Bitcoin Forum
May 23, 2017, 03:11:13 PM *
News: Latest stable version of Bitcoin Core: 0.14.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 [6]  All
  Print  
Author Topic: Why you cannot enter an arbitrary seed in Electrum  (Read 39702 times)
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1078



View Profile
November 13, 2015, 11:42:00 PM
 #101


Are you telling me that... the dictionary used in Electrum is well known and available?

So I'm sorry, but this fixed automatic method to generate the seed is TOTAL AND UTTER BULLSHIT and my proposed method is infinitely better.

Why?
Because if I'm an hacker I can just test all the WORDS, I DON'T NEED TO TEST CHARACTER AFTER CHARACTER!
I know the words! So I only need to swap ENTIRE WORDS instead than CHARACTERS, it's so fuckin stupid!
If the dictionary is 1000 words, then the number of possible combinations in the seed is 1000^12!
That's 1 followed by 36 0. I don't say it's little, but it's surely waaaaaay less than a sentence human generated with some punctuation, numbers and caps.

Basically, this automatic seed generation is 12 "bytes" long: the number of words used in the seed! Only a Byte is 256 combinations, while the dictionary has 1000 combinations (I don't know how many words are in the dictionary).
But SURELY this method has NOTHING with testing characters, any hacker could just test WORDS.

Really, I wonder how nobody can see this.
Shit, I thought the dictionary was internal and encripted in the software, this is incredible, an incredible fallacy.



ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.








1495552273
Hero Member
*
Offline Offline

Posts: 1495552273

View Profile Personal Message (Offline)

Ignore
1495552273
Reply with quote  #2

1495552273
Report to moderator
1495552273
Hero Member
*
Offline Offline

Posts: 1495552273

View Profile Personal Message (Offline)

Ignore
1495552273
Reply with quote  #2

1495552273
Report to moderator
1495552273
Hero Member
*
Offline Offline

Posts: 1495552273

View Profile Personal Message (Offline)

Ignore
1495552273
Reply with quote  #2

1495552273
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1495552273
Hero Member
*
Offline Offline

Posts: 1495552273

View Profile Personal Message (Offline)

Ignore
1495552273
Reply with quote  #2

1495552273
Report to moderator
1495552273
Hero Member
*
Offline Offline

Posts: 1495552273

View Profile Personal Message (Offline)

Ignore
1495552273
Reply with quote  #2

1495552273
Report to moderator
1495552273
Hero Member
*
Offline Offline

Posts: 1495552273

View Profile Personal Message (Offline)

Ignore
1495552273
Reply with quote  #2

1495552273
Report to moderator
GODLIKE
Sr. Member
****
Offline Offline

Activity: 434

LOL what you looking at?


View Profile
November 13, 2015, 11:47:35 PM
 #102

ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.

Great explanation, thank you!
And it's not rude to say that someone is just wrong, we can't know everything Smiley

However, as the two methods give presumably good enough protection, we are still on the line that a human generated phrase can be remembered more easily than a group of random words.

It wouldn't require too much work at all to allow a user to write his sentence, check that he uses caps, lower letters, punctuation and possibly numbers.
The random words method could be left active as an option.

BITCOIN FOREVER news aggregator: only the most important news on the cryptoworld!
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1078



View Profile
November 13, 2015, 11:54:05 PM
 #103

ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.

Great explanation, thank you!
And it's not rude to say that someone is just wrong, we can't know everything Smiley

However, as the two methods give presumably good enough protection, we are still on the line that a human generated phrase can be remembered more easily than a group of random words.

It wouldn't require too much work at all to allow a user to write his sentence, check that he uses caps, lower letters, punctuation and possibly numbers.
The random words method could be left active as an option.

I agree 100% that its possible to create a good passphrase with a very high probability of it being ultra secure
IF YOU KNOW WHAT YOU'RE DOING.

But since many people do not know what they are doing, Electrum chose to idiot-proof it.

GODLIKE
Sr. Member
****
Offline Offline

Activity: 434

LOL what you looking at?


View Profile
November 14, 2015, 12:07:51 AM
 #104

ehhh...how to say this politely...You're wrong.

First of all, its 1626 words.  1626^12 = 3.4 * 10^38.
It's the same as 2^128, or 128 bits of security, which is the same for any bitcoin address
that has already spent funds.  ECDSA for Bitcoin is 256 bits which provides 128 bits of
security.  Unspent addresses benefit from additional security because of RIPEMD-160 hash,
increasing it to 160 bits.  However, electrum uses key stretching of an 100,000 round hash
once you know the seed, increasing the security to 144 bits.

You ARE correct that human generated phrases POTENTIALLY could have much higher
levels of security, but it doesn't matter because A) 128 bits is beyond brute forcing
by any form of classical computing (do the math and see how many super computers
and millions of years you need) and B) Bitcoin is limited to 160 bits of security no
matter what.

However, its impossible to measure with certainty the entropy level of a human generated
phrase and potential for error exists that does not exist with computer generated pass phrases.

Great explanation, thank you!
And it's not rude to say that someone is just wrong, we can't know everything Smiley

However, as the two methods give presumably good enough protection, we are still on the line that a human generated phrase can be remembered more easily than a group of random words.

It wouldn't require too much work at all to allow a user to write his sentence, check that he uses caps, lower letters, punctuation and possibly numbers.
The random words method could be left active as an option.

I agree 100% that its possible to create a good passphrase with a very high probability of it being ultra secure
IF YOU KNOW WHAT YOU'RE DOING.

But since many people do not know what they are doing, Electrum chose to idiot-proof it.

As I wrote: it's easy to put a check in it.
You press enter and there's no punctuation and no caps and the sentence is not long enough and various enough: the program won't accept it.
Easy.

BITCOIN FOREVER news aggregator: only the most important news on the cryptoworld!
aakashsangwan
Hero Member
*****
Offline Offline

Activity: 700



View Profile WWW
March 28, 2016, 05:47:19 AM
 #105

Recently one of my friend's computer got hacked by downloading the exe file which was actually a keylogger and the hacker hacked his electrum seed key and now he is also operating his electrum address and what ever his address are receiving the bitcoins he is just simply withdrawing it.

So how can you help him to recover his old wallet from that hacker, can we change the seed pass phrase key . Please help me to recover that electrum wallet from the hacker as my friend is not have that much knowledge about the software 



             ▄▀▀▀▀▄
            ▄▌ ▀▀ █▄
        ▄▄█████  █████▄▄
 ▄▄▄▄▄█████████  █████████▄▄▄▄▄
█ ▄▄ ██████████  █████████▌ ▄▄ █
▀▄     ▀███████  ██████▀▀     ▄▀
  ██████▄  ▀▀ ▄███▄ ▀  ▄██████
  ███████ ▄█████████▄ ████████
  ██████▌ ████████████ ███████
  ██████▀  ▀▀▀███████▀ ▐██████
 ▄▀▀▀▀  ▄██████  ▄▄▄▄▄█▄  ▀▀▀▀▄
█ ▐▌ ██████████  █████████▌ █  █
 ▀▄▄▄██████████  ██████████▄▄▄▀
       ▀▀██████  ██████▀▀
           ▀▀█ ▄▄ █▀▀
             ▀▄▄▄▄▀
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██




                  ▄▄██▄
              ▄▄█▀▀  ██
          ▄▄█▀▀      █▌
      ▄▄█▀▀   ▄▀    ██
 ▄▄▄█▀▀    ▄█▀     ▐█
██      ▄██▀       █▌
 ▀▀██▄███▀        ██
     ██▀▀█▄▄▄     █▌
      █▄  ██▀▀▀█▄██
       █▄█▀
Decoded
Hero Member
*****
Offline Offline

Activity: 714


Crypto-News.net: News from Crypto World


View Profile WWW
March 31, 2016, 11:43:23 PM
 #106

I believe that Electrum should be able to allow these seeds. Maybe there should be extensive warnings, but it should be allowed nevertheless.

I have a ledger wallet and Electrum, I want to be able to use both Sad



              ▄▄▄██████▄▄▄
          ▄██████████████████▄
       ▄████████████████████████▄
 ▄▄  ▄████████████████████████████▄
███████████████████████████████████▄
 ▀▀█████████████████████████████████▄
   ██████████████████████████████████
   ██████████████████████████████████
   ██████████████████████████████████
   ██████████████████████████████████
   ▀████████████████████████████████▀
    ▀██████████████████████████████▀
     ▀▀██████████████████████████▀
        ▀██████████████████████▀
           ▀▀▀████████████▀▀▀
.
.....
.....
.....
.....
.....
.....





Financisto
Hero Member
*****
Offline Offline

Activity: 504

«XBT»


View Profile WWW
April 02, 2016, 03:51:54 AM
 #107

You can "input" custom seed to generate a BIP-32 Hierarchical Deterministic Wallet with this tool:

https://coinb.in

0=m BitcoinTalk Escrows: Ranking & Blacklist 0=m Brainwallet & Paper Wallet projects 0=m If you value Freedom, please help keeping these projects alive (donating BTC): Tor 0=m Tails 0=m Qubes OS 0=m Whonix 0=m ProtonMail 0=m VeraCrypt 0=m privacytools.io m=0
cyberguy
Jr. Member
*
Offline Offline

Activity: 34


View Profile WWW
April 30, 2016, 09:17:07 AM
 #108

I used the wallet restore function and made a new wallet using a hexstring taken from the output of

echo -n "My own string"|sha256sum

in a linux conole. If a truly unique string (perhaps involving personal informtion) is used for "My own string" which can be easily remembered, (e.g. "cyberguy was born on the 29th of February 1976 in the middle of the atlantic") what are the security implications of this. Could this be considered an alternative for a "brain wallet"
Pages: « 1 2 3 4 5 [6]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!