|
RealBitcoin (OP)
|
 |
October 05, 2015, 12:21:31 AM |
|
Was the Electrum RNG audited? For example the functions that create the RNG (even in linux systems).
And if yes, then what is the protection against weak hardware RNG?
For example if my processor's RNG has been tampered with and it generates weak RNG in a pattern, then how can electrum protect against this?
For example does it offer the solution to add extra entropy or does it generate the RNG from multiple sources of entropy?
I`m just curious, because this is a very important security question.
|
|
|
|
|
|
|
|
|
|
|
|
|
You get merit points when someone likes your post enough to give you some. And for every 2 merit points you receive, you can send 1 merit point to someone else!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
RealBitcoin (OP)
|
 |
October 06, 2015, 01:01:01 AM |
|
Well my OS is not compromized but my processor's RNG could be. So if I use this command: electrum --nbits=256 --entropy=123456 make_seedmake_seed Will that make me a 256 bit seed with that entropy? (I can use a much higher random number) If I use external entropy then I have to rely less on my processor RNG right? How safe is that? |
|
|
|
Abdussamad
Legendary
 Offline
Activity: 3612
Merit: 1564
|
|
October 06, 2015, 01:09:59 AM |
|
Will that make me a 256 bit seed with that entropy? (I can use a much higher random number)
I am not sure. I suggest reading the source code. https://github.com/spesmilo/electrum/The entropy you provide has to be in base 10 I do know that if you give it a really large number for entropy it'll up the seed size. |
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
October 06, 2015, 01:14:48 AM |
|
If I use external entropy then I have to rely less on my processor RNG right? How safe is that?
Depends on the source of the external entropy. I don't really know why you are worried about this. If your CPU is insecure then everything is insecure. If it's any consolation on Linux systems at least the output of the hardware RNG in the CPU is XORed with whatever entropy the system collects from its normal operation i.e. disk seeks, network activity, user mouse and keyboard activity etc. https://plus.google.com/+TheodoreTso/posts/SDcoemc9V3J |
|
|
|
|
|
RealBitcoin (OP)
|
|
October 06, 2015, 01:14:59 AM |
|
Will that make me a 256 bit seed with that entropy? (I can use a much higher random number)
I am not sure. I suggest reading the source code. https://github.com/spesmilo/electrum/The entropy you provide has to be in base 10 I do know that if you give it a really large number for entropy it'll up the seed size. Well i`m not that good at reading source code, but if somebody could confirm this it would be good. If I put as entropy this number: 698375603659862009431843239381325604334403362818420357160210045015044461682851728328636141376996967175748222379039523316063548668536223247056 Then it should create a very safe seed no? I would prefer a 512 bit seed an I think the 256 bit is not that secure. |
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
October 06, 2015, 01:17:06 AM |
|
Then it should create a very safe seed no? I would prefer a 512 bit seed an I think the 256 bit is not that secure.
Bitcoin addresses only have 128 bits of security. A larger seed is pointless. |
|
|
|
|
|
RealBitcoin (OP)
|
|
October 06, 2015, 01:31:23 AM |
|
If I use external entropy then I have to rely less on my processor RNG right? How safe is that?
Depends on the source of the external entropy. I don't really know why you are worried about this. If your CPU is insecure then everything is insecure. If it's any consolation on Linux systems at least the output of the hardware RNG in the CPU is XORed with whatever entropy the system collects from its normal operation i.e. disk seeks, network activity, user mouse and keyboard activity etc. https://plus.google.com/+TheodoreTso/posts/SDcoemc9V3JYea, that google+ chat also admitted that the main security hole is in relying on system RNG, which I dont. Adding mouse movement, network log, sound card noise ,etc can be an additional security feature. I dont understand why you say that if the CPU RNG is insecure, then it is fatal because if I add other entropy it should be secure no? Please explain. |
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
October 06, 2015, 01:35:22 AM |
|
Adding mouse movement, network log, sound card noise ,etc can be an additional security feature.
It already is. That's how entropy is collected by the linux kernel. That's why I'm saying Linux does not rely on CPU RNG alone. I dont understand why you say that if the CPU RNG is insecure, then it is fatal because if I add other entropy it should be secure no? Please explain.
It's just that if Intel compromised the RNG they must have compromised other parts of the CPU as well right? Why stop at just RNG? Everything goes through the CPU so your entire system could be compromised. |
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
October 06, 2015, 01:36:49 AM |
|
Anyway this is all just speculation. You are paranoid and I'm feeding your paranoia  |
|
|
|
|
|
RealBitcoin (OP)
|
|
October 06, 2015, 01:40:50 AM |
|
It's just that if Intel compromised the RNG they must have compromised other parts of the CPU as well right? Why stop at just RNG? Everything goes through the CPU so your entire system could be compromised.
Yea you are right there, I will just disregard this risk vector. Anyway this is all just speculation. You are paranoid and I'm feeding your paranoia When it comes to securing your money and not letting it on the hands of hackers, i think the paranoia is justified. ======================= Ok so what about my original question, has Electrum been audited by some specialists. I know the wallets that are promoted on bitcoin.org have all undergone security audits, so how about Electrum? And where I can find that  Thanks. |
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
October 07, 2015, 01:48:38 PM |
|
It's just that if Intel compromised the RNG they must have compromised other parts of the CPU as well right? Why stop at just RNG? Everything goes through the CPU so your entire system could be compromised.
Yea you are right there, I will just disregard this risk vector. Anyway this is all just speculation. You are paranoid and I'm feeding your paranoia When it comes to securing your money and not letting it on the hands of hackers, i think the paranoia is justified. ======================= Ok so what about my original question, has Electrum been audited by some specialists. I know the wallets that are promoted on bitcoin.org have all undergone security audits, so how about Electrum? And where I can find that Thanks. There has been no formal audit that I know of if that's what you mean. It's open source so lots of interested people look over the code from time to time. Some of them find security holes that they report. Also see open issuesYou know you are worried about electrum's security when its open source but you forget about your closed source operating system. Only Microsoft knows what's going with Windows code. |
|
|
|
|
|
RealBitcoin (OP)
|
|
October 08, 2015, 05:45:17 AM |
|
It's just that if Intel compromised the RNG they must have compromised other parts of the CPU as well right? Why stop at just RNG? Everything goes through the CPU so your entire system could be compromised.
Yea you are right there, I will just disregard this risk vector. Anyway this is all just speculation. You are paranoid and I'm feeding your paranoia When it comes to securing your money and not letting it on the hands of hackers, i think the paranoia is justified. ======================= Ok so what about my original question, has Electrum been audited by some specialists. I know the wallets that are promoted on bitcoin.org have all undergone security audits, so how about Electrum? And where I can find that Thanks. There has been no formal audit that I know of if that's what you mean. It's open source so lots of interested people look over the code from time to time. Some of them find security holes that they report. Also see open issuesYou know you are worried about electrum's security when its open source but you forget about your closed source operating system. Only Microsoft knows what's going with Windows code. Electrum has been released in Spring 2012 - almost 3 ½ yrs ago. Plenty of time for hackers to beat the shit out of the software. Any MtGox-style hack on Electrum since? None, to my knowledge. Did people lost bitcoins because of Electrum? Absolutely... - many that didn't follow the instructions to save their seed words on a piece of paper - many that didn't even bother adding a password to their wallet - few that practiced unsafe internet behaviors and downloaded spooky software that incorporated keylogger malware Other than the above - mostly flawless! Better than any short-time paid audit... IMHO. Electrum has passed the test of time. Electrum supports 3 types of wallet hardware (bye-bye key loggers!): - Budget - Sending BTC with Electrum is feasible, but a bit painful (no screens): Ledger https://www.ledgerwallet.com - $ 35 - Great buy - easy integration with Electrum: Trezor buytrezor.com - $100 - Luxury - if you can't read small characters on the Trezor, this one is for you: KeepKey Keepkey.com - $240 There are no reasons anymore why people should deal with "software" wallets... Software wallets are so.... 2013 ... Hardware wallets is the way to go in 2015+ As a bonus, the same H/W wallets above (all three of them) can also hold your Litecoins, Dash, and many others, simultaneously on the same device. I dont trust hardware wallets, because its way easier to build backdoors in them than in softwares. Software can be open source, hardware can't... |
|
|
|
|
RealBitcoin (OP)
|
|
October 08, 2015, 06:44:03 AM |
|
I dont trust hardware wallets, because its way easier to build backdoors in them than in softwares. Software can be open source, hardware can't...
Foolish and un-substantiated. You should do some reading before making such statements. I can direct you to some great read if you PM me. Sorry but thats the truth, hardware wallet cannot be audited, and cannot have a hash to compare it's authenticity. It can be easily modified to suit some agenda, and you have no way of knowing unless you check every microprocessor from top to bottom inside the device. BTW: you advertise a website "CryptVPN" that charges $10/month for a VPN. Please consider boxpn.com for $3/month... basic searching and reading can benefit everyone! Personally used them for the last 3 yrs - but, unlike you, I am not paid to post questions on bitcointalk.com to advertise for them. My signature/avatar campaigs have absolutely nothing to do with this question I asked here. It is a genuine question and I have concerns about some security issues here, so please answer to those to be on topic. The same way you could criticize here my beard but that wont make it more on-topic, so please answer to the topic questions |
|
|
|
|
