2. Verify if it's imported: gpg --fingerprint 0x2BD5824B7F9470E6 How should I verify that it is correct ThomasV's pubkey? There should be Key fingerprint = 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6? Yep. Can this signature be forged?
No you need the private key behind that public key to generate a valid sig. As far as we know only thomas has that and he hasn't been hacked. So if you trust him not to include malware and not to get hacked you can use this software. Alternatively go through the code line by line so that you don't have to trust anyone! Can it be possible that fake public key have the same fingerprint = 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6?
Nope. Always compare the long fingerprint as above and not the shortened one (0x7F9470E6) because it may be possible to create another key pair with the same short fingerprint. |
|
|
|
Thanks for the replies so far. I really enjoy Electrum, and try to understand this part better to use it safer.
A couple of more questions, if someone can asnwer as well (and sorry if has been asked before):
- Suppose I generate a wallet by using the seed + custom words. Is there a possibility that another wallet identical to this one can be created by only using the normal seed? That means, a hacker who tries (theorically) to test out all seeds would never find out this wallet (generated with custom words)? Or there's a Wallet(Seed_1 + CustomWords_1) == Wallet(Seed_2)
It's not possible to test all possible seeds. The numbers involved are too large. However, hash functions are involved so if by some miracle you are able to test all seeds it's possible that there could be a collision like that. - I see in Github that Electrum have wordlists for other languages. Is there a way to generate a seed in Electrum by using these words, a command line option? I can only create the default English one.
You can do this over the command line with the make_seed option. The command line is only available to linux and macosx users. Here's how you would do it: The above will generate a spanish language seed. Do `electrum help make_seed` for more information. Also mnemonic.py lists the language codes you can use. If you don't have access to the command line you could try changing the language in your operating system's settings before running electrum. Electrum must be picking up the default language based on the regional settings set there. - There are other Electrum apps for LTC, BCash, Dash. As said above, I could use my main seed in these apps as well, just being sure to create new Custom words for each wallet/apps. Is it safe to do so, considering I take the normal safety measures (not exposing the seed online, etc)? That way is a very convenient way to have many wallets for these coins, without creating new seeds everytime.
Grateful for all replies and time answering those questions.
The more places you use your seed the greater the chance of being robbed. The teams behind altcoin clients are less reputable than the bitcoin client team so I wouldn't recommend it. |
|
|
|
|
Hardware wallets connected to an online PC do not count as being offline. They do provide some protection against malware though since they can only run software signed by the vendor and by design they are not supposed to reveal the seed or private keys to the PC.
|
|
|
|
Just so we are clear the coins you sent from coinbase are not in your 2fa wallet. The watch only wallet corresponds to a single sig wallet and not a multisig 2fa wallet. You need to follow that guide in the first link i posted above in order to get access to your coins. You can then send them to a new standard wallet if you like.
If I connect my 2fa wallet online, then I should receive the coins, since it corresponds to the address I sent it to. And I don't need to restore the 2fa wallet the way the link describes it. Correct ? Thanks No you sent to a single sig address not a 2fa address. The address you sent to begins with 1 right? The addresses in your 2fa wallet are p2sh ones that begin with 3. You need to follow the instructions in that guide. You can do 1-3 offline. From 4 onwards it would be easier to create the wallet with the xprv on your online device and then transfer the coins using that to a new wallet. If you don't want to do 4 onwards online you can do it all on the offline device. However, to spend the coins on the online watch-only wallet create an unsigned transaction on the send tab, click preview and then click export to save it to a removable drive, carry that to the offline system, open the single sig wallet (the one created with the xprv from the 2fa wallet), load it via tools > load transaction > from file, click sign to sign it, export the signed transaction to a file on the removable drive, carry the signed transaction to the online device, load the signed transaction via tools > load transaction > from file and click broadcast. |
|
|
|
What is the interest of using a watch_only version of a 2fa wallet, since the original wallet needs to be online anyway, due to the 2fa ?
Some people like to be able to view their wallet from multiple devices. A watch only version of your wallet lets you do that without risking any of the co-signer xprivs. Wouldn't it be easier if I create a new "standard" offline wallet, then send directly my coins to this new_offline_wallet using my current 2fa offline_wallet (that I would put online to send the coins and then delete right after the transaction) ?
If you prefer that then go for it. Just so we are clear the coins you sent from coinbase are not in your 2fa wallet. The watch only wallet corresponds to a single sig wallet and not a multisig 2fa wallet. You need to follow that guide in the first link i posted above in order to get access to your coins. You can then send them to a new standard wallet if you like. |
|
|
|
Thank you all for your help. I checked the Master Public Keys of my offline_wallet - there are 3 keys - and I made sure that the one I used for my watch_only is the cosigner 1. I deleted the watch_only wallet and re-created it with this cosigner 1 key... same issue, different addresses (the watch_only all start with 1, the offline all start with 3). There is an error window every time I open my offline wallet (seems to be a connection error - expected since I'm offline, could that be ?). Also, I have setup my offline_wallet with a "2fa" as wallet type (and "p2sh" as script type). And I have setup my wacth_only wallet as "standard" with p2pkh" script type. Could that be the issue that the type of wallet differs (one being a 2fa and the other a standard) ?When I try to re-create a watch_only wallet with 2fa, it asks for my seed. Since this watch_only is online, I am not sure I want to do this. If I ask to generate a new seed, then it's a complete new wallet  Only a handful of people have fucked things up this badly. Here's how you get access to your coins. In step 3 I mean the xpub you used to create the watch-only wallet. In future if you want to create a watch-only version of a 2fa wallet follow this guide. |
|
|
|
|
You don't have to use the seed extension feature. It's secure enough without it.
The primary aim of the seed extension feature is to allow you to create multiple wallets with the same seed. So for example the first wallet would have a seed extension '1', the second would have the extension '2' and so on. All these wallets can easily be backed with just the one copy of the seed.
As for the security aspect you could use the seed extension to add a second factor to your written backups of the seed words but not everyone has a need for that.
|
|
|
|
Electrum will hand out a different address for every transaction because that's better from a privacy and security stand point. That doesn't mean that your older addresses stop "working" or that funds sent to them are not received. Electrum keeps track of all your addresses past, present and future  So what you should do is go to view menu > show addresses, press ctrl+f and start typing in the first few characters of that address you used on coinbase. It should show up on the addresses tab. |
|
|
|
|
Maybe your watch only wallet was hacked. Simply replacing the wallet with a watch-only version of a wallet the attacker controlled would have done the trick. Perhaps it was malware or perhaps someone with physical access to the device did it.
That version of android is very old and is vulnerable to malware. Simply connecting to a public wifi network might be enough to infect that device.
|
|
|
|
|
On the history tab right click on the local transaction where it says local and choose remove. Then go to tools > preferences > fiat tab and set the base unit to btc. Now attempt to craft a new transaction via the send tab. This time understand that you are using bitcoin as your unit and not mbtc. Your transaction was previously rejected because you were confusing bitcoin with mbtc. 1 mbtc = 1/1000th of a bitcoin.
|
|
|
|
The seed is something you have in this case since you are not memorizing it but writing it down and relying on that written copy alone.
The fact that YOU are relying on a copy, doesn't change the fact. A seed is pure information. Something you know. Not something you have. No one can take the seed away from you. Once you have (know) the seed, it is yours. Therefore it is something you know, not something you have. Do you know how google authenticator codes work? You and the website you are trying to authenticate yourself with both posses a secret called the shared secret. Everytime you want to log in you combine the secret with the current timestamp and run it through a hash function. The output of that hash function is then reduced to a few digits and that is the OTP code you enter to authenticate yourself. Despite you knowing this shared secret it's called "2fa". So what I'm talking about is similar to that. Yes it's possible that if a committed attacker discovers your seed they can attempt to bruteforce your seed extension. However this applies to any encryption you apply on the seed too.
Of course it does. Noone said encryption is a 2FA (this wouldn't make any sense at all). I thought that was what we were discussing here. cipher text + password sounds like 2fa to me. something you have and something you know. If you want something more secure you need to create a multisig wallet and store the seed backups in different locations so that the compromise of one backup does not compromise your whole wallet.
Not necessarily. A non-multisig wallet, whose seed is split via shamir's secret sharing is also a safe solution. Electrum doesn't support that out of the box. The two solutions I talked about are ones electrum supports out of the box. Extending the seed or multisig. There is another one the revealer plugin but you have to trust your printer not to keep a copy of the output or buy some sheets from the revealer company. |
|
|
|
The easiest way to add 2fa protection to your seed in electrum is to use the seed extension feature. [...] Your backup will then consist of the seed words that your right down and the seed extension that you memorize.
The seed extension feature does NOT replace 2FA protection. Data secured with 2FA needs 2 things to be accessed: Something you know (seed, password, secret information, ...) and something you have (token, mobile phone, ...). The seed is something you have in this case since you are not memorizing it but writing it down and relying on that written copy alone. The extension is something you know. If someone were to discover the seed you've written down they would not be able to restore your wallet since they lack the second factor which is the seed extension. Yes it's possible that if a committed attacker discovers your seed they can attempt to bruteforce your seed extension. However this applies to any encryption you apply on the seed too. Once again the weak point is the human generated password/seed extension. So non of these methods will stop a committed attacker only casual snoopers. If you want something more secure you need to create a multisig wallet and store the seed backups in different locations so that the compromise of one backup does not compromise your whole wallet. |
|
|
|
|
do you see the address ending with meccy on the addresses tab?
what color circle icon do you see in the bottom right of the electron cash window?
|
|
|
|
|
The 2009 in the debug log is the timestamp of the block bitcoin core has downloaded from the p2p network. That's what it does when you run it. It downloads the entire transaction history of the bitcoin network from inception. It has nothing to do with the age of the wallet or whether your friend was a miner or not.
|
|
|
|
|
blk files are created by core
9 is not a base32 character either so it does not look like a GA shared secret.
|
|
|
|
@ben19850 see post #14 above and this guide as well. When you are asked to select the derivation path try m/44'/0'/0' first. If you're entire balance does not appear you will have to repeat the restoration in additional wallet files for each HD account. To do that see first step of the guide I linked to above to learn how to create additional wallet files. When asked for a derivation path change that last number to restore a different HD account. For example m/44'/0'/1' = second HD account, m/44'/0'/2' = third HD acccount etc. Note the single quotes in the derivation path are required and are not optional. |
|
|
|
The wallet that generates that xpub you posted above: xpub661MyMwAqRbcGQ6ZfyKW1nUpTt3g7Yem6brVwAmpMXUkvBnEEKCyJ1vHWiChSN8DMo7rfiyesYX g4tC43BvxNJkz5jwRKeNysVn3HFJCdxZ
This wallet ^ has your bitcoin cash. The easiest way to get them is to restore from seed using electron cash. So how about we concentrate on that? You said in post 20 that restoring from seed in electron cash fails. What happens exactly?
I was trying to restore from seed on my android and not a PC....once I came to a PC it worked. So, I was able to restore from seed and now I have the address in my Electron Cash wallet that possibly has the cash on it. WHAT IS THE NEXT STEP? There is no next step. Electron Cash is a bitcoin cash wallet so you can use it to send and receive bitcoin cash with the send and receive tabs respectively |
|
|
|
It's not a GA code because those are represented in base32 and according to the RFC the base32 alphabet does not include the character 8.
OP made up an example to show what it looks like. It could very well be his original code is 15 characters base32, but he didn't know that when he typed "JPGZE4MATACPN8L" as an example. lol yeah that's possible. OP can you compare the characters with the character set here: https://tools.ietf.org/html/rfc3548#section-5 |
|
|
|
Did they not change the algorithm also or should it be the same (if op tries it and shiny to shine doesn't work)? Electrum maintains backwards compatibility with all old seed mnemonics generated by the app. So pre 2.0 mnemonics should work in the latest version. When entering the mnemonic the software will display either old seed or standard next to the options button on the seed entry screen. One advantage of the post 2.0 mnemonics is that they have a checksum in them which is how Electrum is able to identify them. Finally I'd like to point out that electrum never ever generates bip39 seeds so what third space is saying cannot be true. Current versions of Electrum do use the bip39 dictionary though but a different method of converting the mnemonic to the wallet's private keys.
Yes this is true, they went from mpk's (i think) to the seeds that are now used in v 2.0. MPK stands for master public key which is what electrum calls the root extended public key. Even pre 2.0 there were seeds and seed mnemonics. It's just that Electrum had it's own deterministic format back in the day and then switched to bip32 when that standard was published. The seed mnemonic format was also changed. They incorporated checksums for instance. |
|
|
|
|
Show Posts
