eggdescrambler
Newbie
 Offline
Activity: 43
Merit: 0
|
 |
May 25, 2014, 09:20:23 PM |
|
Quick question
I've done an experiment on electrum
I've started fresh and said "restoring from seed" where the seed is a 256 bit hexnumber (like the output of a sha256)
With that, I got 24 mnemonic words and a given set of 5 bitcoin addresses
Then, I deleted my wallet and started again, this time I've used the first 128 bit of that 256 bit hexnumber I've used earlier as the seed in the input GUI.
With that, I got the 12 mnemonic words, which matches the first 12 mnemonic words from the prior experiment.
I also got 5 Bitcoin addresses that differs entirely from the prior experiment.
So it seems like, although the Electrum documentation says it takes a 128 bit seed, that it actually can take more, leading to a different set of bitcoin addresses.
Can anyone explain what is going on?
And perhaps the documentation on Electrum's website could be updated to specify this.
Thanks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
You get merit points when someone likes your post enough to give you some. And for every 2 merit points you receive, you can send 1 merit point to someone else!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
May 25, 2014, 09:38:03 PM |
|
Quick question
I've done an experiment on electrum
I've started fresh and said "restoring from seed" where the seed is a 256 bit hexnumber (like the output of a sha256)
With that, I got 24 mnemonic words and a given set of 5 bitcoin addresses
Then, I deleted my wallet and started again, this time I've used the first 128 bit of that 256 bit hexnumber I've used earlier as the seed in the input GUI.
With that, I got the 12 mnemonic words, which matches the first 12 mnemonic words from the prior experiment.
I also got 5 Bitcoin addresses that differs entirely from the prior experiment.
So it seems like, although the Electrum documentation says it takes a 128 bit seed, that it actually can take more, leading to a different set of bitcoin addresses.
Can anyone explain what is going on?
And perhaps the documentation on Electrum's website could be updated to specify this.
Thanks
Yes that's correct. It can take an arbitrary size seed but it is not recommended unless you know what you are doing. See the caveat I wrote about on page 2: https://bitcointalk.org/index.php?topic=153990.msg6627649#msg6627649 |
|
|
|
|
eggdescrambler
Newbie
Offline
Activity: 43
Merit: 0
|
|
May 25, 2014, 10:38:12 PM |
|
Yes that's correct. It can take an arbitrary size seed but it is not recommended unless you know what you are doing. See the caveat I wrote about on page 2: https://bitcointalk.org/index.php?topic=153990.msg6627649#msg6627649The only caveat is that you can't do a restore from seed for this >128bit seed wallet under electrum 2.0+. You will be able to use the wallet file softcopy. But not restore from seed. The reason being that the seed format is changing and electrum won't know which seed version you are using just from the bare seed. The wallet file, OTOH, contains the seed version. Ok, so the next upcoming release is 2.0 and it won't accept those > 128 bit. I'm wondering, why this change? Thanks for your answers. |
|
|
|
|
|
dabura667
|
|
May 30, 2014, 05:50:01 AM |
|
Ok, so the next upcoming release is 2.0 and it won't accept those > 128 bit.
I'm wondering, why this change?
Thanks for your answers.
The GUI representation to users for the seed and how it is displayed/used is made with the least experienced user in mind. The unexperienced user will likely think "OMG MOAR WORDS IS SAFER!!! PUT IN ALL TEH WORDZ!" and make a 500 word seed or something. In reality, the entropy is capped at 160. So any words over a certain amount is worthless. Not to mention that if users can choose the length of their seeds, some users will inevitably choose a 1 or 2 word seed, get their bitcoins stolen, and then post about it all over the internet. If you have confidence in your ability to alter Electrum to create your own seed, and you can restore that seed properly. Go ahead. But if you try to leave that seed to your family when you die or something, and they try to put it into Electrum after Electrum has already moved on to something else and only offers backwards compatibility to the one type of seed that was supported, then you better hope your family knows how to restore your seed manually, or alter Electrum in order to restore your seed. If you want to roll dice and make your own entropy, use paper wallets with bitaddress.org. I think there's also a site that you can download that will accept independantly generated seeds to create BIP32 extended private keys. |
My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
|
|
|
|
minerpumpkin
|
|
July 09, 2014, 11:32:57 PM |
|
What are your thoughts on this: http://www.sendspace.com/file/68tgbdYou have to roll your own seed. 5 dice for each word = 60 rolls, if a roll is invalid (i.e. under certain circumstances not applicable), roll again. IMO this should lead to a truly random seed, which can't be compromised by faulty or limited random number generators implementations. It's a bit cumbersome, but for long-term storage a decent decision. Any downsides or potential risks I don't see? This method is well known as Diceware - http://world.std.com/~reinhold/diceware.htmlGood question! How Diceware (5 words with dice, dictionary size of 7776) compares to Electrum (12 words, from a dictionary of 1600) for practical purposes; to use as your master password? The thing is: Yes, this is some variant of Diceware. But this page is specifically engineered for Electrum's seed-words. I'm no expert but somewhat familiar and experienced with typical problems when it comes to 'true' randomness or cryptographically secure keys. I'd really like a word from the developers on that specific idea as it seems really neat! |
I should have gotten into Bitcoin back in 1992...
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
July 10, 2014, 12:40:47 AM |
|
on what specific idea?
|
|
|
|
|
minerpumpkin
|
|
July 17, 2014, 09:50:12 PM |
|
on what specific idea?
Rolling your own Electrum seed with dice. It's a little bit different than diceware, because you effectively directly roll 12 Electrum seed words, and don't rely on some other entropy dimensions, but exactly on those offered by Electrum itself! I suggested it here: https://bitcointalk.org/index.php?topic=153990.msg4502689#msg4502689 |
I should have gotten into Bitcoin back in 1992...
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
July 17, 2014, 10:06:28 PM |
|
on what specific idea?
Rolling your own Electrum seed with dice. It's a little bit different than diceware, because you effectively directly roll 12 Electrum seed words, and don't rely on some other entropy dimensions, but exactly on those offered by Electrum itself! I suggested it here: https://bitcointalk.org/index.php?topic=153990.msg4502689#msg4502689Well i'm not an electrum developer but I see no reason you can't. You will want to synch up with the 12 word seed schema, though, at least if you want to use Electrum the way it is intended. You need the seed for restore functions as well as generating new addresses. The way I would do it: Assuming you're using standard 6-sided dice, you roll a dice 5 times... This gives you 6^5 combinations = 7776. Now divide by 4 and throw away the remainder. This gives you a number between 1 and 1944. If the number is greater than 1626, throw it away. If it 1626 or lower, keep it, write it down. Repeat the whole process 12 times, now you have 12 numbers that you can use to match up with the 12 words in the electrum dictionary. |
|
|
|
|
minerpumpkin
|
|
July 18, 2014, 01:31:14 AM |
|
on what specific idea?
Rolling your own Electrum seed with dice. It's a little bit different than diceware, because you effectively directly roll 12 Electrum seed words, and don't rely on some other entropy dimensions, but exactly on those offered by Electrum itself! I suggested it here: https://bitcointalk.org/index.php?topic=153990.msg4502689#msg4502689Well i'm not an electrum developer but I see no reason you can't. You will want to synch up with the 12 word seed schema, though, at least if you want to use Electrum the way it is intended. You need the seed for restore functions as well as generating new addresses. The way I would do it: Assuming you're using standard 6-sided dice, you roll a dice 5 times... This gives you 6^5 combinations = 7776. Now divide by 4 and throw away the remainder. This gives you a number between 1 and 1944. If the number is greater than 1626, throw it away. If it 1626 or lower, keep it, write it down. Repeat the whole process 12 times, now you have 12 numbers that you can use to match up with the 12 words in the electrum dictionary. The file I quoted in my original post contained all of Electrum's seed words in a way that they could be addressed by rolling 5 dice. By repeating this procedure 12 times, you get an Electrum seed (discard all throws that are invalid, i.e. since 5 6-sided dice have an entropy that's too high, there are less words than possible combinations). |
I should have gotten into Bitcoin back in 1992...
|
|
|
|
|
taylortyler
Member
Offline
Activity: 84
Merit: 10
|
|
August 03, 2014, 05:13:27 AM |
|
What happens if all the electrum servers are taken offline. Would there be a way to use the seed phrase to recover?
|
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
August 03, 2014, 05:34:31 AM |
|
What happens if all the electrum servers are taken offline. Would there be a way to use the seed phrase to recover?
server have nothing to do with the seed and never see your seed. All the servers do is tell you your up-to-date balances and broadcast transactions to the network. |
|
|
|
|
RealBitcoin
|
|
July 23, 2015, 03:57:48 PM |
|
A phrase generated by a human, or picked from a random book opened at a random page, will in general be much less random, and much more vulnerable to attacks.
Yea but why can't i have the choice atleast. Who knows that my RNG on my PC is flawed, and i might use an external RNG or have a radio that generates random entropy. 128 bit is only 16 character, guys I use 70-80 character random passwords.Even my flawed RNG 70 character password is better than your "bulletproof" 16 character password |
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
July 23, 2015, 04:00:42 PM |
|
You can still use external entropy. Just format it into a valid electrum seed format and voila.
|
|
|
|
|
RealBitcoin
|
|
July 23, 2015, 04:27:29 PM |
|
You can still use external entropy. Just format it into a valid electrum seed format and voila.
How? I cannot edit that initial box where the seed is in, it pops out random words, but i cannot put there random characters. |
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
July 23, 2015, 04:32:05 PM |
|
You can still use external entropy. Just format it into a valid electrum seed format and voila.
How? I cannot edit that initial box where the seed is in, it pops out random words, but i cannot put there random characters. start a new wallet and choose 'restore from seed', then enter the seed you want. it has to be a valid seed (containing the proper amount of words all from the electrum dictionary.) |
|
|
|
|
GODLIKE
|
|
August 03, 2015, 06:00:22 AM |
|
I get that 99% of people aren't able to generate a good sentence to remember, but I still don't like being given the chance to use my favourite sentence.
It's nothing I've found on internet, I searched for it and there's NO MATCHES on internet, and it's a sentence of 16 WORDS, that could also include punctuation.
Having to fiddle with hex is not fun for a non-coder and may also lead to problems in future updates I guess so I won't go that direction.
But in example, to not get bored with that sequence of words, I just snapshot it and send it to my email, which has a password of only 10+ characters... is that really better?
And I guess many people are doing it like that.
Printing those words on paper? And if somebody stumble on that paper?
Remembering 12 words without any sense? Good luck with that: nobody will even try. I didn't, for sure.
|
BITCOIN FOREVER news aggregator: only the most important news on the cryptoworld! |
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
August 03, 2015, 04:58:51 PM |
|
I get that 99% of people aren't able to generate a good sentence to remember, but I still don't like being given the chance to use my favourite sentence.
It's nothing I've found on internet, I searched for it and there's NO MATCHES on internet, and it's a sentence of 16 WORDS, that could also include punctuation.
Having to fiddle with hex is not fun for a non-coder and may also lead to problems in future updates I guess so I won't go that direction.
But in example, to not get bored with that sequence of words, I just snapshot it and send it to my email, which has a password of only 10+ characters... is that really better?
And I guess many people are doing it like that.
Printing those words on paper? And if somebody stumble on that paper?
Remembering 12 words without any sense? Good luck with that: nobody will even try. I didn't, for sure.
You searched for it? Meaning you typed your passphrase into Google? Now Google knows it. Plus it might even show up on some search phrase list. You don't want to be doing that. As far not being able to remember 12 words, first of all, I think you have very low standards of what the human brain can achieve. Some people memorize full books! I can easily remember 12 words and the trick is to make a little mental picture. But if you don't think you can memorize it, then trust your gut feeling about your limitations and use another kind of wallet. |
|
|
|
|
RealBitcoin
|
|
August 03, 2015, 05:20:37 PM |
|
I get that 99% of people aren't able to generate a good sentence to remember, but I still don't like being given the chance to use my favourite sentence.
It's nothing I've found on internet, I searched for it and there's NO MATCHES on internet, and it's a sentence of 16 WORDS, that could also include punctuation.
Having to fiddle with hex is not fun for a non-coder and may also lead to problems in future updates I guess so I won't go that direction.
But in example, to not get bored with that sequence of words, I just snapshot it and send it to my email, which has a password of only 10+ characters... is that really better?
And I guess many people are doing it like that.
Printing those words on paper? And if somebody stumble on that paper?
Remembering 12 words without any sense? Good luck with that: nobody will even try. I didn't, for sure.
OMG you typed into google? Are you serious? Did you e-mailed it to your other e-mail? Man you must be the most uneducated person in internet security ever. You totally compromized your password and it's only a matter of time before you get robbed. If you can't memorize 12 words then fucking carve it into a tree in a forest somewhere, to make sure nobody stumbles on that paper. Man you need to keep your sensitive data more secure, because the thieves always love newbies who cannot secure their sensitive info. |
|
|
|
|
GODLIKE
|
|
August 03, 2015, 06:49:57 PM |
|
I get that 99% of people aren't able to generate a good sentence to remember, but I still don't like being given the chance to use my favourite sentence.
It's nothing I've found on internet, I searched for it and there's NO MATCHES on internet, and it's a sentence of 16 WORDS, that could also include punctuation.
Having to fiddle with hex is not fun for a non-coder and may also lead to problems in future updates I guess so I won't go that direction.
But in example, to not get bored with that sequence of words, I just snapshot it and send it to my email, which has a password of only 10+ characters... is that really better?
And I guess many people are doing it like that.
Printing those words on paper? And if somebody stumble on that paper?
Remembering 12 words without any sense? Good luck with that: nobody will even try. I didn't, for sure.
You searched for it? Meaning you typed your passphrase into Google? Now Google knows it. Plus it might even show up on some search phrase list. You don't want to be doing that. As far not being able to remember 12 words, first of all, I think you have very low standards of what the human brain can achieve. Some people memorize full books! I can easily remember 12 words and the trick is to make a little mental picture. But if you don't think you can memorize it, then trust your gut feeling about your limitations and use another kind of wallet. I snapshotted a picture of the seed and sent it to myself in the email. That should be QUITE PRIVATE I think. And I am pretty sure that if you ask 100 people they will not be learning by memory those 12 words, maybe 1 on 100 will. And that's exactly the same reason why people don't make longer and more complex passwords. Implying that I am "limited" is a subtle stupid insult, if you want to talk with me please refrain from being so presumptuous and not constructive at all. I have exposed what I consider an issue, even though the developers made it that way considering it a feature. Btw, my IQ, believe it or not (I don't care) is over 140. Below, just some results from a game.  |
BITCOIN FOREVER news aggregator: only the most important news on the cryptoworld! |
|
|
|
