Usually in the wallet.dat file, the pubkey(a bitcoin address) and the private key are in pairs.
Address != Public key. The address is the hash of a public key. They are not the same. Yes, you are correct, this wallet.dat is encrypted, the Bitcoin core client can not decrypt it, verify that the private key matches the public key, thank you for your answer.
The client can decrypt it (given the user knows the correct password), but it won't be able to decrypt the private keys (because they are not encrypted, it is just garbage data). |
|
|
|
And yeah you of course would have to be doing this on a highly secure computer in the first place.
Yes, but if your computer needs to be 100% clean, there is no reason to store the keys on an USB. Might as well store them on the computer (using a desktop wallet). You don't benefit storing them on the USB and using them like this, in any way. Either use a 2-computer-setup with a dedicated computer which is offline only (very very secure) or use a hardware wallet (also secure, but not as the 2-computer-setup, but much much more practical). Those are the best two options for a cold wallet |
|
|
|
I don't think using VPN can make you safe in browsing using hotspot of public wifi since you are connected to it and you are being surveillance by the owner of that wifi you are connected to.
It does. You encrypt your WHOLE traffic and tunnel it to the VPN server. If you are connecting to your own VPN server at home.. you are browsing as you would from your home network. If you are connected to a VPN provider, you have to trust them as you would trust your ISP when at home. But you say if i use my win 10 laptop outside using public wifi, get a paid vpn and use it... but that will protect me when doing transactions related to crypto? The reason i never use it outside is b/c i do not want to connect it to public wifi so i rarely have it outside. If i do, i tether from phone but of course uses lot of data.
No, the VPN itself doesn't protect you from anything if you are in a trusted network (e.g. your home network). You only need a VPN if you connect from an insecure Wifi or you need to access some resource from an internal network (e.g. companies internal resources). I suggest looking at this thread. |
|
|
|
I am trying to recover my keybase account. I will send you my ip soon
Theoretically, you don't need to. You just need to encrypt your IP with mocacinno's public key. You don't need your own private key etc. for that. There are quite a few tools available online (or you can do it using the command line (tool: pgp)). |
|
|
|
@bob123, could you please elaborate? Why is a horrible idea privacy-wise, to rout all my traffic through my VPN? I don't need it for geo-routing, and my wired and wifi connections are secure.
Sure. You are basically moving the trust from your ISP provider to the VPN provider. I don't know in which country you live.. but i would rather trust my ISP than a random VPN provider. The VPN provider can (theortically just as the ISP provider without a VPN) read and modify any non-encrypted (http) traffic. Even if you visit sites via https, some content might still be delivered without TLS. This includes pictures / graphics for example (which can theoretically be modified to deliver malware). The question is.. who do you trust more. Your ISP or your VPN provider ? Additionally, if you install a software directly from the VPN provider, the possibility exists that it installs their certificate as a trusted system certificate. This would give the VPN provider the option to 'break' the encryption of your TLS secured traffic, leaving them to be able to read and modify ALL of your traffic. I can recommend you this 2-minute-read: https://gist.github.com/joepie91/5a9909939e6ce7d09e29The question is.. WHY do you want to use a VPN? Most probably there is a better way of accomplishing your goal. If you want to go more into detail here, i will gladly be assisting you here with theoretical concepts on how to achieve that goal. |
|
|
|
do you have any proof of scam attempt?
No, but newbies are never to be trusted. Especially not if everything they write doesn't make sense. Double VPN = Traffic routed through 2 sever. Double Encryption = Encrypting something twice (senseless). When being routed through the TOR network, your bandwidth decreases drastically. That's a decision between the standard VPN server ('blazing speed') or TOR network (which is extremely slow compared to 'blazing speed'). How can you expect to be taken seriously, when you can't list the features correctly ? You can not separate the features to make clear what is possible to have 'at the same time' and neither can you distinguish simple terms (routing through two server <-> double encryption). Please tell me.. why should someone trust you, as a newbie ? How can we be sure you are not selling accounts which you have obtained in an illegal way ? |
|
|
|
So you wouldn’t trust a random wi-fi, but you would trust just any old malicious VPN you happened to find on ‘underground forums’. That’s bad advice.
This. VPN provider can read and modify and save all traffic. The best way to stay safe when being connected to an open wifi is to connect to your own vpn server at home. Simply get a raspberry pi if you don't want to have your PC running when your not at home, and install OpenVPN. You will be able to route the whole traffic through your home-network. When only rarely being in an open wifi, this seems to be overkill. But if you regularly use open wifi's it might be worth to get a raspberry pi to host a vpn server. |
|
|
|
Double data encryption for increased anonymity
 1. Encryption does nothing regarding anonymity. Encryption ensures confidentiality and integrity. Not anonymity. 2. Double encryption? Really?  Onion Routing Tor via VPN Server
Unlimited speed
Please explain how these two can go together..
Be careful, this seems to be a (very ill-conceived) scam attempt.
The things mentioned by OP do not make sense from a technical point of view. |
|
|
|
I have a question; will it work if send you my dedicated IP that's provided by my VPN service provider?
If you connect to the electrum server via your VPN, yes. This means.. if you route all of your traffic through your VPN, yes it works. A little bit off-topic.. but.. Do you have a good reason to use a VPN? Like circumventing geo-blocking / ISP blocking or connecting from an insecure Wifi ? Because privacy-wise it is horrible to route all traffic through a VPN. |
|
|
|
ThomasV is only develop Electrum for bitcoin, but there are some others wallet based on Electrum which have existed for years and have been shown as trusted. I have personally used ElectronCash for BCH, ElectrumLTC for Litecoin and ElectronDash for DASH. How much can I see on their official sites, developers of this wallets are active and new releases follow current events.
My opinion is that your advice has no legitimate basis, maybe you not trust in something for your own personal reasons, but that is not the reason why others should avoid something.
Not the wallets have to be trusted, but the developers. As for my self, i do not trust a random developer (Calin Culianu ??) who decided to voluntarily develop a free wallet for a currency which is doomed to fail and which was obviously just an attempt of a few people to get rich quick. I never said people should avoid it.. there is a difference between not trusting and avoiding. I am just saying that there isn't a single reason why he should be trusted. Also.. the instructions to verify the files which are on github also urge to think that he is not the brightest person alive.. Instead of simply signing the files OR creating 1 signed text file with the hashes inside.. he created 1 signed text file per downloadable file containing 1 hash each |
|
|
|
- My server keeps logs... I have no intention to start digging, but if i really wanted to, i could... And since i have your public ip, forum name, timestamps, potentially electr logs (see next point) i *could* do some heavy digging...
- I didn't edit the elecrs software, but there is no way for me to prove this... So you should progress under the assumption that i *could* be running a modified node
- By only connecting to one single node, i could distort the way you look at the network... I could easily block your access to the mempool for an unconfirmed transaction making it look like you didn't get payed. I could also delay your view on new blocks, or (in extreme cases) i could deliberately go with a forked chain so it looks like you got payed but in reality you didn't... I'm not planning on any of these things, but you should operate under
the assumption you need to verify important transactions using a thirth party block explorer
So... you could do all the things which all current electrum server already can do too. I am so shocked  No, honestly.. thumbs up for this service. I really like your disclaimer. Most people probably don't know whats possible when controlling an electrum server. P.s. You missed one point in your disclaimer: - If you are using an old version, i could show you a message to download my own malware to infect your computer and home network before allowing to transact BTCs anymore
|
|
|
|
[...] Enjoy your secure economic cold wallet.
That's not a cold wallet. A cold wallet is defined by a wallet[1] (obviously) which does never touch the internet. An encrypted USB stick is a place to store your keys at most. If you insert your stick into your online pc and decrypt it with veracrypt, your keys can be stolen by malware on your computer. [1] A wallet is defined as soft- and or hardware which manages your private keys and is able to create / sign transactions.
[...] that way you are basically creating a hardware wallet capable of signing transactions offline (that is if you disabled network on that Linux OS).
A hardware wallet needs some sort of a secure element. An encrypted linux partition with your private keys stored there is not a hardware wallet. Once plugged in and decrypted, the private keys can be retrieved (which is not possible with a hardware wallet). This is a sweat idea and relatively secure as long as you can trust the hardware/computer you are plugging your stick into, but not as safe/secure as a hardware wallet. |
|
|
|
In that case, there is no way for him to know if that’s what is happening and if ThomasV is uploading malware. I prefer to keep things simple to not complicate more in his mind (jerry sounds quite perfectionist ans that’s highly unlike to happen).
The probability is extremely small (at least if ThomasV knows how to secure his PGP key; which i think he does), but he deserves to get as much information as he wants to  I am currently communicating with jerr0 via PM regarding hardware security of a laptop (encryption, bios, etc..). He seems to be very inquisitiv for knowledge. Let him get as much knowledge as possible Even if a lot is quite theoretical and probably won't happen in the field, it is good to know whats theoretically possible (IMO). |
|
|
|
|
Bitcoin and bcash are two completely different currencies.
Electrum is a pure bitcoin wallet. There are non-official forks for other currencies (but these are not developed by ThomasV and should NOT be trusted).
If someone sends bcash to your bitcoin address, you will be able to recover them using a different (bcash-)wallet.. but you won't be able to view / send them with your electrum wallet.
|
|
|
|
i'm experiencing this issue. all of my incoming connections are 192.168.1.1:[random port]. is there a way to configure my firewall such that I get the real IP? at the moment i've got whitelist=192.168.1.1 to stop getting 192.168.1.1 onto the banlist.
Configure your PREROUTING chain accordingly. Depending on the interface of your firewall / router this can be either trivial or somewhat non-intuitive. Did you try out some forwarding options yet ? |
|
|
|
HCP, has there been cases where someone downloaded electrum from the actual electrum website and gotten a fake electrum installed? You say the other half protection is verifying the signature of the downloaded file.
No. But there are times where you think you are on the Electrum website, but you are actually at electrun.org or electrum.to or something like this. By verifying the signatures, you can always be 100% that the file is legit and that you downloaded it from the right place. Make this an obligatory step and you will never be phished for lacking attention. Not 100% correct. You can think you are on the official electrum site (electrum.org shown in the browser, secured through TLS), while in fact you are on an attackers copy of the site. There are multiple ways to accomplish this as an attacker (e.g. DNS spoofing / cache poisining, MITM, etc..). But is there a chance verifying the signature of the downloaded file could give you malware/keylogger/virus? No. Well.. yes.. in exactly 2 cases this would be possible: 1) TomasV publishes a malicious version of electrum (would be very dumb of him - legal consequences) 2) Someone gains access to ThomasV's signing key and uploads a malicious version signed with this key. |
|
|
|
Wow. Not sure if this is a troll post or for real  To anyone reading this and wondering: The bitfi wallet is probably the least secure wallet in history of BTC. Even android / iOS mobile wallets are more secure than this crap.Better invest your money into a real hardware wallet or buy more BTC and store them on your mobile. But never use a brainwallet (like bitfi is). It has been repeatedly proven that this wallet is unsecure and not worth a single penny. Don't listen to empty promises, do your own research. |
|
|
|
If it returns true and you can see the funds in a blockexplorer, then you still have them. OK, I checked the blockexplorer the transaction is showing. But wallet still wont connect, is there any other way I can use them other than with my Electron Wallet? Did you open the console inside of electrum and entered the command ? Did it return true ? Also.. are you takling about electr um or electr on ? Those are two completely different wallets.. I downloaded it from their own site, it's the latset version: 3.3.4. I have dissabled all the anti virus and malware software I have, including windows defender and also dissabled ransomware and folder protection.
Ok, please make sure to re enable everything again. And verify the signature of the file you have downloaded. That's the only way to make sure you have downloaded the correct wallet and not some malware. Almost all the servers are giving me a red light except for a few which just stay stuck synchronizing.
How long are these few staying at synchronizing ? |
|
|
|
|
Electrum server are under a DoS attack currently.
If you have downloaded it from https://electrum.org, you should have the original electrum which means your BTC are safe.
But you should always verify the signature before installing software.
From which country are you? People from russia have reported connection issues multiple times already.
If you are located in russia, this might be your ISP blocking the traffic.
So, please verify the signature of your downloaded file and make sure that you have version 3.3.4 installed (the lastest).
Maybe someone can share a working electrum server, which you could try connect to. Try the server working for OmegaStarScream.
|
|
|
|
When setting up my standard wallet with Electrum, I am given a seed, which I record, then I am asked for a password to encrypt it. When I go back into the new wallet after logging out, I am asked for my password and can then view my seed. Yet we are advised not to store the seed on computer.Is that safe?
That's the only way a pure desktop wallet can work. Regarding the security.. i have mentioned a few attack scenarios and how to protect against them 3 posts above yours. The wallet's security is entirely dependent on the password and encryption. If I then store that wallet offline, would it still be vulnerable when connecting to transact? Is there any good way around this? Please spell it out, I'm a noob.
Depends on what you mean with "store wallet offline". You can create a 2-wallet-setup, with 1 wallet on an online-connected machine (watch-only wallet) which does NOT have the seed stored, but the master public key and 1 wallet on an offline machine (wich the seed / private keys). You would then create the transaction using your watch-only wallet (on the online PC), then move it to your offline computer to sign it there. Afterwards move it back to your online computer to broadcast it into the network. If your PC with the seed stored goes online, you are vulnerable. Doesn't matter if online 24/7 or 1 second per week.
[...] but by your explanation almost every user of Electrum should be hacked even if he / she is using all available security measures. [...]
Relying on an electrum password + AV with Firewall is BY FAR not 'all available security measures'... That can not be true at all, otherwise hackers would easily emptied the majority of Electrum wallets.
Sure.. one could obfuscate his malware and try to get a victim visit a shady website to steal 0.02381 BTC. Or.. he targets 1) People who have a lot of BTC and 2) Companies to compromise their whole system (e.g. with a ransomware). Not a hard decision being profit-orientated. |
|
|
|
|
Show Posts
