 Show Posts
|
|
Pages: [1]
|
1 last thing i want to add, if I use a site like https://webqr.com/ is it safe for me to just get the text file from the signed QR code then load from text in my watch-only address on electrum and broadcast? |
|
|
|
|
Hi everyone, I am trying to use a webcam to sign a transaction using QR codes and I ran into an issue. After reading the first QR code with webcam and signing the transaction on my cold storage device (bootable usb with tails), I displayed the new QR code up so I could load it on to watch-only address and broadcast it.
My watch-only address is currently being ran on Electrum 3.0.6 with Windows 10 and it appears the zbar reader is not installed for me. When I go and try to load from QR code it says "Cannot start QR scanner; zbar not available".
Is there a way I can use zbar on windows 10 or do I need to get another bootable USB with an OS that supports it?
|
|
|
|
Hi everyone, electrum newbie here wondering about how safe it is to sign transactions. My actual cold storage wallet was created on bootable USB with tails absolutely no internet. In the scenario where I would need to send coins I go on separate online computer on watch-only address, put the unsigned transaction on my USB and put it on the computer running Tails to sign it offline.
The concern I have is what if I had some kind of malware on the online computer, could it potentially attach to the unsigned transaction file and try to steal my private key when I put the USB in my cold storage device to sign the transaction offline? The malware could potentially take my key/seed and put it on the signed transaction file then, then when I go to broadcast the payment on the online computer I could be compromised.
I make sure to enter my seed in Electrum on the offline computer before I put the USB with the unsigned transaction file in it, but even then I'm not sure if there is malware capable of grabbing my private key even after I entered the key/seed and am in the wallet. From what I have seen of people having Electrum wallet hacked it usually happens when they download from a false source, I would assume the phony electrum just keylogs the persons seed and then sends it off to the attacker but is there other attacks I have to worry about other than a keylog? Hopefully this question makes sense, i probably sound super paranoid but I don't want to take any chances.
This scenario is very unlikely, since most malware writers are focusing on popular platforms and not some rare cases. But you can also reduce the risk of such malware by following this protocol: 1. Boot your Tails, insert USB with unsigned transaction, open tx file, copy it to cliboard. 2. Format your USB and unplug it. 3. Now plug another USB that has encrypted wallet files on it, launch Electrum, paste raw transaction from clipboard and sign it. 4. Scan QR code of signed transaction with your phone and broadcast it with official android Electrum wallet. Good idea but i think im just gonna manually type the tx file on the offline computer to avoid having to put a 2nd USB in.... also I dont have android so is there an official apple electrum wallet or do i have to use an emulator? |
|
|
|
|
Hi everyone, electrum newbie here wondering about how safe it is to sign transactions. My actual cold storage wallet was created on bootable USB with tails absolutely no internet. In the scenario where I would need to send coins I go on separate online computer on watch-only address, put the unsigned transaction on my USB and put it on the computer running Tails to sign it offline.
The concern I have is what if I had some kind of malware on the online computer, could it potentially attach to the unsigned transaction file and try to steal my private key when I put the USB in my cold storage device to sign the transaction offline? The malware could potentially take my key/seed and put it on the signed transaction file then, then when I go to broadcast the payment on the online computer I could be compromised.
I make sure to enter my seed in Electrum on the offline computer before I put the USB with the unsigned transaction file in it, but even then I'm not sure if there is malware capable of grabbing my private key even after I entered the key/seed and am in the wallet. From what I have seen of people having Electrum wallet hacked it usually happens when they download from a false source, I would assume the phony electrum just keylogs the persons seed and then sends it off to the attacker but is there other attacks I have to worry about other than a keylog? Hopefully this question makes sense, i probably sound super paranoid but I don't want to take any chances.
|
|
|
|
Thanks for the explanation everyone. I plan on using this wallet as a complete cold storage and really I will never be connecting to the web while on the wallet so I don't think I have to worry about this web vulnerability. The watch-only address will be on a internet connected computer but that internet connected one has the most recent version of electrum so I should be ok.... I will keep the 12 word seed and guess the extended one will be my 2FA
I don't think you fully understand what a "complete cold storage" is... it shouldn't be that you won't be connecting to the web when using the wallet... it should be "you won't be connecting to the web EVER". Otherwise, that isn't cold storage. That is basically what I was implying, I used bootable USB with Tails to set this wallet up on a computer that had absolutely no internet at the time of creation so this would be considered cold storage right? This USB isn't going to ever touch a computer with internet again until I actually have to sign and send any transaction with this wallet and in that case i'm just gonna send all my coins out and make a complete new wallet so i can keep things cold |
|
|
|
I downloaded tails in the last week off the official site so it should be the most updated version, why do you say this version of electrum is not safe?
He was speaking of this Electrum vulnerability that was found and corrected: https://bitcointalk.org/index.php?topic=2721388.0I would also like to use longer seeds, but currently it seems wiser to use the standard seed lenght I cant understand why they insist in keeping the security in 128bits and not one bit more. After all your seed is used for generating many addresses. It would be better to make it more secure than one single address. Having said that. 128 bits should be more than enough for now. Thanks for the explanation everyone. I plan on using this wallet as a complete cold storage and really I will never be connecting to the web while on the wallet so I don't think I have to worry about this web vulnerability. The watch-only address will be on a internet connected computer but that internet connected one has the most recent version of electrum so I should be ok.... I will keep the 12 word seed and guess the extended one will be my 2FA |
|
|
|
First of all, stop using that version of Electrum. Search around for a Tails upgrade or just upgrade your Electrum. That version is not safe at all, please shut it down.
The extended seed option basically just increases the difficulty of anyone bruteforcing your seed. It doesn't really matter that much since the default number of mnemoric words is more than safe. Assuming that the length of the seed is 13 words, the possible number of combination is 2048^13. That is an incredibly large number and its unlikely that anyone would get to your seed in several of your lifetimes. If you'd like, the longer number of words would definitely be better with regards to this matter but I would prefer to store as little seeds as possible.
At any rate, Electrum doesn't follow any standards in their generation of seeds. Hence, any seed you generate using Electrum is incompatible with everyone else.
I downloaded tails in the last week off the official site so it should be the most updated version, why do you say this version of electrum is not safe? |
|
|
|
|
Hi everyone, I am using Electrum to set up a long term cold storage wallet and I was wondering if you people think it is worth using the extended seed option. I figure this gives me more security so it is worth it, I'm just not sure if I could restore the seed in a different wallet if for some reason Electrum ever became nonfunctional. The other wallets I have seen such as blockchain.info have 12 word seeds and no option to extend, and even if I found a new wallet where I could extend seed I am using random words not in the dictionary so would it even work?
Bitcoin Client Software and Version Number: 2.7 something, the one tails uses
Operating System: tails
System Hardware Specs: electrum
Description of Problem:
Any Related Addresses:
Any Related Transaction IDs:
Screenshot of the problem:
Log Files from the Bitcoin Client:
|
|
|
|
|
