Pages:
Author

Topic: Why you cannot enter an arbitrary seed in Electrum (Read 65098 times)

jr. member
Activity: 34
Merit: 4
I used the wallet restore function and made a new wallet using a hexstring taken from the output of

echo -n "My own string"|sha256sum

in a linux conole. If a truly unique string (perhaps involving personal informtion) is used for "My own string" which can be easily remembered, (e.g. "cyberguy was born on the 29th of February 1976 in the middle of the atlantic") what are the security implications of this. Could this be considered an alternative for a "brain wallet"
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
You can "input" custom seed to generate a BIP-32 Hierarchical Deterministic Wallet with this tool:

https://coinb.in
legendary
Activity: 1232
Merit: 1030
give me your cryptos
I believe that Electrum should be able to allow these seeds. Maybe there should be extensive warnings, but it should be allowed nevertheless.

I have a ledger wallet and Electrum, I want to be able to use both Sad
hero member
Activity: 994
Merit: 1000
PUGG.io
Recently one of my friend's computer got hacked by downloading the exe file which was actually a keylogger and the hacker hacked his electrum seed key and now he is also operating his electrum address and what ever his address are receiving the bitcoins he is just simply withdrawing it.

So how can you help him to recover his old wallet from that hacker, can we change the seed pass phrase key . Please help me to recover that electrum wallet from the hacker as my friend is not have that much knowledge about the software 
hero member
Activity: 546
Merit: 500
LOL what you looking at?
ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.

Great explanation, thank you!
And it's not rude to say that someone is just wrong, we can't know everything Smiley

However, as the two methods give presumably good enough protection, we are still on the line that a human generated phrase can be remembered more easily than a group of random words.

It wouldn't require too much work at all to allow a user to write his sentence, check that he uses caps, lower letters, punctuation and possibly numbers.
The random words method could be left active as an option.

I agree 100% that its possible to create a good passphrase with a very high probability of it being ultra secure
IF YOU KNOW WHAT YOU'RE DOING.

But since many people do not know what they are doing, Electrum chose to idiot-proof it.

As I wrote: it's easy to put a check in it.
You press enter and there's no punctuation and no caps and the sentence is not long enough and various enough: the program won't accept it.
Easy.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.

Great explanation, thank you!
And it's not rude to say that someone is just wrong, we can't know everything Smiley

However, as the two methods give presumably good enough protection, we are still on the line that a human generated phrase can be remembered more easily than a group of random words.

It wouldn't require too much work at all to allow a user to write his sentence, check that he uses caps, lower letters, punctuation and possibly numbers.
The random words method could be left active as an option.

I agree 100% that its possible to create a good passphrase with a very high probability of it being ultra secure
IF YOU KNOW WHAT YOU'RE DOING.

But since many people do not know what they are doing, Electrum chose to idiot-proof it.
hero member
Activity: 546
Merit: 500
LOL what you looking at?
ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.

Great explanation, thank you!
And it's not rude to say that someone is just wrong, we can't know everything Smiley

However, as the two methods give presumably good enough protection, we are still on the line that a human generated phrase can be remembered more easily than a group of random words.

It wouldn't require too much work at all to allow a user to write his sentence, check that he uses caps, lower letters, punctuation and possibly numbers.
The random words method could be left active as an option.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political

Are you telling me that... the dictionary used in Electrum is well known and available?

So I'm sorry, but this fixed automatic method to generate the seed is TOTAL AND UTTER BULLSHIT and my proposed method is infinitely better.

Why?
Because if I'm an hacker I can just test all the WORDS, I DON'T NEED TO TEST CHARACTER AFTER CHARACTER!
I know the words! So I only need to swap ENTIRE WORDS instead than CHARACTERS, it's so fuckin stupid!
If the dictionary is 1000 words, then the number of possible combinations in the seed is 1000^12!
That's 1 followed by 36 0. I don't say it's little, but it's surely waaaaaay less than a sentence human generated with some punctuation, numbers and caps.

Basically, this automatic seed generation is 12 "bytes" long: the number of words used in the seed! Only a Byte is 256 combinations, while the dictionary has 1000 combinations (I don't know how many words are in the dictionary).
But SURELY this method has NOTHING with testing characters, any hacker could just test WORDS.

Really, I wonder how nobody can see this.
Shit, I thought the dictionary was internal and encripted in the software, this is incredible, an incredible fallacy.



ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.







hero member
Activity: 546
Merit: 500
LOL what you looking at?

Are you telling me that... the dictionary used in Electrum is well known and available?

So I'm sorry, but this fixed automatic method to generate the seed is TOTAL AND UTTER BULLSHIT and my proposed method is infinitely better.

Why?
Because if I'm an hacker I can just test all the WORDS, I DON'T NEED TO TEST CHARACTER AFTER CHARACTER!
I know the words! So I only need to swap ENTIRE WORDS instead than CHARACTERS, it's so fuckin stupid!
If the dictionary is 1000 words, then the number of possible combinations in the seed is 1000^12!
That's 1 followed by 36 0. I don't say it's little, but it's surely waaaaaay less than a sentence human generated with some punctuation, numbers and caps.

Basically, this automatic seed generation is 12 "bytes" long: the number of words used in the seed! Only a Byte is 256 combinations, while the dictionary has 1000 combinations (I don't know how many words are in the dictionary).
But SURELY this method has NOTHING with testing characters, any hacker could just test WORDS.

Really, I wonder how nobody can see this.
Shit, I thought the dictionary was internal and encripted in the software, this is incredible, an incredible fallacy.

hero member
Activity: 619
Merit: 500
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
maybe that word isnt in the electrum dictionary.
hero member
Activity: 546
Merit: 500
LOL what you looking at?
I've been experimenting with electrum restore seed function, and its either really buggy or something is wrong.

entered frequent into the seed box, and can continue to generate a wallet.

god god god god god god god god god god god god works and I can create a wallet, however

fun fun fun fun fun fun fun fun fun fun fun fun doesnt work

abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon ab works

acid acid acid acid acid acid acid acid acid acid acid acid acid acid acid acid aci also works

Well, it seems Electrum doesn't like fun.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Anyway, after thinking well around all this, I'm definitely sure that a sentence:

- more than 100 characters
- unknown language
- possibly with invented words
- possibly with grammar errors
- with caps letters
- possibly with numbers
- possibly with punctuation.

is more secure than:

- always-english
- common dictionary
- no caps
- no numbers
- no punctuation

randomly generated seed of 12 words.

AND it's much easier to remember, thus giving an actual chance to many users to just hold the sentence in their brain and nowhere else.

Yes but i dont understand why we are forced to only 12 words.

The devs force use to have 12 words, what if i want 30 words?

I just dont understand why are they deciding it for us with the pretense "that they know better".

I want to decide my own password and length of it.

They don't allow it because, hoping that Bitcoin will become common use money, there will be a huge effort by hackers to break into users accounts.
This situation will be associated with the fact that the common user usually sets too weak passwords. This would happen with the seed as well.
But then again: as it's commonly use to force users to put caps and numbers in passwords, other mandatory rules can be added when generating a seed.
And I'm pretty sure I demonstrated that a user generated sentence with the rules I set up is more difficult to break than a random generated seed of 12 words without caps, numbers, punctuation, generated from some much used dictionary library... and there's the additional feature that you can easily remember your sentence.

yep pretty much this.

Its designed to mathematically give you 128+ bits of entropy, and each word in the dictionary is mapped
to numbers, so its random.  There's only 128 bits anyway of security in a spent address.

If you want something different, use brain wallet.
hero member
Activity: 546
Merit: 500
LOL what you looking at?
Anyway, after thinking well around all this, I'm definitely sure that a sentence:

- more than 100 characters
- unknown language
- possibly with invented words
- possibly with grammar errors
- with caps letters
- possibly with numbers
- possibly with punctuation.

is more secure than:

- always-english
- common dictionary
- no caps
- no numbers
- no punctuation

randomly generated seed of 12 words.

AND it's much easier to remember, thus giving an actual chance to many users to just hold the sentence in their brain and nowhere else.

Yes but i dont understand why we are forced to only 12 words.

The devs force use to have 12 words, what if i want 30 words?

I just dont understand why are they deciding it for us with the pretense "that they know better".

I want to decide my own password and length of it.

They don't allow it because, hoping that Bitcoin will become common use money, there will be a huge effort by hackers to break into users accounts.
This situation will be associated with the fact that the common user usually sets too weak passwords. This would happen with the seed as well.
But then again: as it's commonly use to force users to put caps and numbers in passwords, other mandatory rules can be added when generating a seed.
And I'm pretty sure I demonstrated that a user generated sentence with the rules I set up is more difficult to break than a random generated seed of 12 words without caps, numbers, punctuation, generated from some much used dictionary library... and there's the additional feature that you can easily remember your sentence.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
What if my sentence was written in... italian? (it is, actually)
Should a hacker implement several languages grammar?
I still think we are going a bit too far in the paranoid field here...

What if my sentence is written in... a dialect, of any language?

Also keep in mind there's quite some people that CAN'T write correctly.
Just to stay on the english side: many mistake IT'S with ITS, HIS with HE'S, YOUR with YOU'RE, and much more...

Professional password breakers, use dictionary attacks on the passwords, and they got a dictionary of all words, dialects, new words, of all languages.

Probably they focus on major ones.

If your password is in like Navajo or some really obscure language then it might be harder to break, but even then dont put your address,name, or birthdate in it.



Seems to me like you people want to refuse the reality.

Anyway, after thinking well around all this, I'm definitely sure that a sentence:

- more than 100 characters
- unknown language
- possibly with invented words
- possibly with grammar errors
- with caps letters
- possibly with numbers
- possibly with punctuation.

is more secure than:

- always-english
- common dictionary
- no caps
- no numbers
- no punctuation

randomly generated seed of 12 words.

AND it's much easier to remember, thus giving an actual chance to many users to just hold the sentence in their brain and nowhere else.

Yes but i dont understand why we are forced to only 12 words.

The devs force use to have 12 words, what if i want 30 words?

I just dont understand why are they deciding it for us with the pretense "that they know better".

I want to decide my own password and length of it.
hero member
Activity: 546
Merit: 500
LOL what you looking at?
What if my sentence was written in... italian? (it is, actually)
Should a hacker implement several languages grammar?
I still think we are going a bit too far in the paranoid field here...

What if my sentence is written in... a dialect, of any language?

Also keep in mind there's quite some people that CAN'T write correctly.
Just to stay on the english side: many mistake IT'S with ITS, HIS with HE'S, YOUR with YOU'RE, and much more...

Professional password breakers, use dictionary attacks on the passwords, and they got a dictionary of all words, dialects, new words, of all languages.

Probably they focus on major ones.

If your password is in like Navajo or some really obscure language then it might be harder to break, but even then dont put your address,name, or birthdate in it.



Seems to me like you people want to refuse the reality.

Anyway, after thinking well around all this, I'm definitely sure that a sentence:

- more than 100 characters
- unknown language
- possibly with invented words
- possibly with grammar errors
- with caps letters
- possibly with numbers
- possibly with punctuation.

is more secure than:

- always-english
- common dictionary
- no caps
- no numbers
- no punctuation

randomly generated seed of 12 words.

AND it's much easier to remember, thus giving an actual chance to many users to just hold the sentence in their brain and nowhere else.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
What if my sentence was written in... italian? (it is, actually)
Should a hacker implement several languages grammar?
I still think we are going a bit too far in the paranoid field here...

What if my sentence is written in... a dialect, of any language?

Also keep in mind there's quite some people that CAN'T write correctly.
Just to stay on the english side: many mistake IT'S with ITS, HIS with HE'S, YOUR with YOU'RE, and much more...

Professional password breakers, use dictionary attacks on the passwords, and they got a dictionary of all words, dialects, new words, of all languages.

Probably they focus on major ones.

If your password is in like Navajo or some really obscure language then it might be harder to break, but even then dont put your address,name, or birthdate in it.

hero member
Activity: 546
Merit: 500
LOL what you looking at?
What if my sentence was written in... italian? (it is, actually)
Should a hacker implement several languages grammar?
I still think we are going a bit too far in the paranoid field here...

What if my sentence is written in... a dialect, of any language?

Also keep in mind there's quite some people that CAN'T write correctly.
Just to stay on the english side: many mistake IT'S with ITS, HIS with HE'S, YOUR with YOU'RE, and much more...
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
oda krell, interesting article.

You may be able to argue that you lose a few bits of entropy with a grammatically correct
sentence.  This is why experts really don't recommend that you create your own phrase
to begin with:  Its difficult to accurately measure the entropy.


hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
You can 3D print a ring and stamp the words inside it, just an idea Cheesy

(screw my claim that I'm not writing again in here Cheesy)

You're probably joking, but I'm not so sure that "on body safekeeping" is necessarily worse than traditional safekeeping by hiding, or placing things into vaults.

Now I wonder if there's any research into this, how "on body" compares to "hiding" compares to "vaulting"...

Hiding is better than vaulting. If a thief breaks into your house he knows exactly where to look for valuables if he finds a vault.

If you carve the private key in a tree branch in your nearest forest, or put a piece of paper in a box, and bury it in your nearby forest, is a better solution.
Pages:
Jump to: