Why you cannot enter an arbitrary seed in Electrum - page 3.

jonald_fyookball

legendary

Activity: 1302

Merit: 1004

Core dev leaves me neg feedback #abuse #political

Quote from: RealBitcoin on August 03, 2015, 04:27:56 PM

Quote from: jonald_fyookball on August 03, 2015, 04:12:52 PM

Quote from: GODLIKE on August 03, 2015, 04:02:12 PM

Quote from: RealBitcoin on August 03, 2015, 03:58:06 PM

I suggest you to immediately change your password, and never ever use it in any public site/forum or search engine!

Dude, thank you for all your effort first of all, but... can you tell me how my search can be directly linked to me?
Also, my provider still groups many users under one IP, so I think I shouldn't be so easy to trace.
And last but not least, where should my IP be published?

you always think these ways of getting hacked are unlikely until they actually happen.
I think the bottom line is to never type your cold storage Bitcoin password on a live computer.

A much simpler case is that you have a keylogger that is sending all your information to a
hacker who can later use it.

Did you roll your own entropy with physical dice too?

Oh i`m very tinfoil hat when it comes to cold storage Cheesy

I took out everything from my offline PC, left with only a cd reader ,motherboard, and ram, and a keyboard with wires.

Wireless stuff are insecure. The operating system is booted from CD, and and data storage is on a double encrypted USB stick. All other connections are disabled from BIOS and sealed with tinfoil to not leak password through radio/infrared signals.

http://www.wired.com/2014/11/airhopper-hack/

RealBitcoin

hero member

Activity: 854

Merit: 1007

JAYCE DESIGNS - http://bit.ly/1tmgIwK

Quote from: jonald_fyookball on August 03, 2015, 04:12:52 PM

Quote from: GODLIKE on August 03, 2015, 04:02:12 PM

Quote from: RealBitcoin on August 03, 2015, 03:58:06 PM

I suggest you to immediately change your password, and never ever use it in any public site/forum or search engine!

Dude, thank you for all your effort first of all, but... can you tell me how my search can be directly linked to me?
Also, my provider still groups many users under one IP, so I think I shouldn't be so easy to trace.
And last but not least, where should my IP be published?

you always think these ways of getting hacked are unlikely until they actually happen.
I think the bottom line is to never type your cold storage Bitcoin password on a live computer.

A much simpler case is that you have a keylogger that is sending all your information to a
hacker who can later use it.

Oh i`m very tinfoil hat when it comes to cold storage Cheesy

I took out everything from my offline PC, left with only a cd reader ,motherboard, and ram, and a keyboard with wires.

Wireless stuff are insecure. The operating system is booted from CD, and and data storage is on a double encrypted USB stick. All other connections are disabled from BIOS and sealed with tinfoil to not leak password through radio/infrared signals.

http://www.wired.com/2014/11/airhopper-hack/

RealBitcoin

hero member

Activity: 854

Merit: 1007

JAYCE DESIGNS - http://bit.ly/1tmgIwK

Quote from: GODLIKE on August 03, 2015, 04:02:12 PM

Quote from: RealBitcoin on August 03, 2015, 03:58:06 PM

I suggest you to immediately change your password, and never ever use it in any public site/forum or search engine!

Dude, thank you for all your effort first of all, but... can you tell me how my search can be directly linked to me?
Also, my provider still groups many users under one IP, so I think I shouldn't be so easy to trace.
And last but not least, where should my IP be published?

If you have static IP then its horrible, because once anybody gets a hold of that they can track you every website you visit, if they obtain the websites logs.

If its dynamic it adds a little bit more security.

Every website you visit knows your IP address because everytime a connection is made to another site, your IP is revealed. Every instant messaging software reveals your IP. So any stranger you have skyped with, yahoo messengered with, or any other instant messenger you used to talk with strangers can have you IP.

Also if a hacker puts a tracking cookie on your PC (which many advertising sites already do, but a hacker with malicious desires i mean), he can track every site you visit.

Also trojans, and keyloggers are the other part, when if you get a virus that logs everything and sends it to the hacker, he can log your entire internet activity, from every mouse movement to every keystroke.

Yes privacy is very shallow on the internet, you must take extra precautions if you dont want your sensitive data to be revealed.

jonald_fyookball

legendary

Activity: 1302

Merit: 1004

Core dev leaves me neg feedback #abuse #political

Quote from: GODLIKE on August 03, 2015, 04:02:12 PM

Quote from: RealBitcoin on August 03, 2015, 03:58:06 PM

I suggest you to immediately change your password, and never ever use it in any public site/forum or search engine!

Dude, thank you for all your effort first of all, but... can you tell me how my search can be directly linked to me?
Also, my provider still groups many users under one IP, so I think I shouldn't be so easy to trace.
And last but not least, where should my IP be published?

you always think these ways of getting hacked are unlikely until they actually happen.
I think the bottom line is to never type your cold storage Bitcoin password on a live computer.

A much simpler case is that you have a keylogger that is sending all your information to a
hacker who can later use it.

GODLIKE

hero member

Activity: 546

Merit: 500

LOL what you looking at?

Quote from: RealBitcoin on August 03, 2015, 03:58:06 PM

I suggest you to immediately change your password, and never ever use it in any public site/forum or search engine!

Dude, thank you for all your effort first of all, but... can you tell me how my search can be directly linked to me?
Also, my provider still groups many users under one IP, so I think I shouldn't be so easy to trace.
And last but not least, where should my IP be published?

RealBitcoin

hero member

Activity: 854

Merit: 1007

JAYCE DESIGNS - http://bit.ly/1tmgIwK

Quote from: GODLIKE on August 03, 2015, 02:57:09 PM

Quote from: RealBitcoin on August 03, 2015, 01:20:37 PM

Quote from: GODLIKE on August 03, 2015, 02:00:22 AM

I get that 99% of people aren't able to generate a good sentence to remember, but I still don't like being given the chance to use my favourite sentence.

It's nothing I've found on internet, I searched for it and there's NO MATCHES on internet, and it's a sentence of 16 WORDS, that could also include punctuation.

Having to fiddle with hex is not fun for a non-coder and may also lead to problems in future updates I guess so I won't go that direction.

But in example, to not get bored with that sequence of words, I just snapshot it and send it to my email, which has a password of only 10+ characters... is that really better?
And I guess many people are doing it like that.

Printing those words on paper? And if somebody stumble on that paper?
Remembering 12 words without any sense? Good luck with that: nobody will even try. I didn't, for sure.

OMG you typed into google? Are you serious?

Did you e-mailed it to your other e-mail?

Man you must be the most uneducated person in internet security ever. You totally compromized your password and it's only a matter of time before you get robbed.

If you can't memorize 12 words then fucking carve it into a tree in a forest somewhere, to make sure nobody stumbles on that paper.

Man you need to keep your sensitive data more secure, because the thieves always love newbies who cannot secure their sensitive info.

I typed only the initial part of my sentence, just to see if it would have found any reference.

Still not recommended, especially if you do it from you own IP, because it can link back to you, and a clever hacker could use it if he ever breaks into your PC.

For example if your sentence is this: "My baby is feeded 3 cups of milk/day, and he giggles."

Then obviously this sentence might occur in some pregnant women forum somewhere in the obscure part of the internet, and google could find it, but if it has no link back to you then the odds of somebody taking a sentence from the obscure part of the web and linking it back directly to your bank account password or bitcoin password is very very unlinkely.

But if you per-se write it into google, then it is directly linked to you, and as i told above, a hacker can use any snippet of info to guess/bruteforce your PC and the sensitive stuff you might keep there.

Even if you wrote half of the sentence, that means that now your sentence is only half strong as it was before because half of it is compromized...

I suggest you to immediately change your password, and never ever use it in any public site/forum or search engine!

GODLIKE

hero member

Activity: 546

Merit: 500

LOL what you looking at?

Quote from: RealBitcoin on August 03, 2015, 01:20:37 PM

Quote from: GODLIKE on August 03, 2015, 02:00:22 AM

I get that 99% of people aren't able to generate a good sentence to remember, but I still don't like being given the chance to use my favourite sentence.

It's nothing I've found on internet, I searched for it and there's NO MATCHES on internet, and it's a sentence of 16 WORDS, that could also include punctuation.

Having to fiddle with hex is not fun for a non-coder and may also lead to problems in future updates I guess so I won't go that direction.

But in example, to not get bored with that sequence of words, I just snapshot it and send it to my email, which has a password of only 10+ characters... is that really better?
And I guess many people are doing it like that.

Printing those words on paper? And if somebody stumble on that paper?
Remembering 12 words without any sense? Good luck with that: nobody will even try. I didn't, for sure.

OMG you typed into google? Are you serious?

Did you e-mailed it to your other e-mail?

Man you must be the most uneducated person in internet security ever. You totally compromized your password and it's only a matter of time before you get robbed.

If you can't memorize 12 words then fucking carve it into a tree in a forest somewhere, to make sure nobody stumbles on that paper.

Man you need to keep your sensitive data more secure, because the thieves always love newbies who cannot secure their sensitive info.

I typed only the initial part of my sentence, just to see if it would have found any reference.

GODLIKE

hero member

Activity: 546

Merit: 500

LOL what you looking at?

Quote from: jonald_fyookball on August 03, 2015, 12:58:51 PM

Quote from: GODLIKE on August 03, 2015, 02:00:22 AM

I get that 99% of people aren't able to generate a good sentence to remember, but I still don't like being given the chance to use my favourite sentence.

It's nothing I've found on internet, I searched for it and there's NO MATCHES on internet, and it's a sentence of 16 WORDS, that could also include punctuation.

Having to fiddle with hex is not fun for a non-coder and may also lead to problems in future updates I guess so I won't go that direction.

But in example, to not get bored with that sequence of words, I just snapshot it and send it to my email, which has a password of only 10+ characters... is that really better?
And I guess many people are doing it like that.

Printing those words on paper? And if somebody stumble on that paper?
Remembering 12 words without any sense? Good luck with that: nobody will even try. I didn't, for sure.

You searched for it? Meaning you typed your passphrase into Google?
Now Google knows it. Plus it might even show up on some search phrase list.
You don't want to be doing that.

As far not being able to remember 12 words, first of all, I think you
have very low standards of what the human brain can achieve.
Some people memorize full books! I can easily remember 12 words and
the trick is to make a little mental picture.

But if you don't think you can memorize it, then trust your gut feeling
about your limitations and use another kind of wallet.

I snapshotted a picture of the seed and sent it to myself in the email.
That should be QUITE PRIVATE I think.
And I am pretty sure that if you ask 100 people they will not be learning by memory those 12 words, maybe 1 on 100 will.
And that's exactly the same reason why people don't make longer and more complex passwords.
Implying that I am "limited" is a subtle stupid insult, if you want to talk with me please refrain from being so presumptuous and not constructive at all.
I have exposed what I consider an issue, even though the developers made it that way considering it a feature.

Btw, my IQ, believe it or not (I don't care) is over 140.

Below, just some results from a game.

RealBitcoin

hero member

Activity: 854

Merit: 1007

JAYCE DESIGNS - http://bit.ly/1tmgIwK

Quote from: GODLIKE on August 03, 2015, 02:00:22 AM

I get that 99% of people aren't able to generate a good sentence to remember, but I still don't like being given the chance to use my favourite sentence.

It's nothing I've found on internet, I searched for it and there's NO MATCHES on internet, and it's a sentence of 16 WORDS, that could also include punctuation.

Having to fiddle with hex is not fun for a non-coder and may also lead to problems in future updates I guess so I won't go that direction.

But in example, to not get bored with that sequence of words, I just snapshot it and send it to my email, which has a password of only 10+ characters... is that really better?
And I guess many people are doing it like that.

Printing those words on paper? And if somebody stumble on that paper?
Remembering 12 words without any sense? Good luck with that: nobody will even try. I didn't, for sure.

OMG you typed into google? Are you serious?

Did you e-mailed it to your other e-mail?

Man you must be the most uneducated person in internet security ever. You totally compromized your password and it's only a matter of time before you get robbed.

If you can't memorize 12 words then fucking carve it into a tree in a forest somewhere, to make sure nobody stumbles on that paper.

Man you need to keep your sensitive data more secure, because the thieves always love newbies who cannot secure their sensitive info.

jonald_fyookball

legendary

Activity: 1302

Merit: 1004

Core dev leaves me neg feedback #abuse #political

Quote from: GODLIKE on August 03, 2015, 02:00:22 AM

I get that 99% of people aren't able to generate a good sentence to remember, but I still don't like being given the chance to use my favourite sentence.

It's nothing I've found on internet, I searched for it and there's NO MATCHES on internet, and it's a sentence of 16 WORDS, that could also include punctuation.

Having to fiddle with hex is not fun for a non-coder and may also lead to problems in future updates I guess so I won't go that direction.

But in example, to not get bored with that sequence of words, I just snapshot it and send it to my email, which has a password of only 10+ characters... is that really better?
And I guess many people are doing it like that.

Printing those words on paper? And if somebody stumble on that paper?
Remembering 12 words without any sense? Good luck with that: nobody will even try. I didn't, for sure.

You searched for it? Meaning you typed your passphrase into Google?
Now Google knows it. Plus it might even show up on some search phrase list.
You don't want to be doing that.

As far not being able to remember 12 words, first of all, I think you
have very low standards of what the human brain can achieve.
Some people memorize full books! I can easily remember 12 words and
the trick is to make a little mental picture.

But if you don't think you can memorize it, then trust your gut feeling
about your limitations and use another kind of wallet.

GODLIKE

hero member

Activity: 546

Merit: 500

LOL what you looking at?

I get that 99% of people aren't able to generate a good sentence to remember, but I still don't like being given the chance to use my favourite sentence.

It's nothing I've found on internet, I searched for it and there's NO MATCHES on internet, and it's a sentence of 16 WORDS, that could also include punctuation.

Having to fiddle with hex is not fun for a non-coder and may also lead to problems in future updates I guess so I won't go that direction.

But in example, to not get bored with that sequence of words, I just snapshot it and send it to my email, which has a password of only 10+ characters... is that really better?
And I guess many people are doing it like that.

Printing those words on paper? And if somebody stumble on that paper?
Remembering 12 words without any sense? Good luck with that: nobody will even try. I didn't, for sure.

jonald_fyookball

legendary

Activity: 1302

Merit: 1004

Core dev leaves me neg feedback #abuse #political

Quote from: RealBitcoin on July 23, 2015, 12:27:29 PM

Quote from: jonald_fyookball on July 23, 2015, 12:00:42 PM

You can still use external entropy. Just format it into a valid electrum seed format and voila.

How? I cannot edit that initial box where the seed is in, it pops out random words, but i cannot put there random characters.

start a new wallet and choose 'restore from seed', then enter the seed you want.
it has to be a valid seed (containing the proper amount of words all from the electrum dictionary.)

RealBitcoin

hero member

Activity: 854

Merit: 1007

JAYCE DESIGNS - http://bit.ly/1tmgIwK

Quote from: jonald_fyookball on July 23, 2015, 12:00:42 PM

You can still use external entropy. Just format it into a valid electrum seed format and voila.

How? I cannot edit that initial box where the seed is in, it pops out random words, but i cannot put there random characters.

jonald_fyookball

legendary

Activity: 1302

Merit: 1004

Core dev leaves me neg feedback #abuse #political

You can still use external entropy. Just format it into a valid electrum seed format and voila.

RealBitcoin

hero member

Activity: 854

Merit: 1007

JAYCE DESIGNS - http://bit.ly/1tmgIwK

Quote from: ThomasV on March 16, 2013, 05:54:41 PM

A phrase generated by a human, or picked from a random book opened at a random page, will in general be much less random, and much more vulnerable to attacks.

Yea but why can't i have the choice atleast. Who knows that my RNG on my PC is flawed, and i might use an external RNG or have a radio that generates random entropy.

128 bit is only 16 character, guys I use 70-80 character random passwords.

Even my flawed RNG 70 character password is better than your "bulletproof" 16 character password

jonald_fyookball

legendary

Activity: 1302

Merit: 1004

Core dev leaves me neg feedback #abuse #political

Quote from: taylortyler on August 03, 2014, 01:13:27 AM

What happens if all the electrum servers are taken offline. Would there be a way to use the seed phrase to recover?

server have nothing to do with the seed and never see your seed.

All the servers do is tell you your up-to-date balances and broadcast transactions to the network.

taylortyler

member

Activity: 84

Merit: 10

What happens if all the electrum servers are taken offline. Would there be a way to use the seed phrase to recover?

dabura667

sr. member

Activity: 475

Merit: 252

Quote from: minerpumpkin on July 17, 2014, 05:50:12 PM

Quote from: jonald_fyookball on July 09, 2014, 08:40:47 PM

on what specific idea?

Rolling your own Electrum seed with dice. It's a little bit different than diceware, because you effectively directly roll 12 Electrum seed words, and don't rely on some other entropy dimensions, but exactly on those offered by Electrum itself! I suggested it here: https://bitcointalksearch.org/topic/m.4502689

This is slightly more efficient:
https://bitcointalksearch.org/topic/m.7836442

minerpumpkin

hero member

Activity: 686

Merit: 500

A pumpkin mines 27 hours a night

Quote from: jonald_fyookball on July 17, 2014, 06:06:28 PM

Quote from: minerpumpkin on July 17, 2014, 05:50:12 PM

Quote from: jonald_fyookball on July 09, 2014, 08:40:47 PM

on what specific idea?

Rolling your own Electrum seed with dice. It's a little bit different than diceware, because you effectively directly roll 12 Electrum seed words, and don't rely on some other entropy dimensions, but exactly on those offered by Electrum itself! I suggested it here: https://bitcointalksearch.org/topic/m.4502689

Well i'm not an electrum developer but I see no reason you can't.

You will want to synch up with the 12 word seed schema, though,
at least if you want to use Electrum the way it is intended.
You need the seed for restore functions as well as generating
new addresses.

The way I would do it:

Assuming you're using standard 6-sided dice, you roll a dice
5 times... This gives you 6^5 combinations = 7776.
Now divide by 4 and throw away the remainder.
This gives you a number between 1 and 1944.
If the number is greater than 1626, throw it away.
If it 1626 or lower, keep it, write it down.

Repeat the whole process 12 times, now you have
12 numbers that you can use to match up
with the 12 words in the electrum dictionary.

The file I quoted in my original post contained all of Electrum's seed words in a way that they could be addressed by rolling 5 dice. By repeating this procedure 12 times, you get an Electrum seed (discard all throws that are invalid, i.e. since 5 6-sided dice have an entropy that's too high, there are less words than possible combinations).

jonald_fyookball

legendary

Activity: 1302

Merit: 1004

Core dev leaves me neg feedback #abuse #political

Quote from: minerpumpkin on July 17, 2014, 05:50:12 PM

Quote from: jonald_fyookball on July 09, 2014, 08:40:47 PM

on what specific idea?

Rolling your own Electrum seed with dice. It's a little bit different than diceware, because you effectively directly roll 12 Electrum seed words, and don't rely on some other entropy dimensions, but exactly on those offered by Electrum itself! I suggested it here: https://bitcointalksearch.org/topic/m.4502689

Well i'm not an electrum developer but I see no reason you can't.

You will want to synch up with the 12 word seed schema, though,
at least if you want to use Electrum the way it is intended.
You need the seed for restore functions as well as generating
new addresses.

The way I would do it:

Assuming you're using standard 6-sided dice, you roll a dice
5 times... This gives you 6^5 combinations = 7776.
Now divide by 4 and throw away the remainder.
This gives you a number between 1 and 1944.
If the number is greater than 1626, throw it away.
If it 1626 or lower, keep it, write it down.

Repeat the whole process 12 times, now you have
12 numbers that you can use to match up
with the 12 words in the electrum dictionary.

Topic: Why you cannot enter an arbitrary seed in Electrum - page 3. (Read 65015 times)