Electrum + Keylogger + TrustedCoin

[OmegaStarScream]

I was reading this Docs on Electrum :

Even if TrustedCoin is compromised or taken offline, your coins are secure as long as you still have the seed of your wallet. Your seed contains two master private keys in a 2-of-3 security scheme. In addition, the third master public key can be derived from your seed

So I have this question , if I have a Keylogger on my PC (Dosen't matter if it's Clipboard , Screen capture or whatever) and I make a new fresh Electrum wallet with Two-Factor Authentication (with TrustedCoin) .

It dosen't matter if I make  Two-Factor Authentication or it does not , since it says that I'am able to recover my wallet with the seed , so if the keylogger captures somehow the seed , I'am screwed ?

Because the Electrum says what I quoted above , and the TrustedCoin says this :

you can offer a wallet that is secure even if the user's computer is compromised with a keylogger.

[Atomictie]

I was reading this Docs on Electrum :

Even if TrustedCoin is compromised or taken offline, your coins are secure as long as you still have the seed of your wallet. Your seed contains two master private keys in a 2-of-3 security scheme. In addition, the third master public key can be derived from your seed

So I have this question , if I have a Keylogger on my PC (Dosen't matter if it's Clipboard , Screen capture or whatever) and I make a new fresh Electrum wallet with Two-Factor Authentication (with TrustedCoin) .

It dosen't matter if I make  Two-Factor Authentication or it does not , since it says that I'am able to recover my wallet with the seed , so if the keylogger captures somehow the seed , I'am screwed ?

Because the Electrum says what I quoted above , and the TrustedCoin says this :

you can offer a wallet that is secure even if the user's computer is compromised with a keylogger.

For keylogger it means an external one, not one installed by yourself.
Usually a keylogger took all the key you press on your keyboard. But if someone install in your machine a keylogger that take picture of your screen and he takes your seed, so you are fucked.
I used electrum with trustedcoin once, but when I've found some difficulties to take my btc out from electrum, I've restored my wallet using the seed on another machine launching it without trustedcoin and set only the 2fa, that it's quite enough as security for your wallet.

[OmegaStarScream]

Keylogger that only store keys can also do the job and take your seed aswell , because Electrum asks you to re-type the seed so you will either re-write it or clipboard it which are both readable for what comes to the keylogger .
Mind sharing with me what are those difficulties that you found because I'am planning to use it but I'am asking before to make sure I won't lose my coins , also what you said make no sense "launching it without trustedcoin and set only the 2fa" , isn't TrustedCoin Two-Factor authentication already ?  

[Atomictie]

Keylogger that only store keys can also do the job and take your seed aswell , because Electrum asks you to re-type the seed so you will either re-write it or clipboard it which are both readable for what comes to the keylogger .
Mind sharing with me what are those difficulties that you found because I'am planning to use it but I'am asking before to make sure I won't lose my coins , also what you said make no sense "launching it without trustedcoin and set only the 2fa" , isn't TrustedCoin Two-Factor authentication already ?  

I usually copy/paste my seed I don't retype it.
2fa is the the number that change every minutes with google auth, that is what I call 2fa.
Trustedcoin is another security way that electrum provide, and if I'm not wrong is the way that ask you to pay a bigger fee to allow trusdetcoin unlock your txi.

[OmegaStarScream]

Keylogger that only store keys can also do the job and take your seed aswell , because Electrum asks you to re-type the seed so you will either re-write it or clipboard it which are both readable for what comes to the keylogger .
Mind sharing with me what are those difficulties that you found because I'am planning to use it but I'am asking before to make sure I won't lose my coins , also what you said make no sense "launching it without trustedcoin and set only the 2fa" , isn't TrustedCoin Two-Factor authentication already ?  

I usually copy/paste my seed I don't retype it.
2fa is the the number that change every minutes with google auth, that is what I call 2fa.
Trustedcoin is another security way that electrum provide, and if I'm not wrong is the way that ask you to pay a bigger fee to allow trusdetcoin unlock your txi.

That's not the real definition of Two factor Authentication anyway thank you for your help I guess I won't be using TrustedCoin I don't want to take risk .

[Abdussamad]

If your computer has malware when you create your electrum wallet then its possible the malware will just steal your seed. But if it doesn't have malware at the time of wallet creation then you are definitely protected with a 2FA wallet from future malware infections. The 25 word seed is not written to the wallet file so any future malware infection will not be able to spend your bitcoin all by itself. Any transaction will have to be signed by trusted coin and they require you enter the 2FA code first and of course in the process you review the transaction. I suppose if the malware was really sophisticated it could show you a fake transaction on-screen to get you to enter the 2fa code but then nothing can protect you from that sort of malware.

[OmegaStarScream]

If your computer has malware when you create your electrum wallet then its possible the malware will just steal your seed. But if it doesn't have malware at the time of wallet creation then you are definitely protected with a 2FA wallet from future malware infections. The 25 word seed is not written to the wallet file so any future malware infection will not be able to spend your bitcoin all by itself. Any transaction will have to be signed by trusted coin and they require you enter the 2FA code first and of course in the process you review the transaction.

I have another question since you are here what if I create my wallet offline ? I mean if I (by order) download the Electrum wallet , turn off modem , install it , setup the wallet , write down the seed and whatever and then boot the modem once again ?
But I remmeber that Electrum connect to servers not sure if I can get the seed without having internet connections or not ?

[Abdussamad]

If your computer has malware when you create your electrum wallet then its possible the malware will just steal your seed. But if it doesn't have malware at the time of wallet creation then you are definitely protected with a 2FA wallet from future malware infections. The 25 word seed is not written to the wallet file so any future malware infection will not be able to spend your bitcoin all by itself. Any transaction will have to be signed by trusted coin and they require you enter the 2FA code first and of course in the process you review the transaction.

I have another question since you are here what if I create my wallet offline ? I mean if I (by order) download the Electrum wallet , turn off modem , install it , setup the wallet , write down the seed and whatever and then boot the modem once again ?
But I remmeber that Electrum connect to servers not sure if I can get the seed without having internet connections or not ?

Any malware will just wait until you go online before it communicates the seed to the malware's author so no point in disconnecting from the net like that.

You can do cold storage with electrum on a permanently offline computer together with a separate computer that goes online:

http://docs.electrum.org/en/latest/coldstorage.html

Apart from that if you need a "sterile" environment you can boot of a linux live CD and use that to create an electrum wallet.

[CoinCidental]

is it possible that TrustedCoin can alter the bitcoin address of the recipient when they are signing the transaction ?
in the event that TrustedCoin got hacked could they use their half of the key to steal the coins to a another address ?

[ranochigo]

is it possible that TrustedCoin can alter the bitcoin address of the recipient when they are signing the transaction ?
in the event that TrustedCoin got hacked could they use their half of the key to steal the coins to a another address ?

No. The way multisig works is that a transaction requires at least n signatures for the transaction to be valid. The user can choose not to sign if it isn't valid.

In Trustedcoin case, they use 2 of 3 multisig. 1 of the keys is controlled by them and 2 of the keys are controlled by you. You create and sign the transaction, they will sign the transaction if you authorise it and the transaction is considered valid. When you create and sign the transaction, the information inside the transaction CANNOT be changed. You have to create a new transaction and RE-SIGN the transaction if you want to change anything inside it.

If two of your keys get compromised or one of your keys and their key gets compromised, the hacker can do whatever they want.

[m1bxd]

I was reading this Docs on Electrum :

Even if TrustedCoin is compromised or taken offline, your coins are secure as long as you still have the seed of your wallet. Your seed contains two master private keys in a 2-of-3 security scheme. In addition, the third master public key can be derived from your seed

So I have this question , if I have a Keylogger on my PC (Dosen't matter if it's Clipboard , Screen capture or whatever) and I make a new fresh Electrum wallet with Two-Factor Authentication (with TrustedCoin) .

It dosen't matter if I make  Two-Factor Authentication or it does not , since it says that I'am able to recover my wallet with the seed , so if the keylogger captures somehow the seed , I'am screwed ?

Because the Electrum says what I quoted above , and the TrustedCoin says this :

you can offer a wallet that is secure even if the user's computer is compromised with a keylogger.

Surely the solution to this situation of key loggers is to generate the wallet on a fresh PC offline, then copy the .dat file over?

[inklingzade]

So with 2fa enabled you still can access the account only with the seed ?

[TryNinja]

So with 2fa enabled you still can access the account only with the seed ?

Yes.

From the Electrum FAQ:

Even if TrustedCoin is compromised or taken offline, your coins are secure as long as you still have the seed of your wallet. Your seed contains two master private keys in a 2-of-3 security scheme. In addition, the third master public key can be derived from your seed, ensuring that your wallet addresses can be restored. In order to restore your wallet from seed, select “wallet with two factor authentication”, as this tells Electrum to use this special variety of seed for restoring your wallet.

As soon as you use your seed to restore your wallet, you can disable 2FA entirely and keep using without it.