Bitcoin Forum

Hi everyone, I am using Electrum to set up a long term cold storage wallet and I was wondering if you people think it is worth using the extended seed option. I figure this gives me more security so it is worth it, I'm just not sure if I could restore the seed in a different wallet if for some reason Electrum ever became nonfunctional. The other wallets I have seen such as blockchain.info have 12 word seeds and no option to extend, and even if I found a new wallet where I could extend seed I am using random words not in the dictionary so would it even work?

Bitcoin Client Software and Version Number: 2.7 something, the one tails uses
Operating System: tails
System Hardware Specs:  electrum
Description of Problem:
Any Related Addresses:
Any Related Transaction IDs:
Screenshot of the problem:
Log Files from the Bitcoin Client:

First of all, stop using that version of Electrum. Search around for a Tails upgrade or just upgrade your Electrum. That version is not safe at all, please shut it down.

The extended seed option basically just increases the difficulty of anyone bruteforcing your seed. It doesn't really matter that much since the default number of mnemoric words is more than safe. Assuming that the length of the seed is 13 words, the possible number of combination is 2048^13. That is an incredibly large number and its unlikely that anyone would get to your seed in several of your lifetimes. If you'd like, the longer number of words would definitely be better with regards to this matter but I would prefer to store as little seeds as possible.

At any rate, Electrum doesn't follow any standards in their generation of seeds. Hence, any seed you generate using Electrum is incompatible with everyone else.

I downloaded tails in the last week off the official site so it should be the most updated version, why do you say this version of electrum is not safe?

He was speaking of this Electrum vulnerability that was found and corrected:
https://bitcointalk.org/index.php?topic=2721388.0 (https://bitcointalk.org/index.php?topic=2721388.0)

I would also like to use longer seeds, but currently it seems wiser to use the standard seed lenght

I cant understand why they insist in keeping the security in 128bits and not one bit more. After all your seed is used for generating many addresses. It would be better to make it more secure than one single address.

Having said that. 128 bits should be more than enough for now.

First of all you can add any words or characters to extend your seed with. I know it's says custom "words", and there have (https://github.com/spesmilo/electrum/issues/3426) been complaints about that choice of wording, but it can be anything.

The extend seed option isn't to increase the entropy of the seed. It's there so that you can create multiple wallets with the same seed making backups easier. So for example you could have one wallet with custom words of "1", another with custom words "2" and so on.

There are some other reasons why people might find the feature useful:

- to provide a second factor to the seed. That is if anyone discovers your seed backup they would also need to find the characters you extended the seed with. It is hoped that you keep those in your head only.

- to provide plausible deniability. You can extend the same seed with different characters to yield different wallets. In the event someone forces you to reveal your seed you can give them access to your dummy wallet without giving them access to your main wallet.

Thanks for the explanation everyone. I plan on using this wallet as a complete cold storage and really I will never be connecting to the web while on the wallet so I don't think I have to worry about this web vulnerability. The watch-only address will be on a internet connected computer but that internet connected one has the most recent version of electrum so I should be ok.... I will keep the 12 word seed and guess the extended one will be my 2FA                             

I don't think you fully understand what a "complete cold storage" is... it shouldn't be that you won't be connecting to the web when using the wallet... it should be "you won't be connecting to the web EVER".

Otherwise, that isn't cold storage.

That is basically what I was implying, I used bootable USB with Tails to set this wallet up on a computer that had absolutely no internet at the time of creation so this would be considered cold storage right? This USB isn't going to ever touch a computer with internet again until I actually have to sign and send any transaction with this wallet and in that case i'm just gonna send all my coins out and make a complete new wallet so i can keep things cold

Now that's something new for me, this very useful feature never occurred to me, using the seed extension like this to create a decoy wallet. That would presumably help solve the problem of seed being found out or compromised. They'd get a wallet, but only the decoy. I've never actually created one with seed extension, but this is something very useful to learn. Only issue if I won't be as confident of being able to recover the wallet other than with Electrum, or does this "custom" seed not affect that?

It's a moot point... Electrum seeds are (generally) NOT recoverable in other wallets... They are not BIP39 compliant. Hence the reason why "BIP39 Seed" is an "option" when you are recovering from a seed.

At this point in time, I'm not aware of any wallet that can recover an Electrum seed. The only "backup" is that Ian Coleman's Mnemonic  Code Converter (https://iancoleman.io/bip39/) can be modified to work with Electrum seeds.

Basically I just disabled the checksum and changed the default "BIP39 passphrase" from "mnemonic+USERPASSPHRASE" to "electrum+USERPASSPHRASE".

You can archive a copy of electrum if you are worried that it'll disappear. What kind of scenario are you imagining where all copies of electrum from all the users' computers around the world will suddenly disappear (not to mention the code repo on github and the site electrum.org)?

I don't know enough to be confident, but let's say one day Electrum decides to cease development, and Bitcoin moves on to other upgrades that eventually Electrum doesn't support, I might be motivated to change client. Unlikely as it seems, am I mistaken to think this?

Though, HCP's point seems to mean that I already have this scenario if Electrum seeds aren't recoverable by other wallets...

You can use electrum to get your private keys. Then you can import them in another wallet. So even if electrum ceases all development that private key exporting function in it won't just disappear.

Not at all... a healthy level of paranoia and "what if?" thinking is a "Good Thing"™ in cryptocurrency related activities... and I commend you for actually taking the time to think some of this through.


They're not recoverable by other wallets... but the knowledge of how to recover them is probably not going to be lost. That's one of the great things about OSS... the knowledge required is freely available. According to Github, there are 1,187 forks of the Electrum codebase!!?! :o :o

Granted, a lot of them will have some major modifications, but I know my fork of the codebase hasn't changed much... ;)