Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: BlackHatCoiner on July 20, 2020, 02:35:46 PM



Title: Paranoid questions about creating addresses
Post by: BlackHatCoiner on July 20, 2020, 02:35:46 PM
I'm using electrum. I want to create hundreds of addresses, but because I'm a little paranoid I don't know how I will do it safely. I have already generated addresses but I'm thinking for buying bitcoins on the long-term.

1) Why does verification of electrum proves electrum won't generate private keys that may be already known? Like a hacker put them so he can steal the coins later. It doesn't require internet connection. The private keys are simply not random. I know that it is open source, but I don't get how with verification, I have to be 101% sure that I'm safe.

2) If they write the SHA256 of the exe on electrum.org and I test it that it has the same SHA256 result, I have the clear program right? No hackers could face that step?

3) Can I deside my randomness' fate? Can I put the ones and zeros by myself somehow? Do you have any scripts on github so I can check the code?

4) Can I somehow generate thousands of different addresses on electrum? (And export them in csv). I see that it only generates 10-15 by default.


Title: Re: Paranoid questions about creating addresses
Post by: ranochigo on July 20, 2020, 02:58:15 PM
1) Why does verification of electrum proves electrum won't generate private keys that may be already known? Like a hacker put them so he can steal the coins later. It doesn't require internet connection. The private keys are simply not random. I know that it is open source, but I don't get how with verification, I have to be 101% sure that I'm safe.

It doesn't. Verification of Electrum only ensures that the binaries are compiled and verified by ThomasV. You're still trusting ThomasV and someone else unless you review the codes yourself. Vulnerabilities can be put intentionally or unintentionally.
2) If they write the SHA256 of the exe on electrum.org and I test it that it has the same SHA256 result, I have the clear program right? No hackers could face that step?

You're still obtaining the SHA256 hash from the site and that is the point for MITM attacks to happen. PGP is better since you're validating against an identity so you just have to make sure that the chain of trust is not compromised.
3) Can I deside my randomness' fate? Can I put the ones and zeros by myself somehow? Do you have any scripts on github so I can check the code?

Not as far as I know of. Humans aren't the best at generating entropy anyways.
4) Can I somehow generate thousands of different addresses on electrum? (And export them in csv). I see that it only generates 10-15 by default.
You can generate a large amount of addresses at once.

wallet.create_new_address(False) for i in range(X)

Or increase the gap limit.


Title: Re: Paranoid questions about creating addresses
Post by: BlackHatCoiner on July 20, 2020, 03:06:17 PM
I don't think that I should be that suspicious. We can trust ThomasV right? Have you ever heard any electrum incidents of stolen funds in cold storage?


Title: Re: Paranoid questions about creating addresses
Post by: PrimeNumber7 on July 20, 2020, 03:07:35 PM
When you generate a seed in electrum, you are technically generating every address that will ever be used in your wallet. The private keys are calculated from your seed. So if you have two computers that are not connected to the internet, and create wallets with the same seed on both computers, both will “generate” the exact same addresses in the exact same order.

When generating a seed, you need to be sure that the seed is in fact random. As long as you are certain your computer can generate random numbers that are truly random, an authentic version of electrum should generate a random seed.

You can compile electrum yourself so you personally know what it is doing when generating a seed. Or you can generate a seed yourself.

You can set the gap limit in electrum to higher than the default for your electrum client to display more addresses.


Title: Re: Paranoid questions about creating addresses
Post by: HeRetiK on July 20, 2020, 03:19:19 PM
3) Can I deside my randomness' fate? Can I put the ones and zeros by myself somehow? Do you have any scripts on github so I can check the code?

You can add a custom extension word when creating a new wallet:
https://en.bitcoin.it/wiki/Seed_phrase

To do so, click "Options" on the screen where your wallet generation seed is displayed. Check "Extend this seed with custom words" in the prompt, and enter the extension word(s) of your choice. This way your private keys will be derived from the seed phrase as generated by Electrum plus the word(s) of your choice.

Important Warning:
Keep a backup of your extension word(s) as well. Unlike the encryption password, you won't be able to recover your wallet from the generation seed without it (which also is kind of the point).

(be aware though that a compromised version of Electrum that would "fake" your seed could just as easily send your extension word(s) to its control server)


Title: Re: Paranoid questions about creating addresses
Post by: o_e_l_e_o on July 20, 2020, 08:04:56 PM
We can trust ThomasV right?
Some people would say yes. Others would say that you shouldn't trust anyone.

Have you ever heard any electrum incidents of stolen funds in cold storage?
Such incidents have always been due to user error - generated on an internet enabled machine, seed phrase stored insecurely, etc. - and not due to an Electrum error.

As ranochigo points out, unless you review the code yourself, you are going to have to trust someone, whether that is the developer or the community who are telling you it is safe. If you do not have the required knowledge to review the code yourself, then this is what I would do -

Download and verify Ian Coleman's site
Download and verify Electrum
Run both on a permanently airgapped machine running a clean OS
Flip a coin 256 times and enter the entropy in to Ian Coleman. It will generate a seed phrase for you
Double check your coin flips against the BIP39 wordlist in groups of 11 to make sure the seed phrase generate matches your entropy
Enter the same seed phrase in Electrum
Check that the addresses provided by both Ian Coleman and Electrum match

This allows you to ensure the entropy is random, the seed phrase matches the entropy, and the addresses match the seed phrase, all without requiring any review of the code.


Title: Re: Paranoid questions about creating addresses
Post by: pooya87 on July 21, 2020, 04:10:58 AM
We can trust ThomasV right?

no!
instead you go here (https://github.com/spesmilo/electrum) and make a local copy, look at the code line-by-line and finally compile it yourself on your own computer using your own compiler and use that instead.
that is the cost of being "paranoid".
you can also compute the hash of what you've built and compare it with the hash of the binaries that were released by the developer since the Electrum builds are deterministic to make sure there is no monkey business...


Title: Re: Paranoid questions about creating addresses
Post by: BlackHatCoiner on July 21, 2020, 07:00:46 AM
We can trust ThomasV right?

no!
instead you go here (https://github.com/spesmilo/electrum) and make a local copy, look at the code line-by-line and finally compile it yourself on your own computer using your own compiler and use that instead.
that is the cost of being "paranoid".
you can also compute the hash of what you've built and compare it with the hash of the binaries that were released by the developer since the Electrum builds are deterministic to make sure there is no monkey business...

The cost of being paranoid is much bigger. So now I must trust visual studio for compiling me the source code?


Title: Re: Paranoid questions about creating addresses
Post by: pooya87 on July 21, 2020, 07:21:05 AM
We can trust ThomasV right?

no!
instead you go here (https://github.com/spesmilo/electrum) and make a local copy, look at the code line-by-line and finally compile it yourself on your own computer using your own compiler and use that instead.
that is the cost of being "paranoid".
you can also compute the hash of what you've built and compare it with the hash of the binaries that were released by the developer since the Electrum builds are deterministic to make sure there is no monkey business...

The cost of being paranoid is much bigger. So now I must trust visual studio for compiling me the source code?

you can also use open source compilers such as Visual Studio Code (https://github.com/microsoft/vscode) but at some point you have to trust something, for example your OS or your hardware. i wouldn't call that paranoid anymore. at some point it starts being just crazy.


Title: Re: Paranoid questions about creating addresses
Post by: BlackHatCoiner on July 21, 2020, 07:31:41 AM
Okay I think that will just verify electrum with kleopatra. No one had ever an incident with that. Then I'll simply turn off internet connection forever and I will generate some thousands of addresses.

Thank you.


Title: Re: Paranoid questions about creating addresses
Post by: Danydee on July 21, 2020, 03:16:20 PM
If you are looking just for the addresses /brute addresses, I suggest you to look here too
https://medium.com/coinmonks/generate-and-download-thousands-of-bitcoin-wallets-in-a-minute-or-two-d42ce73d77d8


Title: Re: Paranoid questions about creating addresses
Post by: Husires on July 21, 2020, 04:07:49 PM
You are not obligated to use electrum, there are a lot of wallets and electrum is not ideal for all things. this wallet will fail if you want to generate thousands of addresses/transaction daily because it is not intended for that.

For thousands of daily transactions you need more numbers, I can think of the following:

Server: (hot wallet)

 - use blocknotify to updates balances to external database.
 - Script to check balance and update it (manually) if your hot wallet balance is less than X amount and move it (Auto) if your hot wallet balance is more than X amount.

cold wallet: (Offline)

 - use Armory wallet that holds the private keys.
 - Admin access to refill your hot wallet.

And if you don't trust the developers, do it yourself: You need cryptography library that supports secp256k1 ECDSA, generate your private key and use it to get your public key or  Bitcoin address (SHA256 and RIPEMD-160)

you can start with this topic:
How Bitcoin Addresses are generated? Understand the Math behind Bitcoin (https://bitcointalk.org/index.php?topic=5223167.msg53772308#msg53772308)
What is Elliptic Curve Cryptography? Understand how is it related to Bitcoin (https://bitcointalk.org/index.php?topic=5232734.msg54026141#msg54026141)


Title: Re: Paranoid questions about creating addresses
Post by: BlackHatCoiner on July 21, 2020, 07:49:45 PM
I think I've found the greatest way to create one private key super safely. (https://www.youtube.com/watch?v=WyBdYhwweaE)


Title: Re: Paranoid questions about creating addresses
Post by: o_e_l_e_o on July 21, 2020, 08:09:26 PM
I think I've found the greatest way to create one private key super safely. (https://www.youtube.com/watch?v=WyBdYhwweaE)
Why would you spend the time flipping a coin 256 times to only create a single address, when the exact same 256 flips could be be used as entropy for a HD wallet to create a seed phrase and therefore create as many addresses as you want? If you follow my instructions in my previous post you can use this coin flipping method to create an entire wallet. Then just keep that wallet permanently airgapped and export the xpub to a watch only wallet on your internet-enabled device.

This method also means you get a seed phrase, which is significantly easier and safer to back up than a bunch of individual private keys, and you can also avoid any issues with change addresses and address reuse.


Title: Re: Paranoid questions about creating addresses
Post by: HCP on July 24, 2020, 12:04:36 AM
Go with o_e_l_e_o's suggestion... using offline computer and live OSes etc...

- Download Electrum and verify the digital signature.
- Create your own 256 bits of entropy using a coin flip (or dice etc) and put it into an offline version of Ian Coleman's mnemonic generator.
- Create the wallet in Electrum and crosscheck the addresses generated with those from Ian Coleman
- Make sure the words generated are NEVER stored digitally or online etc.
- Use Electrum "normally" and it will end up generating new addresses as required (or use the gap limit hack to pregenerate more if required)


As someone mentioned earlier... there comes a point where you need to trust someone... either software devs or hardware manufacturers etc. and it's a fine line between healthy paranoia and craziness :P


Title: Re: Paranoid questions about creating addresses
Post by: PrimeNumber7 on July 24, 2020, 04:14:31 AM
We can trust ThomasV right?

no!
instead you go here (https://github.com/spesmilo/electrum) and make a local copy, look at the code line-by-line and finally compile it yourself on your own computer using your own compiler and use that instead.
that is the cost of being "paranoid".
you can also compute the hash of what you've built and compare it with the hash of the binaries that were released by the developer since the Electrum builds are deterministic to make sure there is no monkey business...
I would not say it is a given that you should not trust someone under any circumstances. Better advice for the OP would be to direct him to use his own judgement and resources to decide if ThomasV should be trusted or not. Being that electrum is very widely used (this would not apply if it were not), the OP can search for reports of there being problems with electum loosing coin.

Most bitcoin users lack the technical expertise to understand electrum's source code if they were to compile it, and this is simply not realistic to expect 'normal' non-business users to do this.


Title: Re: Paranoid questions about creating addresses
Post by: pooya87 on July 24, 2020, 04:45:12 AM
~I would not say it is a given that you should not trust someone under any circumstances. Better advice for the OP would be to direct him to use his own judgement and resources to decide if ThomasV should be trusted or not. Being that electrum is very widely used (this would not apply if it were not), the OP can search for reports of there being problems with electum loosing coin.

Most bitcoin users lack the technical expertise to understand electrum's source code if they were to compile it, and this is simply not realistic to expect 'normal' non-business users to do this.

well that reply is directed at someone who chooses to be paranoid about everything and that should include individuals too. otherwise it is not about trusting Thomas since Electrum binaries are compiled deterministically and can be reproduced with the same hash using the source code.