If I sign and Address are the other addresses more exposed?

[jubalix]

If I sign a message and so lose the SHA256, and RIPEMD160 protections for that address, now only having  ECDSA,

are all the other addresses so weakened as it is a deterministic wallet or otherwise?

[U2]

... I would think no because well, bitcoins on a technical level don't have anything to do with bitcoin addresses or wallets. Assuming you didn't include the wallet seed somehow I think this is still SHA256. Maybe we'll get a more educated answer though. I just don't see how exposing one could expose the rest.

[Abdussamad]

If I sign a message and so lose the SHA256, and RIPEMD160 protections for that address, now only having  ECDSA,

are all the other addresses so weakened as it is a deterministic wallet or otherwise?

no they are not.

the only scenario where this is a problem is below:

- attacker has your master public key aka extended public key.
- attacker has the private key for any one of your addresses (private key not public key).

In the above scenario the attacker can enumerate all the private keys in your electrum wallet. They can get all the money.

For other deterministic wallets it is different because they use hardening at some levels. Hardened chains can't be derived if the attacker has the above information. There are downsides to this as well such as the fact that you can generate addresses from just the xpub which is a useful feature of deterministic wallets.

[kolloh]

If I sign a message and so lose the SHA256, and RIPEMD160 protections for that address, now only having  ECDSA,

are all the other addresses so weakened as it is a deterministic wallet or otherwise?

no they are not.

the only scenario where this is a problem is below:

- attacker has your master public key aka extended public key.
- attacker has the private key for any one of your addresses (private key not public key).

In the above scenario the attacker can enumerate all the private keys in your electrum wallet. They can get all the money.

For other deterministic wallets it is different because they use hardening at some levels. Hardened chains can't be derived if the attacker has the above information. There are downsides to this as well such as the fact that you can generate addresses from just the xpub which is a useful feature of deterministic wallets.

With the master public key and a single private key, you can derive all other private keys? That is pretty scary, but I guess you usually don't give out either of those pieces of information. Good to be aware that is possible though.

[Coin-Keeper]

Adding for clarification.  Of course there is no danger if the MPK is known because you can't spend any coins with only the MPK to a wallet.  I still protect mine because you can produce ALL the addresses for the entire wallet as well as all transaction activity just by having the MPK.  The private key issue is one of concern and accounts for much of the reason I use a hardware wallet along with Electrum.  I just don't like any private keys online anywhere, anytime, anyhow for my stuff.  Two computer cold approach is OK but its not convenient, which is why I went hardware wallet.

[Abdussamad]

Adding for clarification.  Of course there is no danger if the MPK is known because you can't spend any coins with only the MPK to a wallet.  I still protect mine because you can produce ALL the addresses for the entire wallet as well as all transaction activity just by having the MPK.  The private key issue is one of concern and accounts for much of the reason I use a hardware wallet along with Electrum.  I just don't like any private keys online anywhere, anytime, anyhow for my stuff.  Two computer cold approach is OK but its not convenient, which is why I went hardware wallet.

A multisig wallet is another option. Both electrum and bitpay/copay make that easy now.