I just had my phone stolen. It has 0.5 BTC in a mycelium wallet. I have the seed, but no immediate ability to buy a new phone. Is there any way to access my coins on a regular computer?
http://bip32jp.github.io/english/For Derivation Path choose "Trezor k'th account i'th keypair (receive): m/44'/0'/k'/0/i" and then also "Trezor k'th account i'th keypair (change): m/44'/0'/k'/1/i" (the second one will contain your change addresses.) 1. You can download the entire site from https://github.com/bip32JP/bip32JP.github.io/archive/master.zip if you want. (besure to open the index.html file inside the english folder.) 2. discover each address by selecting the Derivation Paths I mentioned above, and change the Keypair Index (i) one at a time, copy the "Address" at the bottom, and check the balance at blockchain.info etc. 3. Gather the Private Key (WIF) from the ones that had balances, and import them into any desktop wallet. 4. VERY IMPORTANT. NEVER USE THAT BACKUP PHRASE AGAIN! The theif might have knowledge of it now, so once you get a new phone, generate a new one. |
|
|
|
|
There is 0 compatibility for Electrum with BIP39. The 13 word phrase is run through a hashing algorithm to generate the main extended private key... however, BIP39 states that mnemonics MUST have words in multiples of 3.
13 is not a multiple of 3, so sx, and any other BIP39 implementation will not be able to support Electrum seeds.
|
|
|
|
|
Back up the whole wallet.dat file.
In multiple places.
|
|
|
|
Please help me! BTChip is working with electrum now and I imported 2 private keys. After that, I tried to sign messages but I am getting errors. Any solution?  BTChip does not support signing messages either. :-/ sorry |
|
|
|
Hello everyone
I'm looking for a tool to generate bitcon address in php or python
Thanks
https://github.com/richardkiss/pycoingenerate a key object and use key.address(compressed) where compressed is boolean telling whether you want the compressed address or not. |
|
|
|
|
1. backup wallet.dat to USB memory just in case.
2. reinstall electrum with the latest Electrum from their site. (don't worry, Electrum does not overwrite old wallet files EVER)
3. choose to restore wallet
4. insert the 12 word "seed" phrase. (or a 32 character long hex code that looks something like "0123456789ABCDEF0123456789ABCDEF")
5. You'll have your bitcoins.
By the way, what version of Electrum is it?
Electrum's default name for wallet files has been "electrum.dat" and then "default_wallet" since 1.8 so a file called "wallet.dat" must be very old...
|
|
|
|
How can I decrypt message?
~~MZ~~
BTChip hardware wallet does not support decrypting messages. So do not tell people to encrypt any messages using your BTChip pubkeys. |
|
|
|
They were never BIP39 compliant to begin with. The first commit with BIP39(ish) implemented generated 13 words instead of 12, and when accepting phrases, it would treat 12 word phrases as legacy Electrum phrases and 13 word phrases as BIP39... so it basically could not work with existing BIP39 phrases. The commit you mention is just because he decided to do away with any semblance of BIP39 generation and changed the way it works completely. Only thing common is the wordlists now. Reason why? idk Doesn't bother me much. |
|
|
|
Does anyone know if Electrum sends the master public key to the server, or does it only send the first n public keys?
Only sends list of addresses it wants to query. Never sends the MPK to server. |
|
|
|
Ok since I see there is a pretty active discussion going here, I also have a question which I want to ask which relates to security.
Is this possible that when an attacker knows all the list of addresses that belong to the same seed, the attacker can actually find a way to decrypt or reverse engineered (assuming based on the predetermined sequence) and find out the 12-word seed. Let's give an example, everytime you spend you generate a change address. If you spend from the same wallet address repeatedly many times, you will end up with quite a number of change addresses which are all originating from the same seeds. Assuming an attacker finds out these addresses belongs to electrum from the same seed, using the combination of addresses will the guy be able to reverse engineer and decode the seed?
No. |
|
|
|
I'm confused by this. I thought that the mnemonic seed represented a hexadecimal value universally. Why would the creation of a new version suddenly make a seed that was created less than a month ago useless? Especially since I have the latest version available. That just doesn't make any sense. Do I have to create a new wallet with a new seed every time they update to keep up? Why isn't there backwards compatibility?
Plain text should be able to convert to hexadecimal directly without any issue regardless of what version of a client is being used because hexadecimal itself isn't being changed. I know that 2.0 is going to use 14 words instead of 12, but that shouldn't change what the hexadecimal values mean. A "space" single means "20" in hexadecimal, right? Why would anyone design it to leave out the ability to restore wallets created before the current version?
More importantly, if I convert the seed values to hexadecimal myself, would that be enough to restore?
In 1.8.6 (the last version Android was updated), the "Show Seed" window would display a QR code that contained the hex version of the seed. Note that this is not just the hex representation of the english letters of the seed, there is a calculation algorithm using the indices of the words on a wordlist and calculates the hex seed. In 1.9.8 the "Show Seed" window displays a QR code that contains the English words of the seed (iow. the seed BEFORE being converted into hex) Because of this, scanning the "Show Seed" window's QR to restore the Android version creates a different wallet from the actual wallet. This can be avoided in the Android client by typing in the 12 word seed manually with your device's keyboard. Does that mean someone can determine the private keys from the list of addresses used? Isn't that a vulnerability? Granted, you need to know the password as well, but that seems like it could be a problem. I know that Electrum creates a new address to send to before sending from when sending Bitcoin, so wouldn't it make more sense to have this one time use address use an address in the future list according to the random value instead of the seed value so that way used address end up being used out of order which would limit it's ability to determine the seed from? And similarly, wouldn't it mean that I shouldn't use the created addresses in sequential order?
What if there was a second type of password that I could use to determine the arrangement of the addresses? The seed creates the address list, the first address decrypts it, and the second password determines the pattern in which the addresses are arranged. That way an attacker trying to determine the seed would not be able to do so without the variable. So if a deterministic wallet address list is determined by (a + b) where "a" is the current "math" and "b" is the variable introduced by the second password it would still be possible to use no second password keeping compatibility with past versions, but the additional variable would change the arrangement. The second password would really be just client specific and only determine the order in which addresses appear, but I would think something like that would help to protect the private keys.
No. It merely means that if someone has your seed (the 12 word phrase given to you on startup) they can generate all your private keys. This is why you must protect your 12 word phrase as if it was your private keys. (because it is ALL your private keys) The password you enter AFTER the phrase is ONLY to encrypt the seed on your computer. That way if anyone hacks into your computer and finds your wallet file, they can't see your 12 word phrase, because it is encrypted with your password (the one you entered AFTER the seed) Your second paragraph makes no sense, (or at least I couldn't understand it) but it doesn't matter, because the premise (that someone can derive your private keys just from your addresses) is false. Now, I don't suppose the new Electrum App will have any merchant features? Or a merchant version? I tried the Coinbase Merchant app, but it had too many errors to really be suitable for business use.
Electrum has a merchant script that you can use on your own server. But you need enough programming knowledge to run your own server and run the electrum merchant script. There's no clean package like Coinbase etc. |
|
|
|
If the android version is no longer maintained what are my options? I tried Wallet32 from the playstore, but it isn't capable of restoring from my Electrum seed. (created in version 1.9.8 ) because it says that it's not in the mnemonic word list. The QR scan does read off the correct seed, but it doesn't accept it. I tried "Bitcoin Wallet" app, but that one is incapable of restoring from any seed, and I don't see anything else. I don't feel comfortable using any wallet that cannot be restored from seed and now I am also concerned that "seeds" don't follow any sort of standard which makes me concerned about the long term usability of my holdings. I use online wallets, but after seeing a few go offline suddenly - some permanent, others temporary - I don't feel safe keeping anything in an online wallet.
Right now, if you want to use an Electrum <2.0 seed (1.9.8 would fall under this) with a mobile client, the old Android client is the only way to go. It works fine, but sometimes is unresponsive. (Balance takes a while to update etc) If you want to input the seed into Android Electrum, please type it in manually. This is the only major thing you need to be careful of. Once you have restored your wallet, tap "Receive" and look at your addresses. It will show all your addresses, and does not hide any of them. (so the 1st one will be the first address you ever made with the wallet, and it will list addresses all the way down, and then list change addresses (even though there is no clear end to receive addresses and begin to change addresses.) Some things I would suggest: 1. Only use Android Electrum to send funds. Receiving funds is a pain because you can't see individual address balances and it shows you all (even used) addresses, so it's hard to tell which to use. 2. After restoring the wallet in Android, check the first couple addressed under "receive" with the first couple addresses (it's probably "Used" and hidden by now on your PC client) and double check that it restored correctly. 3. Set a password that is separate from your Phones PIN. Just so you know, version 2.0 release should be accompanied by a proper Android version (that you will download from the Play store) that won't suck, so if you're patient, it will be worth it. Also, HD wallet seeds (whether they be BIP39 or Electrum's mnemonic phrases) use math to derive private keys, and there are tons of developers with the knowledge to recover. Also, Electrum does not use CENTRALIZED servers, but rather has AN OPEN SOURCE server that ANYONE can run (similar to Bitcoin) and actually uses all the proper checks and balances of the bitcoin network to verify transactions... so fwiw, Electrum is one of the safer bets in terms of wallets to choose. |
|
|
|
yeah, I had these same problems and I'm sorry but I need a more efficient and time effective way to pay for goods. This is the type of bullsh!t that kills BTC value. Can't have gobbledeegook going on with servers where it jeopardizes a double payment.
I've paid three different people within 1 minute using 3 separate transactions on my Electrum client on many occasions, and never had a problem. The only way I could imagine it ever having a problem would be if you tried to send 3 different transactions within milliseconds of each other, and the first transaction didn't have enough time to go to the bitcoin network and come back (it needs to do this to check whether the network will accept your transaction or not) and so the 3 transactions you made are all referencing the same bitcoin (in other words, you inadvertently made 2 double spend attempts, and the network rejected them) Other than that, the only thing I could say would be to post screenshots of the transaction details screen of each transaction... then we can see what's going wrong maybe? |
|
|
|
Just curious if Electrum is subject to the whole resused R value issue that b.info had? Is it ok to re-use Electrum addresses?
Electrum uses python-ecdsa for signing, and python-ecdsa uses RFC 6979 deterministic k signatures. This means that for any given message (transaction) and private key, the r value will always be the same. However, inversely, if the message is different, or the private key is different, it is guaranteed (as long as SHA256 is not broken) to be different. Since the exploit of the r values requires 2 different transactions signed by the same private key with the same r values, it is impossible for 2 different transactions to have the same r value using RFC 6979. (in theory) However, you should not reuse addresses, as it lowers privacy for yourself AND the privacy of those you send money to. (which is not nice, now is it.) |
|
|
|
Hi guys, can I please ask you to check this end transaction for me https://blockchain.info/address/1MyZot2SyP7zb1DVSBoSpkpUxojBgGQyg4This is a test I did with Dark Wallet I put the funds through the three Dark Wallet pockets (spending, business, saving) using the stealth address and the 5-mixer coinjoin option. At the end I transferred out of the Dark Wallet into my Electrum wallet above. However, I can still trace the transactions all the way back to the start via blockchain. How is this making my transactions anonymous, anyone can still follow the trail? Could anyone clarify what I am doing wrong? You haven't actually mixed anything. I am searching back through your transaction history and I see 0 coinjoin transactions. Just a bunch of stealth address transactions. Stealth addresses offer no anonymity if you give someone the transaction ID. It only give anonymity in the sense that you can post a stealth address online and no one can look up its history. |
|
|
|
|
Reading this thread, I imagine that one infographic with a picture of the sun talking about the number of bitcoin addresses could not be generated because of the laws of thermal dynamics or something.
I imagine a special parody of that with some picture of something that involves roughly 256 of something, and an info graphic talking about how fast 256 addresses could be picked.
Then paste a BC.i logo on it or something.
|
|
|
|
Be careful with the Android version when restoring a seed. Do not restore the seed by scanning QR code. ALWAYS type in the words manually. However, you may use the QR scan to restore the Master Public Key QR code. Typing in the words by hand will guarantee the same wallet... this is because the Android version is old and no longer maintained, and the Seed QR code used to be in a different format. As far as the QR codes for installing the script, I'll write them here. 1st QR link http://www.mithril.com.au/android/sl4a_r5x.apk2nd QR link http://python-for-android.googlecode.com/files/PythonForAndroid_r5.apk3rd QR is a python script, this is the contents. (you can copy and paste instead of reading with a QR code reader). e4a_install.py
import urllib, zipfile, os
p="http://download.electrum.org/download/e4a-181zip"
n="e4a-1.8.1"
nz=n+".zip"
urllib.urlretrieve(p,nz)
zipfile.ZipFile(nz).extractall()
os.rename(n,'scripts/'+n)
|
|
|
|
Hey Aaron, you're doing an awesome job with Breadwallet. It's hands down the best iOS wallet currently available, and I always recommend it to all iPhone/iPad owners. I'm one of the organizers of Arnhem Bitcoincity and developer of our payment processor and point-of-sale solution BitKassa, so we're reaching quite some potential users. Apps like Breadwallet really help a lot in making Bitcoin more accessible for the Average Joe, and getting Bitcoin to turn mainstream! Now, I do I have some suggestions I'd like to share: 1. Allow entering amount when receiving BTCWhen receiving or requesting bitcoins, Breadwallet can only show a QR or copy/paste the address. What's missing here, is the option to specify an amount (in either euros or dollars or bit(coin)s). This allows people to show a QR that anyone can scan and pay immediately, without the hassle of mentioning or specifying the amount separately, and the other person having to enter that manually (with risk of typos, currency rate differences, etc) 2. Lower the feeAny chance you can lower the default tx fee to 0.00001 BTC per 1000 bytes? This has actually been the default fee setting in Bitcoin Core already since v0.9. And the very commonly used Android Bitcoin Wallet by Andreas Schildbach has been using this fee setting as well for quite some time, always works fine (just very rarely, a tx might take two or three blocks to confirm, but never leads to any problems whatsoever). The thing is, here in Europe, bank transfers are free. So when comparing Bitcoin to old fashioned banking, the 0.0001 BTC tx fee (approximately 0.03 euros) may actually seem quite expensive in comparison. Especially for microtransactions (e.g. a €1 donation) a 3% fee is relatively expensive. It would make a better case for Bitcoin usage if you apply the new default fee in Breadwallet too. 3. Better estimate for fiat/btc ratesWhat is your live euro↔bitcoin rate based on? In our payment processor, we use a weighted average of all major exchanges (including Bitstamp, converting USD to EUR according to their own buy rate). Still, we often notice that the amount in fiat displayed by Breadwallet appears to be higher than what seems to be a fair average rate - thus giving users the false impression they're paying more (in euros) than they're supposed to. In order not to give users an over-optimistic estimate of their wallet's current EUR value, is there any chance you can use a more balanced average of various eur/btc converion rates? 4. Dealing with crippled WiFiIn order to push transactions, do you actually connect to Bitcoin nodes directly (i.e. you need port 8333 access for most nodes) or can Breadwallet also use a web stub that works through port 80? The problem is, we quite often experience problems with public WiFi networks that have been limited, e.g. only ports for http(s) and email being accessible. Or even worse, open WiFi networks (in stores or public places) that have no password, but require a one-time login page to accept terms before allowing full internet access. When this happens, people's phones appear to have internet access, but any http request will redirect them to a login page. Now when trying to send a Bitcoin payment it won't work, thus giving the false impression that Bitcoin is having problems, rather than their WiFi / internet connection being crippled. It would be great if you can 1. push txs through port 80 as well (through external API sites, there's plenty available) and 2. perhaps check if Breadwallet has a working connection, and if not, warn the user "Your internet connection seems to be restricted, perhaps you need to login to your WiFi network?" This may avoid a lot of unnecessary confusion. I hope this helps in improving BreadWallet. Keep up the good stuff man. Love your work! With the exception of crippled WiFi... all those are on git right now. |
|
|
|
Go here http://www.tutorialspoint.com/execute_python3_online.phpCopy this into the middle window that has the code for hello world, delete all code and paste this code replace the xxxxxxxxxxxx with your compressed pubkey. Then click execute and the uncompressed pubkey will show up in the console. ###############
compressed_key = 'xxxxxxxxxxxx'
###############
def pow_mod(x, y, z):
"Calculate (x ** y) % z efficiently."
number = 1
while y:
if y & 1:
number = number * x % z
y >>= 1
x = x * x % z
return number
p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
y_parity = int(compressed_key[:2]) - 2
x = int(compressed_key[2:], 16)
a = (pow_mod(x, 3, p) + 7) % p
y = pow_mod(a, (p+1)//4, p)
if y % 2 != y_parity:
y = -y % p
uncompressed_key = '04{:x}{:x}'.format(x, y)
print()
print()
print(uncompressed_key)
print()
print() |
|
|
|
|
Won't work.
Reasons explained above by other people.
|
|
|
|
|
Show Posts
