522
|
Bitcoin / Electrum / Re: Random Number Seed
|
on: August 14, 2013, 08:54:47 AM
|
hang on though if 10000's of people us electrum are they not calling this repeatably or is my maths way off....though if they are all using the same call in python, then some one will luck out?
no, unless they use the same device
|
|
|
523
|
Bitcoin / Electrum / Re: How vulnerable is electrum to the seed issue that android has
|
on: August 13, 2013, 08:44:42 AM
|
I restored a wallet using a bit address single wallet private key qr code. All this was done over a android running a cm10 based mod. Does the issue just apply to the seed or are the actual address's that are created off of it in question? Am I at risk specifically what are the implications of my bitaddress seed?? That issue had nothing to do with the seed, or the way private keys are generated. it had to do with the way transaction are signed. Note that if you generated keys with Electrum, and then imported those keys in one of the Android wallets concerned with this issue, then you are at risk.
|
|
|
525
|
Bitcoin / Bitcoin Discussion / Re: [ANNOUNCE] Android key rotation
|
on: August 12, 2013, 07:55:26 PM
|
From what we can gather, this issue seems to be a Java PRNG implementation issue. Electrum should be safe from this, because it does not use Java; it uses /dev/urandom directly. However, there might be other bugs in the Android platform, which is under overall scrutiny following this issue.
|
|
|
526
|
Bitcoin / Electrum / Re: How vulnerable is electrum to the seed issue that android has
|
on: August 12, 2013, 07:14:27 PM
|
At this point I do not know if the android version of Electrum is concerned, but that's quite possible. I am investigating this problem right now.
update: From what we can gather, this issue seems to be a Java PRNG implementation issue. Electrum should be safe from this, because it does not use Java; it uses /dev/urandom directly. However, there might be other bugs in the Android platform, which is under overall scrutiny following this issue.
|
|
|
527
|
Bitcoin / Electrum / Re: Electrum 1.8.1 Stuck on Block 251526
|
on: August 12, 2013, 04:36:42 PM
|
Servers electrum.be and electrum.no-ip.org are fixed and up to date. Thanks to DigitalHermit for the fix, which is pushed to electrum-server on github ( https://github.com/spesmilo/electrum-server/). We're urging all server operators to apply the fix. If you want to make sure your server database has a correct block 251526 indexed please re-index from a backup (i.e. from the foundry linked above). We're still researching how unpatched servers handled 251526... thank you guys for the quick fix!
|
|
|
529
|
Bitcoin / Electrum / Re: [ANNOUNCE] Electrum - Lightweight Bitcoin Client
|
on: August 07, 2013, 09:14:04 AM
|
Electrum version 1.8.1 is released.
Changes: - notifications of payments - the client does no longer enforce a minimum transaction fee, except the fees required by the bitcoin network - various minor bug fixes
The upcoming 1.9 release, currently under development, will be BIP32 compatible. You can find it in the 'bip32' branch on github
|
|
|
530
|
Bitcoin / Electrum / Electrum meetings in Berlin & Barcelona
|
on: August 04, 2013, 11:20:30 AM
|
I will be in Berlin from August 19th to 25th, and in Barcelona from September 19th to 24th, and I would like to organize meetings with other Electrum developers, users, or people interested in Bitcoin.
In Berlin, there will be Animazing, EagleTM, slush (to be confirmed). In Barcelona: genjix
Please answer in this thread if you are interested. The exact dates of the meetings will depend on you guys, I have no constraints and will be hanging around.
|
|
|
533
|
Bitcoin / Electrum / Re: [ANNOUNCE] Electrum - Lightweight Bitcoin Client
|
on: July 26, 2013, 09:42:21 AM
|
I (having done the Bitmessage integration) am willing to work on that if the community likes it. I think this could be a cool addition to quickly tip someone, for instance, or to exchange (public) bitcoin addresses easily for in-person meeting. sure, this is the kind of application for which Electrum has a plugins system
|
|
|
534
|
Bitcoin / Development & Technical Discussion / Re: Electrum BTC Client
|
on: July 26, 2013, 09:00:59 AM
|
Has anyone used the Electrum bitcoin client? If so, is it convenient/reliable/secure?
It depends on your criterions. Electrum is extremely secure against user stupidity (the #1 cause of money loss in the Bitcoin world) because it is a deterministic wallet. Electrum is slightly less convenient than a "web wallet" because it requires you to install software on your computer. Once you've installed it, it is nearly as convenient, because you can always access your wallet instantly. Considering server attacks, Electrum is slightly less secure than bitcoin-qt, but it is much more secure than any web wallet. Electrum is a bit less secure than bitcoin-qt because it does not download the entire blockchain; it only downloads headers, and uses SPV to verify transactions, which is a bit less secure. However, that type of attack is very costly, and it remains purely theoretical so far. Electrum is much more secure than any javascript web wallet, because web wallets do not use SPV and are vulnerable to code poisoning. So, if you are looking for a wallet that does not require you to download the blockchain, then I would say that Electrum is currently the best solution.
|
|
|
535
|
Bitcoin / Electrum / Re: Warning about imported private keys !
|
on: July 17, 2013, 09:39:09 AM
|
Note: 1. to clean your console history, you just need to do this: gui.console.history = [] 2. use the console if you feel like programming/testing things, but do not put sensitive information in it.
|
|
|
536
|
Bitcoin / Electrum / Re: Warning about imported private keys !
|
on: July 17, 2013, 09:16:43 AM
|
Is this by design, or would this be a security issue that should be fixed (by not logging or obfuscating the importprivkey command)?
This point has been discussed in the past. There's no easy way to 'fix' this... First, note that the same issue arises when you use Electrum (or bitcoind) from the command line; if you are not careful, private keys will end up in your bash_history (or wherever your OS stores shell histories). Thus, the Electrum python console does not create a new risk, with respect to that issue; it only displaces the risk. It would indeed be possible to obfuscate commands like importprivkey in the history. However, the user can do something like this: mykey="foo" ... importprivkey(mykey)
... and this can be varied ad infinitum; there's no way to predict all the possible ways to use the console. Therefore, obfuscating some commands will never be 100% safe, because the very point of this console is to be programmable. The console is useful for debugging and programming Electrum; thus, I am assuming that users who use the python console instead of the gui are geek types, so they are able to understand that issue. But if you have a better solution, please let me know.
|
|
|
538
|
Bitcoin / Electrum / Warning: websites distributing Electrum binaries
|
on: July 06, 2013, 04:58:54 PM
|
Today, I noticed that Electrum binaries for Mac are being distributed on both zdnet and cnet: http://download[.]cnet[.]com/Electrum/3000-2057_4-75951071.html http://downloads[.]zdnet[.]com/product/2057-75951071/ These binaries are not endorsed by the Electrum developers; I have no link with the cnet/zdnet user who distributes them. These binaries might contain malevolent code that steals your money. The official Electrum binaries for Mac are distributed on http://electrum.orgNote: electrum.org will soon have a https certificate. In the mean time, if you wish to check these binaries, please use the PGP signatures that are on the website.
|
|
|
|