage.
BTW: I am currently studying a subject related to probability, but in an advanced way, so if I find some time, I will create some chart for you to the possibility of losing your money if electrum.org hacked, wallet bugs, gpg4win.org, and all of them.
In electrum.org it says that hackers can hack the site and replace their own software that hides malicious code in the electrum software.
It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too?
It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too?
It is possible.
But an attacker would have to compromise 1) the website/server and 2) the PGP key which is (hopefully) stored securely offline.
It simply adds another layer of protection.
And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?
Yes, it is.
By compromising the server.
Yes, those sites differ.
One is a multi billion dollar company, the other is an open source project.
Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?
If your PC never goes online, yes it is cold storage.
There is always a possibility of losing coins. For example by getting malware to your cold storage PC via USB and transferring the private keys out via the USB and the online PC.
Nothing is 100% secure.
Quote
If the computer is staying offline then yes it is effectively cold storage. The only way you'll lose your funds if it has been verified is if you lose the seed.
I'm gonna be a little paranoid, but I didn't format the laptop. I just reset it from the Reset button of windows 10. Whole reset tho. Deleted the entire system. Is there any possibility to... you know... have generated addresses by hackers of the previous system? I've read that files remain on hard drive, even on format.
I'm not using seed. I've just packed some thousands of addresses plus their private keys. Honestly, I'm not using seeds for one reason. I have not understood how they work (and I find them pretty less secure). Hence, I'm not touching them.
The idea of using gpg verification is offering that extra bit of security. When you first download the key sure it may be compromised but surely people would notice? You cam also generally save a key pair for verification at a later stage.
Also keys should be staked in different places - the github, potentially tomasv's account here, the site and some directories. Sites can be compromised, it's just a case of hacking the dns or social engineering with the registrar.
If the computer is staying offline then yes it is effectively cold storage. The only way you'll lose your funds if it has been verified is if you lose the seed.
Also keys should be staked in different places - the github, potentially tomasv's account here, the site and some directories. Sites can be compromised, it's just a case of hacking the dns or social engineering with the registrar.
If the computer is staying offline then yes it is effectively cold storage. The only way you'll lose your funds if it has been verified is if you lose the seed.
In electrum.org it says that hackers can hack the site and replace their own software that hides malicious code in the electrum software.
It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too? Also, by that tutorial of how to verify electrum I don't get why should I trust gpg4win.org, couldn't this site get compromised as well?
And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?
Anyway, back to the point, I have reset my windows 10 laptop. I've downloaded from another laptop electrum-4.0.2-setup.exe and then I transfered it to a usb. The clear laptop (the one I reset) is not internet connected and it'll never be. I've verified the signature (same way, downloaded to my old laptop and transfered the file with a usb).
Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?
It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too? Also, by that tutorial of how to verify electrum I don't get why should I trust gpg4win.org, couldn't this site get compromised as well?
And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?
Anyway, back to the point, I have reset my windows 10 laptop. I've downloaded from another laptop electrum-4.0.2-setup.exe and then I transfered it to a usb. The clear laptop (the one I reset) is not internet connected and it'll never be. I've verified the signature (same way, downloaded to my old laptop and transfered the file with a usb).
Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?
Jump to: