Bitcoin Forum
May 29, 2017, 03:59:49 AM *
News: Latest stable version of Bitcoin Core: 0.14.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 [All]
  Print  
Author Topic: Warning about portable versions  (Read 64115 times)
ThomasV
Moderator
Legendary
*
Offline Offline

Activity: 1848



View Profile WWW
March 18, 2013, 09:43:45 AM
 #1

Since we now have a subforum for Electrum, I am rewriting here what I already said in other threads. I hope it's more visible in its own thread.

It is not safe to use a portable version of Electrum on an insecure computer!

Don't get me wrong: I am not saying that a portable build is by itself more dangerous than a non-portable version.
However, a portable version does not bring anything more in terms of security. It does not protect you from the computer you are using.
In addition, portable builds encourage dangerous behaviour, because they make it very easy to use your wallet on third party computers, that might be infected with viruses and keyloggers.

I was never enthusiastic about distributing portable versions of Electrum.
I did it because the demand for portable versions was so high that portable builds distributed by third parties were getting popular.
That's the only reason why I accepted to distribute portable builds: I do this in order to avoid an even worse situation.


Electrum: the convenience of a web wallet, without the risks
1496030389
Hero Member
*
Offline Offline

Posts: 1496030389

View Profile Personal Message (Offline)

Ignore
1496030389
Reply with quote  #2

1496030389
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1496030389
Hero Member
*
Offline Offline

Posts: 1496030389

View Profile Personal Message (Offline)

Ignore
1496030389
Reply with quote  #2

1496030389
Report to moderator
1496030389
Hero Member
*
Offline Offline

Posts: 1496030389

View Profile Personal Message (Offline)

Ignore
1496030389
Reply with quote  #2

1496030389
Report to moderator
1496030389
Hero Member
*
Offline Offline

Posts: 1496030389

View Profile Personal Message (Offline)

Ignore
1496030389
Reply with quote  #2

1496030389
Report to moderator
coqui33
Full Member
***
Offline Offline

Activity: 198



View Profile WWW
March 18, 2013, 03:30:22 PM
 #2

Is there a portable 1.7? If so, could you please provide a link?

Armed Citizens and the Law -- NRA-certified firearms instructor
ThomasV
Moderator
Legendary
*
Offline Offline

Activity: 1848



View Profile WWW
March 19, 2013, 10:52:26 PM
 #3

Is there a portable 1.7? If so, could you please provide a link?
not yet, but there should be one soon.

Electrum: the convenience of a web wallet, without the risks
SebastianJu
Legendary
*
Offline Offline

Activity: 1806


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
March 20, 2013, 11:26:00 AM
 #4

Nice... ill wait for it. Regarding portability... one should be extra cautious when handling values with software. In the end i use portable only on my own pcs, but i prefer software that isnt clawed into one pc and cant be moved to another easily. I mean getting a new pc is a problem then when having some unportable programs. If you have them portable, you simple move the harddisc and you can run your software. Thats why i like portable software and use them if possible somehow.

                                                                       
    ▄▄███████▄▄                           ▄      ▄
   ██████████████▄                       ███    ███
  ███▀ ▄▄▄▄▄▄▄ ▀████                     ███    ███
  █████████████▄ ▀███                    ███    ███   █▄ ▄▄
   ▀████▄  ▄▄███  ▀███                   ███    ███  ▄████
   ▄███████████   ▄███                  ███    ███  ▀▀███▀▀
   ███           ▄███         ▄▄▄▄      ███    ███     █    ▄▄  ▄▄▄▄
  ▄███     ▄▄▄▄█████        ▄█████▄    ▄██▀   ▄██▀    ███   █████████
  ███▄    ████████         ▄███▀▀███   ███    ███    ███▀   █████▀████
   ███     ▀▀█████▄      ▄█████▄ ███   ███    ███    ███    ████   ███
   ███         ▀███▄     ███▀███ ███  ███▀   ███▀    ███    ███▀   ███
   ███           ███▄    ███  ▀▀ ███  ███    ███    ███▀   ▄███    ███
   ▀██▄           ███    ███▄  ▄███   ███    ███    ███    ███    ███▀
    ███           ▀███▄   ████████    ███    ███    ███    ███    ███
    ▀██            ▀████   ▀████▀      ██     ██    ▀██    ▀█▀    ▀█▀


.
.
.
        ▄▄▀                ▀▄▄
     ▄ ▀▀                    ▀▀ ▄
   ▄ ▀▀▀                      ▀▀▀ ▄
  ▄▀▀▀                          ▀▀▀▄
 ▀█▄▄                            ▄▄█▀
▄█  ▄                            ▄  █▄
▀█ █▀                            ▀█ █▀
█▄  ▄                            ▄  ▄█
▀█ █                              █ █▀
█▄   █                          █   ▄█
 ██▄█▀                          ▀█▄██
  ▀▀  ▄█                      █▄  ▀▀
  ▀██▄ ▀  █▄              ▄█  ▀ ▄██▀
    ▀▀▀   ██  █▄      ▄█  ██   ▀▀▀
     ▀███▄▄▀  ███    ███  ▀▄▄███▀
        ▀▀▀▀▄▄▄▄▀    ▀▄▄▄▄▀▀▀▀
          ▀▀█████▀▀▀▀█████▀▀
.
.
Free Bitcoins
Chat Lottery & Games
Level Up System with Rewards
▄████████▄  ▄████████▄
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
 ████████    ████████
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
▀████████▀  ▀████████▀
.
SebastianJu
Legendary
*
Offline Offline

Activity: 1806


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
March 24, 2013, 03:45:06 PM
 #5

I now tested the new portable version of electrum 1.7.2 and it works fine. It can run from one directory only. I had to create a shortcut with the -w-tag to specify the electrum.dat that lies in the same directory. The link looks like:
Code:
L:\dirs\Electrum\Electrum-1.7.2-portable.exe -w ".\electrum.dat"

It seems without the -w-tag it will create a new electrum.dat. The -P-Tag doesnt search for electrum.dat in the same dir too. But i didnt test where it would create the electrum.dat. Maybe it only searchs for another filename.
Anyway... i deleted all electrum-files on drive c: and all files in the directory of electrum, except the exe, the link and the electrum.dat. And it works fine when starting with the link. There isnt something created on drive c: anymore.
I only wonder why the oldest transactions are cut and replaced with Pruned transaction outputs. There isnt a setting to change this.

                                                                       
    ▄▄███████▄▄                           ▄      ▄
   ██████████████▄                       ███    ███
  ███▀ ▄▄▄▄▄▄▄ ▀████                     ███    ███
  █████████████▄ ▀███                    ███    ███   █▄ ▄▄
   ▀████▄  ▄▄███  ▀███                   ███    ███  ▄████
   ▄███████████   ▄███                  ███    ███  ▀▀███▀▀
   ███           ▄███         ▄▄▄▄      ███    ███     █    ▄▄  ▄▄▄▄
  ▄███     ▄▄▄▄█████        ▄█████▄    ▄██▀   ▄██▀    ███   █████████
  ███▄    ████████         ▄███▀▀███   ███    ███    ███▀   █████▀████
   ███     ▀▀█████▄      ▄█████▄ ███   ███    ███    ███    ████   ███
   ███         ▀███▄     ███▀███ ███  ███▀   ███▀    ███    ███▀   ███
   ███           ███▄    ███  ▀▀ ███  ███    ███    ███▀   ▄███    ███
   ▀██▄           ███    ███▄  ▄███   ███    ███    ███    ███    ███▀
    ███           ▀███▄   ████████    ███    ███    ███    ███    ███
    ▀██            ▀████   ▀████▀      ██     ██    ▀██    ▀█▀    ▀█▀


.
.
.
        ▄▄▀                ▀▄▄
     ▄ ▀▀                    ▀▀ ▄
   ▄ ▀▀▀                      ▀▀▀ ▄
  ▄▀▀▀                          ▀▀▀▄
 ▀█▄▄                            ▄▄█▀
▄█  ▄                            ▄  █▄
▀█ █▀                            ▀█ █▀
█▄  ▄                            ▄  ▄█
▀█ █                              █ █▀
█▄   █                          █   ▄█
 ██▄█▀                          ▀█▄██
  ▀▀  ▄█                      █▄  ▀▀
  ▀██▄ ▀  █▄              ▄█  ▀ ▄██▀
    ▀▀▀   ██  █▄      ▄█  ██   ▀▀▀
     ▀███▄▄▀  ███    ███  ▀▄▄███▀
        ▀▀▀▀▄▄▄▄▀    ▀▄▄▄▄▀▀▀▀
          ▀▀█████▀▀▀▀█████▀▀
.
.
Free Bitcoins
Chat Lottery & Games
Level Up System with Rewards
▄████████▄  ▄████████▄
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
 ████████    ████████
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
▀████████▀  ▀████████▀
.
btcven
Hero Member
*****
Offline Offline

Activity: 717


Bitcoin Venezuela


View Profile WWW
March 24, 2013, 04:08:56 PM
 #6

I only wonder why the oldest transactions are cut and replaced with Pruned transaction outputs. There isnt a setting to change this.

When restoring from your seed you need to select a F (full) server to get your entire transaction history.

Also "ThomasV: * Due to an internal format change, your history may be pruned when
  you open your wallet for the first time after upgrading to 1.7.2. If
  this is the case, please visit a full server to restore your full
  history. You will only need to do that once."

https://bitcointalk.org/index.php?topic=50936.msg1667606#msg1667606

Admin: rdymac (PGP) | contacto@bitcoinvenezuela.com | @cafebitcoin | Electrum, lightweight bitcoin client
If I've been helpful tip me a coffee! Cheesy1rdymachKZpA9pTYHYHMYZjfjnoBW6B3k Bitrated user: rdymac.
ThomasV
Moderator
Legendary
*
Offline Offline

Activity: 1848



View Profile WWW
March 24, 2013, 04:09:56 PM
 #7

I only wonder why the oldest transactions are cut and replaced with Pruned transaction outputs. There isnt a setting to change this.

When restoring from your seed you need to select a F (full) server to get your entire transaction history.

please read the release notes for 1.7.2. it is explained there.

Electrum: the convenience of a web wallet, without the risks
SebastianJu
Legendary
*
Offline Offline

Activity: 1806


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
March 24, 2013, 04:57:28 PM
 #8

Thanks!

                                                                       
    ▄▄███████▄▄                           ▄      ▄
   ██████████████▄                       ███    ███
  ███▀ ▄▄▄▄▄▄▄ ▀████                     ███    ███
  █████████████▄ ▀███                    ███    ███   █▄ ▄▄
   ▀████▄  ▄▄███  ▀███                   ███    ███  ▄████
   ▄███████████   ▄███                  ███    ███  ▀▀███▀▀
   ███           ▄███         ▄▄▄▄      ███    ███     █    ▄▄  ▄▄▄▄
  ▄███     ▄▄▄▄█████        ▄█████▄    ▄██▀   ▄██▀    ███   █████████
  ███▄    ████████         ▄███▀▀███   ███    ███    ███▀   █████▀████
   ███     ▀▀█████▄      ▄█████▄ ███   ███    ███    ███    ████   ███
   ███         ▀███▄     ███▀███ ███  ███▀   ███▀    ███    ███▀   ███
   ███           ███▄    ███  ▀▀ ███  ███    ███    ███▀   ▄███    ███
   ▀██▄           ███    ███▄  ▄███   ███    ███    ███    ███    ███▀
    ███           ▀███▄   ████████    ███    ███    ███    ███    ███
    ▀██            ▀████   ▀████▀      ██     ██    ▀██    ▀█▀    ▀█▀


.
.
.
        ▄▄▀                ▀▄▄
     ▄ ▀▀                    ▀▀ ▄
   ▄ ▀▀▀                      ▀▀▀ ▄
  ▄▀▀▀                          ▀▀▀▄
 ▀█▄▄                            ▄▄█▀
▄█  ▄                            ▄  █▄
▀█ █▀                            ▀█ █▀
█▄  ▄                            ▄  ▄█
▀█ █                              █ █▀
█▄   █                          █   ▄█
 ██▄█▀                          ▀█▄██
  ▀▀  ▄█                      █▄  ▀▀
  ▀██▄ ▀  █▄              ▄█  ▀ ▄██▀
    ▀▀▀   ██  █▄      ▄█  ██   ▀▀▀
     ▀███▄▄▀  ███    ███  ▀▄▄███▀
        ▀▀▀▀▄▄▄▄▀    ▀▄▄▄▄▀▀▀▀
          ▀▀█████▀▀▀▀█████▀▀
.
.
Free Bitcoins
Chat Lottery & Games
Level Up System with Rewards
▄████████▄  ▄████████▄
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
 ████████    ████████
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
▀████████▀  ▀████████▀
.
nonsh
Newbie
*
Offline Offline

Activity: 14


View Profile
April 10, 2013, 05:12:51 PM
 #9

I only use portable versions on own computers. They're easier to backup.
dabest1
Newbie
*
Offline Offline

Activity: 26


View Profile
April 16, 2013, 12:31:57 AM
 #10

What is the difference between portable and standalone versions?
SebastianJu
Legendary
*
Offline Offline

Activity: 1806


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
April 16, 2013, 02:57:16 PM
 #11

What is the difference between portable and standalone versions?

The standalone can be put into a directory and started but the files are stored under c... users... and so on. So its not portably when you take the .exe with you because the wallet lies on the other pc.

                                                                       
    ▄▄███████▄▄                           ▄      ▄
   ██████████████▄                       ███    ███
  ███▀ ▄▄▄▄▄▄▄ ▀████                     ███    ███
  █████████████▄ ▀███                    ███    ███   █▄ ▄▄
   ▀████▄  ▄▄███  ▀███                   ███    ███  ▄████
   ▄███████████   ▄███                  ███    ███  ▀▀███▀▀
   ███           ▄███         ▄▄▄▄      ███    ███     █    ▄▄  ▄▄▄▄
  ▄███     ▄▄▄▄█████        ▄█████▄    ▄██▀   ▄██▀    ███   █████████
  ███▄    ████████         ▄███▀▀███   ███    ███    ███▀   █████▀████
   ███     ▀▀█████▄      ▄█████▄ ███   ███    ███    ███    ████   ███
   ███         ▀███▄     ███▀███ ███  ███▀   ███▀    ███    ███▀   ███
   ███           ███▄    ███  ▀▀ ███  ███    ███    ███▀   ▄███    ███
   ▀██▄           ███    ███▄  ▄███   ███    ███    ███    ███    ███▀
    ███           ▀███▄   ████████    ███    ███    ███    ███    ███
    ▀██            ▀████   ▀████▀      ██     ██    ▀██    ▀█▀    ▀█▀


.
.
.
        ▄▄▀                ▀▄▄
     ▄ ▀▀                    ▀▀ ▄
   ▄ ▀▀▀                      ▀▀▀ ▄
  ▄▀▀▀                          ▀▀▀▄
 ▀█▄▄                            ▄▄█▀
▄█  ▄                            ▄  █▄
▀█ █▀                            ▀█ █▀
█▄  ▄                            ▄  ▄█
▀█ █                              █ █▀
█▄   █                          █   ▄█
 ██▄█▀                          ▀█▄██
  ▀▀  ▄█                      █▄  ▀▀
  ▀██▄ ▀  █▄              ▄█  ▀ ▄██▀
    ▀▀▀   ██  █▄      ▄█  ██   ▀▀▀
     ▀███▄▄▀  ███    ███  ▀▄▄███▀
        ▀▀▀▀▄▄▄▄▀    ▀▄▄▄▄▀▀▀▀
          ▀▀█████▀▀▀▀█████▀▀
.
.
Free Bitcoins
Chat Lottery & Games
Level Up System with Rewards
▄████████▄  ▄████████▄
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
 ████████    ████████
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
▀████████▀  ▀████████▀
.
virtualmaster
Hero Member
*****
Offline Offline

Activity: 504



View Profile
June 02, 2013, 03:34:35 PM
 #12

Since we now have a subforum for Electrum, I am rewriting here what I already said in other threads. I hope it's more visible in its own thread.

It is not safe to use a portable version of Electrum on an insecure computer!

Don't get me wrong: I am not saying that a portable build is by itself more dangerous than a non-portable version.
However, a portable version does not bring anything more in terms of security. It does not protect you from the computer you are using.
In addition, portable builds encourage dangerous behaviour, because they make it very easy to use your wallet on third party computers, that might be infected with viruses and keyloggers.

I was never enthusiastic about distributing portable versions of Electrum.
I did it because the demand for portable versions was so high that portable builds distributed by third parties were getting popular.
That's the only reason why I accepted to distribute portable builds: I do this in order to avoid an even worse situation.


I like very much Electrum but generally  I  disagree with you.
Surely everything could be used wrong and can create false security feelings.
But generally I consider a portable version more secure and more flexible than an installed one. (if works)
Let us see some concrete examples:
- Skype released a couple of years ago a version which had a reduced functionality than the old one. Once installed the new one it was impossible to put again the old version. It couldn't be found anywhere on the internet. With portable versions you start the new version and if you don't like it then you use again the old one and you can switch as you wish.
- I use Electrum 7.1 portable and it works. Now I downloaded Electrum 8.0 and by starting is giving to me some messages that my wallet doesn't work. Should make a new wallet or repair the old ? I didn't liked any of this options and I started 7.1 again. Otherwise if not backup-ed and installed over who knows what happened with the content of the old wallet.
- I could use Electrum on a computer shared with others. To install it would require administrator priviledges. To ask from the administrator would attract attention on it and could put on risk the coins.
- Electrum is installed on a shared computer. Even in this case I would use my own portable version because on the installed one could be a spyware. Of course a key-logger would be anyway there if installed but that mostly can be fooled with onscreen-keyboard.
- I can have a laptop which is not full-encrypted. A Trucrypt container can be put in the dropbox order(backup is also solved instantly) and there could be not only the wallet but the portable application also. If I have the application outside of the container somebody could boot the laptop from a CD(or access it  from a hacked dropbox account) and install a spyware on the application. So I have more security if the application is also inside of the container.

Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
Namecoinia.org  -  take the planet in your hands
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba   |  NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
novusordo
Sr. Member
****
Offline Offline

Activity: 337



View Profile
June 25, 2013, 06:52:37 PM
 #13

It'll be nice when portable hardware wallets like the Trezor become more widespread, then this won't be as much of a concern.

Time is more valuable than money. You can get more money, but you cannot get more time.
GPG | OTC
btcven
Hero Member
*****
Offline Offline

Activity: 717


Bitcoin Venezuela


View Profile WWW
June 26, 2013, 04:44:40 PM
 #14

You mean 1.7 and 1.8

.
.
.
- I use Electrum 7.1 portable and it works. Now I downloaded Electrum 8.0 and by starting is giving to me some messages that my wallet doesn't work. Should make a new wallet or repair the old ? I didn't liked any of this options and I started 7.1 again. Otherwise if not backup-ed and installed over who knows what happened with the content of the old wallet.
.
.
.

Running a portable version from an encrypted drive on a infected laptop is dumb. All that security to finally run from a unknown computer that likely has a key logger and a lot of viruses / trojans / spywares... Good luck

Admin: rdymac (PGP) | contacto@bitcoinvenezuela.com | @cafebitcoin | Electrum, lightweight bitcoin client
If I've been helpful tip me a coffee! Cheesy1rdymachKZpA9pTYHYHMYZjfjnoBW6B3k Bitrated user: rdymac.
GODLIKE
Sr. Member
****
Offline Offline

Activity: 434

LOL what you looking at?


View Profile
June 29, 2014, 08:04:11 PM
 #15

Could you add an image based password?
That would make it perfect, probably.

BITCOIN FOREVER news aggregator: only the most important news on the cryptoworld!
dabura667
Sr. Member
****
Offline Offline

Activity: 478


View Profile
June 30, 2014, 11:57:05 AM
 #16

Could you add an image based password?

What is that?

My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
SebastianJu
Legendary
*
Offline Offline

Activity: 1806


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
June 30, 2014, 04:39:55 PM
 #17

Could you add an image based password?

What is that?

Using an image file. But i think its risky. The system would know files you often use. If you have a hybrid disc its even easier.

                                                                       
    ▄▄███████▄▄                           ▄      ▄
   ██████████████▄                       ███    ███
  ███▀ ▄▄▄▄▄▄▄ ▀████                     ███    ███
  █████████████▄ ▀███                    ███    ███   █▄ ▄▄
   ▀████▄  ▄▄███  ▀███                   ███    ███  ▄████
   ▄███████████   ▄███                  ███    ███  ▀▀███▀▀
   ███           ▄███         ▄▄▄▄      ███    ███     █    ▄▄  ▄▄▄▄
  ▄███     ▄▄▄▄█████        ▄█████▄    ▄██▀   ▄██▀    ███   █████████
  ███▄    ████████         ▄███▀▀███   ███    ███    ███▀   █████▀████
   ███     ▀▀█████▄      ▄█████▄ ███   ███    ███    ███    ████   ███
   ███         ▀███▄     ███▀███ ███  ███▀   ███▀    ███    ███▀   ███
   ███           ███▄    ███  ▀▀ ███  ███    ███    ███▀   ▄███    ███
   ▀██▄           ███    ███▄  ▄███   ███    ███    ███    ███    ███▀
    ███           ▀███▄   ████████    ███    ███    ███    ███    ███
    ▀██            ▀████   ▀████▀      ██     ██    ▀██    ▀█▀    ▀█▀


.
.
.
        ▄▄▀                ▀▄▄
     ▄ ▀▀                    ▀▀ ▄
   ▄ ▀▀▀                      ▀▀▀ ▄
  ▄▀▀▀                          ▀▀▀▄
 ▀█▄▄                            ▄▄█▀
▄█  ▄                            ▄  █▄
▀█ █▀                            ▀█ █▀
█▄  ▄                            ▄  ▄█
▀█ █                              █ █▀
█▄   █                          █   ▄█
 ██▄█▀                          ▀█▄██
  ▀▀  ▄█                      █▄  ▀▀
  ▀██▄ ▀  █▄              ▄█  ▀ ▄██▀
    ▀▀▀   ██  █▄      ▄█  ██   ▀▀▀
     ▀███▄▄▀  ███    ███  ▀▄▄███▀
        ▀▀▀▀▄▄▄▄▀    ▀▄▄▄▄▀▀▀▀
          ▀▀█████▀▀▀▀█████▀▀
.
.
Free Bitcoins
Chat Lottery & Games
Level Up System with Rewards
▄████████▄  ▄████████▄
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
 ████████    ████████
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
▀████████▀  ▀████████▀
.
btcven
Hero Member
*****
Offline Offline

Activity: 717


Bitcoin Venezuela


View Profile WWW
July 01, 2014, 05:35:30 PM
 #18

Could you add an image based password?
That would make it perfect, probably.


Be careful with that. The system writes metadata into images (last date opened, last day modified) you will probably lose access to your wallet in a few weeks of use.

Admin: rdymac (PGP) | contacto@bitcoinvenezuela.com | @cafebitcoin | Electrum, lightweight bitcoin client
If I've been helpful tip me a coffee! Cheesy1rdymachKZpA9pTYHYHMYZjfjnoBW6B3k Bitrated user: rdymac.
jackjjohnson
Newbie
*
Offline Offline

Activity: 10


View Profile
July 02, 2014, 12:12:03 AM
 #19

I've been using 1.9.8 (not a portable version) on a Tails USB key. You can funnel it through Tor nodes, but it requires for some kind souls to keep an Electrum server up on a Tor node. Unfortunately the .onion/Electrum servers seem to be infrequent.

If you use the -1 switch, it keeps it from trying other servers.

I consider this to be very secure. You could be on the most infected computer in the world, and it can't touch this. A hardware keylogger would be the only possible way to lose your passwords, and Tails has several virtual keyboards or Keepass that will defeat that.
SebastianJu
Legendary
*
Offline Offline

Activity: 1806


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
July 02, 2014, 10:57:05 AM
 #20

I've been using 1.9.8 (not a portable version) on a Tails USB key. You can funnel it through Tor nodes, but it requires for some kind souls to keep an Electrum server up on a Tor node. Unfortunately the .onion/Electrum servers seem to be infrequent.

If you use the -1 switch, it keeps it from trying other servers.

I consider this to be very secure. You could be on the most infected computer in the world, and it can't touch this. A hardware keylogger would be the only possible way to lose your passwords, and Tails has several virtual keyboards or Keepass that will defeat that.

Malware could replace the electrum.exe with one that reveals everything. I suggest not to be uncautious.

Why do you need to use onion servers? By using tor you still can use all normal servers. Or do you want to have a server whose location is unknown to authorities?

                                                                       
    ▄▄███████▄▄                           ▄      ▄
   ██████████████▄                       ███    ███
  ███▀ ▄▄▄▄▄▄▄ ▀████                     ███    ███
  █████████████▄ ▀███                    ███    ███   █▄ ▄▄
   ▀████▄  ▄▄███  ▀███                   ███    ███  ▄████
   ▄███████████   ▄███                  ███    ███  ▀▀███▀▀
   ███           ▄███         ▄▄▄▄      ███    ███     █    ▄▄  ▄▄▄▄
  ▄███     ▄▄▄▄█████        ▄█████▄    ▄██▀   ▄██▀    ███   █████████
  ███▄    ████████         ▄███▀▀███   ███    ███    ███▀   █████▀████
   ███     ▀▀█████▄      ▄█████▄ ███   ███    ███    ███    ████   ███
   ███         ▀███▄     ███▀███ ███  ███▀   ███▀    ███    ███▀   ███
   ███           ███▄    ███  ▀▀ ███  ███    ███    ███▀   ▄███    ███
   ▀██▄           ███    ███▄  ▄███   ███    ███    ███    ███    ███▀
    ███           ▀███▄   ████████    ███    ███    ███    ███    ███
    ▀██            ▀████   ▀████▀      ██     ██    ▀██    ▀█▀    ▀█▀


.
.
.
        ▄▄▀                ▀▄▄
     ▄ ▀▀                    ▀▀ ▄
   ▄ ▀▀▀                      ▀▀▀ ▄
  ▄▀▀▀                          ▀▀▀▄
 ▀█▄▄                            ▄▄█▀
▄█  ▄                            ▄  █▄
▀█ █▀                            ▀█ █▀
█▄  ▄                            ▄  ▄█
▀█ █                              █ █▀
█▄   █                          █   ▄█
 ██▄█▀                          ▀█▄██
  ▀▀  ▄█                      █▄  ▀▀
  ▀██▄ ▀  █▄              ▄█  ▀ ▄██▀
    ▀▀▀   ██  █▄      ▄█  ██   ▀▀▀
     ▀███▄▄▀  ███    ███  ▀▄▄███▀
        ▀▀▀▀▄▄▄▄▀    ▀▄▄▄▄▀▀▀▀
          ▀▀█████▀▀▀▀█████▀▀
.
.
Free Bitcoins
Chat Lottery & Games
Level Up System with Rewards
▄████████▄  ▄████████▄
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
 ████████    ████████
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
▀████████▀  ▀████████▀
.
jackjjohnson
Newbie
*
Offline Offline

Activity: 10


View Profile
August 22, 2014, 04:11:07 PM
 #21

Sorry for so long in replying. Tails is a relatively hardened Linux, there is not an electrum.exe on the system. I compiled the executable from source code, and store an MD5sum checksum of the executable in another location in the encrypted storage. It takes 10 seconds to run md5sum  /path/to/electrum so that I can verify it is exactly the same one every time. The Tails USB stick's main use is for bitcoin, no casual browsing, and never any personal email/social networks, etc. I am confident in my ability to use it without getting malware.

My goal was to have a portable USB OS to be as secure as I can make it, to use with Bitcoin. At the same time, I don't want to have a One, Vital, Important Stick That I Cannot Lose.  I image the stick with the dd command (from another running and secure Linux), and can make one big file that I can recreate the USB key from. I have many of them in different locations. If I do lose it, the encrypted parts use a very long password. If it's lost, I have only lost a few euros worth of USB stick, not my information.

My interest in using .onion/Electrum servers is not because I am working with any large amount of BTC at all (to the contrary!) It is just part of this ongoing experiment in making it as secure and private as I can.
jackjjohnson
Newbie
*
Offline Offline

Activity: 10


View Profile
August 25, 2014, 05:27:26 PM
 #22

I was incorrect in my description above. I have only been making images from my existing install for some time, had forgotten details until I set up another fresh one recently. Of course I did not compile from source, this is all python. I get the tarred source, and run the executable from that. As long as the MD5sum from Electrum-1.9.8.tar.gz matches the site, and you checksum the executable each time you run it, you are 100% assured you are not running a trojaned version.

I recently set up the Electrum LTC client on Tails as well. Great job, devs, thank you for your work.
jamesjamison597
Newbie
*
Offline Offline

Activity: 9


View Profile
November 07, 2014, 11:43:02 AM
 #23

Since we now have a subforum for Electrum, I am rewriting here what I already said in other threads. I hope it's more visible in its own thread.

It is not safe to use a portable version of Electrum on an insecure computer!

Don't get me wrong: I am not saying that a portable build is by itself more dangerous than a non-portable version.
However, a portable version does not bring anything more in terms of security. It does not protect you from the computer you are using.
In addition, portable builds encourage dangerous behaviour, because they make it very easy to use your wallet on third party computers, that might be infected with viruses and keyloggers.

I was never enthusiastic about distributing portable versions of Electrum.
I did it because the demand for portable versions was so high that portable builds distributed by third parties were getting popular.
That's the only reason why I accepted to distribute portable builds: I do this in order to avoid an even worse situation.



using this vertsion is ok..if theres a higher version let me know...BTC
Elliander
Jr. Member
*
Offline Offline

Activity: 32


View Profile
December 16, 2014, 05:54:47 PM
 #24

I think it would be interesting if a single install could create both a portable version that works just by plugging the USB into a computer and also a boot version which works by booting from USB. My reasoning is that, when possible, it would obviously be preferrable to boot into a secure environment, but that might not be practical in all situations.

Personally though, my main concern is using a portable version on a public computer. You can't boot from USB, but you can run it. There won't be a virus to worry about because these computers are instanced so that each day it refreshes and no unauthorized programs can be installed. The problem is two fold: First, if administrative access is required it would never work. Second, these computers are usually monitored.

With college or library computer labs there is usually someone on duty who can actully look at your screen from a remote device at any time and record your behavior. In fact, at my college, it isn't just a chance. They definitely will review what you are doing. In theory, a malicious user could copy down your addresses and funds to associate with an identey which takes away anonymity. This scenario is more likely at Library computers that often give similar access to the FBI.

For this scenario I think portable version should have a default setting of hiding address while leaving address labels visible. That way if you are just checking your balances you will know how much money was sent to which address and when without anyone else being able to see those addresses. Call it a stealth mode. It could even be set up to allow you to copy an address to clip board without showing the address. Of course, once added to clip board and pasted it will obviously be visible, but if the user only does this with one time use addresses it would still provide better security than turning off stealth mode to handle such transactions.

Two other thoughts: Couldn't a proxy program be integrated with a list of safe addresses and then have the program use a random rotating IP address so that when transactions are sent or received there is no connection an IP address to multiple addresses which might later be used to figure out the seed or otherwise compromise privacy? And couldn't the security features of Dark Wallet's Stealth and CoinJoin be applied at some point?

Finally, for portable versions - or all versions really - why not implement some kind of a file checksum? A non writable file could contain the information needed to check the integrity of the executable to make sure that it hasn't been compromised and for added security maybe even a mirror of the executable could run at the same time? Borrowing a trick from virus behavior, if one file is deleted or modified in any way outside of normal user behavior the other one repairs it. In this way a malicious program would need to modify both simultaneously and even then the checksum could be set to run when it opens and right before it exits to alert the user that the file was compromised at the very least.

I think the extra security of all these features together would help protect users who hae a need to use portable modes and would also help protect people who install onto their own machines that later become compromised. Is it feasible though?

Immortal until proven otherwise.
tema
Hero Member
*****
Offline Offline

Activity: 572



View Profile WWW
February 11, 2015, 02:39:29 PM
 #25

 Hello! I think it would be a good idea to add TOTP (Time-based One Time Password Algorithm, RFC 6238)

✔ Freedom ✔ Reliability ✔ Global accessibility BITCOIN ✔ Trust and Integrity ✔ Independence
btcminer021
Member
**
Offline Offline

Activity: 98


Mine hard!


View Profile
February 23, 2015, 03:33:24 AM
 #26

I don't think you need to maintain the "Standalone" version. Portable is great. Thanks!

▲▼▲▼▲▼▲▼  No.1 Bitcoin Binary Options and Double Dice  ▲▼▲▼▲▼▲▼
████████████████████████████████  sec◔nds trade  ████████████████████████████████
↑↓ Instant Bets ↑↓ Flexible 1~720 minutes Expiry time ↑↓ Highest Reward 190% ↑↓ 16 Assets [btc, forex, gold, 1% edge double dice] ↑↓
tema
Hero Member
*****
Offline Offline

Activity: 572



View Profile WWW
March 04, 2015, 02:23:59 PM
 #27

I don't think you need to maintain the "Standalone" version. Portable is great. Thanks!

 what is the difference between Standalone Executable and Portable?

✔ Freedom ✔ Reliability ✔ Global accessibility BITCOIN ✔ Trust and Integrity ✔ Independence
Muhammed Zakir
Hero Member
*****
Offline Offline

Activity: 518


Bit-x.com - Fast & Easy Trade with Low Fees!


View Profile WWW
March 08, 2015, 09:32:01 AM
 #28

I think 'Standalone' will only have 1 .exe file and all the datas(wallets and other datas) will be in AppData. But 'Portable' Electrum put all the files in the folder from which Electrum is running, say USB. So whatever computers you use, all the files will still be in the USB.

   -MZ

GODLIKE
Sr. Member
****
Offline Offline

Activity: 434

LOL what you looking at?


View Profile
August 03, 2015, 06:04:12 AM
 #29

Since we now have a subforum for Electrum, I am rewriting here what I already said in other threads. I hope it's more visible in its own thread.

It is not safe to use a portable version of Electrum on an insecure computer!

Don't get me wrong: I am not saying that a portable build is by itself more dangerous than a non-portable version.
However, a portable version does not bring anything more in terms of security. It does not protect you from the computer you are using.
In addition, portable builds encourage dangerous behaviour, because they make it very easy to use your wallet on third party computers, that might be infected with viruses and keyloggers.

I was never enthusiastic about distributing portable versions of Electrum.
I did it because the demand for portable versions was so high that portable builds distributed by third parties were getting popular.
That's the only reason why I accepted to distribute portable builds: I do this in order to avoid an even worse situation.



About keyloggers: why don't you implement a visual (mouse clicking) access check?

BITCOIN FOREVER news aggregator: only the most important news on the cryptoworld!
Muhammed Zakir
Hero Member
*****
Offline Offline

Activity: 518


Bit-x.com - Fast & Easy Trade with Low Fees!


View Profile WWW
August 05, 2015, 12:21:29 PM
 #30

About keyloggers: why don't you implement a visual (mouse clicking) access check?

Movements of mouse or clicks can also be recorded. However, you can reduce it by using a scrambled virtual keyboard. But still, most users prefer to use their keyboards.

Note that, ThomasV has explicitly mentioned that portable build is not dangerous by itself. It is just like other builds but it encourages dangerous behaviour.

-snip-

It is not safe to use a portable version of Electrum on an insecure computer!

Don't get me wrong: I am not saying that a portable build is by itself more dangerous than a non-portable version.

 -snip-

In addition, portable builds encourage dangerous behaviour, because they make it very easy to use your wallet on third party computers, that might be infected with viruses and keyloggers.

 -snip-

chentron
Member
**
Offline Offline

Activity: 83


View Profile
September 13, 2015, 01:28:14 PM
 #31

Please, where is the last portable version for windows ?
Stn
Full Member
***
Offline Offline

Activity: 232


View Profile
September 15, 2015, 08:58:43 AM
 #32

I won't be arguing about security. But i have remark about behavior of the portable version. When this version by default creates wallet somewhere deep in the guts of OS where is portability here? I believe that really portable version should handle data file in the same folder where executable is.

I know there is way to assign wallet file from a defined folder. But not create one. Also there are plenty people who able to backup folder with his/her data, but not that many of them able to write shell file to assign wallet file for this binary. Ask them to find where wallet was created and it will be a real challenge.

Portable version should be really portable, otherwise what is the difference with installation?
3888
Newbie
*
Offline Offline

Activity: 20


View Profile
September 16, 2015, 01:19:58 PM
 #33

I won't be arguing about security. But i have remark about behavior of the portable version. When this version by default creates wallet somewhere deep in the guts of OS where is portability here? I believe that really portable version should handle data file in the same folder where executable is.

I know there is way to assign wallet file from a defined folder. But not create one. Also there are plenty people who able to backup folder with his/her data, but not that many of them able to write shell file to assign wallet file for this binary. Ask them to find where wallet was created and it will be a real challenge.

Portable version should be really portable, otherwise what is the difference with installation?

The portable version was 'fully' portable up to and including version 2.3.2 meaning that it created all the data folders, files and wallets within the folder from where the exe was started. You could thus copy the electrum portable exe file to a usb drive, start it up and it would create all the folders, files and wallets in the same location on the usb drive which made it 'portable'.

The later versions of Electrum-BTC however no longer functions like this. The latest binaries that were released do not even support Trezor anymore so not to sure what is going on with Electrum but I'm personally not very impressed with the way things are going. The 2.4 binaries have been out almost a month already and still no update to add back in support for hardware wallets.

Electrum_LTC portable on the other hand works as it should. Even the latest version, 2.4.3.1 works just fine, whether portable and or install versions. The portable version creates and or uses the folders, files and wallets within the same directory.

Not sure why Electrum-BTC no longer works that way as Electrum-LTC is essentially a clone of it so not sure why the LTC version can work properly, including with all supported hardware wallets, while the BTC version seems crippled.
SebastianJu
Legendary
*
Offline Offline

Activity: 1806


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
September 16, 2015, 01:52:11 PM
 #34

Electrum_LTC portable on the other hand works as it should. Even the latest version, 2.4.3.1 works just fine, whether portable and or install versions. The portable version creates and or uses the folders, files and wallets within the same directory.

Hm, i did not know there is an LTC Version and that there already exists a portable version for 2.4.3.1. I'm puzzled why that is so. Is the team coding on both versions different?

I sometimes have the impression that old errors, that already had been fixed once, were reimplemented. For example the missing socks setting looks like such. I think i already have seen that error fixed some months ago.

                                                                       
    ▄▄███████▄▄                           ▄      ▄
   ██████████████▄                       ███    ███
  ███▀ ▄▄▄▄▄▄▄ ▀████                     ███    ███
  █████████████▄ ▀███                    ███    ███   █▄ ▄▄
   ▀████▄  ▄▄███  ▀███                   ███    ███  ▄████
   ▄███████████   ▄███                  ███    ███  ▀▀███▀▀
   ███           ▄███         ▄▄▄▄      ███    ███     █    ▄▄  ▄▄▄▄
  ▄███     ▄▄▄▄█████        ▄█████▄    ▄██▀   ▄██▀    ███   █████████
  ███▄    ████████         ▄███▀▀███   ███    ███    ███▀   █████▀████
   ███     ▀▀█████▄      ▄█████▄ ███   ███    ███    ███    ████   ███
   ███         ▀███▄     ███▀███ ███  ███▀   ███▀    ███    ███▀   ███
   ███           ███▄    ███  ▀▀ ███  ███    ███    ███▀   ▄███    ███
   ▀██▄           ███    ███▄  ▄███   ███    ███    ███    ███    ███▀
    ███           ▀███▄   ████████    ███    ███    ███    ███    ███
    ▀██            ▀████   ▀████▀      ██     ██    ▀██    ▀█▀    ▀█▀


.
.
.
        ▄▄▀                ▀▄▄
     ▄ ▀▀                    ▀▀ ▄
   ▄ ▀▀▀                      ▀▀▀ ▄
  ▄▀▀▀                          ▀▀▀▄
 ▀█▄▄                            ▄▄█▀
▄█  ▄                            ▄  █▄
▀█ █▀                            ▀█ █▀
█▄  ▄                            ▄  ▄█
▀█ █                              █ █▀
█▄   █                          █   ▄█
 ██▄█▀                          ▀█▄██
  ▀▀  ▄█                      █▄  ▀▀
  ▀██▄ ▀  █▄              ▄█  ▀ ▄██▀
    ▀▀▀   ██  █▄      ▄█  ██   ▀▀▀
     ▀███▄▄▀  ███    ███  ▀▄▄███▀
        ▀▀▀▀▄▄▄▄▀    ▀▄▄▄▄▀▀▀▀
          ▀▀█████▀▀▀▀█████▀▀
.
.
Free Bitcoins
Chat Lottery & Games
Level Up System with Rewards
▄████████▄  ▄████████▄
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
 ████████    ████████
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
▀████████▀  ▀████████▀
.
3888
Newbie
*
Offline Offline

Activity: 20


View Profile
September 16, 2015, 02:29:07 PM
 #35

Electrum_LTC portable on the other hand works as it should. Even the latest version, 2.4.3.1 works just fine, whether portable and or install versions. The portable version creates and or uses the folders, files and wallets within the same directory.

Hm, i did not know there is an LTC Version and that there already exists a portable version for 2.4.3.1. I'm puzzled why that is so. Is the team coding on both versions different?

I sometimes have the impression that old errors, that already had been fixed once, were reimplemented. For example the missing socks setting looks like such. I think i already have seen that error fixed some months ago.

Below are the links to the LTC version website and their downloads.

The current BTC version is on 2.4.4. and the latest LTC is on 2.4.3.1.The BTC version, for Windows, have no support hardware wallets and the account labels (used with multiple account like when you have a Trezor) still does not work. The LTC version (which is actually behind) have full hardware wallet support and the account labels works perfectly.

So I'm currently running 2.3.2 for the BTC version as I have a Trezor and 2.3.2 is the last stand alone that works properly and which have hardware wallet support. On LTC I run the latest version (2.4.3.1) without any problems with the stand alone version.

I posted earlier that the current BTC version is now essentially cripple ware in so far as a Windows/Trezor user is concerned.

https://electrum-ltc.org/

https://electrum-ltc.org/download/
BitcoinNewsMagazine
Hero Member
*****
Offline Offline

Activity: 798



View Profile WWW
October 28, 2015, 01:28:04 AM
 #36

Latest Electrum 2.5.1 Portable with Trezor and Ledger support is available for download thanks ThomasV!

SebastianJu
Legendary
*
Offline Offline

Activity: 1806


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
October 28, 2015, 06:47:08 PM
 #37

Latest Electrum 2.5.1 Portable with Trezor and Ledger support is available for download thanks ThomasV!

Sounds great. Thanks ThomasV. Guess the next big building lot is the server software which had big problems with the spam attacks.

                                                                       
    ▄▄███████▄▄                           ▄      ▄
   ██████████████▄                       ███    ███
  ███▀ ▄▄▄▄▄▄▄ ▀████                     ███    ███
  █████████████▄ ▀███                    ███    ███   █▄ ▄▄
   ▀████▄  ▄▄███  ▀███                   ███    ███  ▄████
   ▄███████████   ▄███                  ███    ███  ▀▀███▀▀
   ███           ▄███         ▄▄▄▄      ███    ███     █    ▄▄  ▄▄▄▄
  ▄███     ▄▄▄▄█████        ▄█████▄    ▄██▀   ▄██▀    ███   █████████
  ███▄    ████████         ▄███▀▀███   ███    ███    ███▀   █████▀████
   ███     ▀▀█████▄      ▄█████▄ ███   ███    ███    ███    ████   ███
   ███         ▀███▄     ███▀███ ███  ███▀   ███▀    ███    ███▀   ███
   ███           ███▄    ███  ▀▀ ███  ███    ███    ███▀   ▄███    ███
   ▀██▄           ███    ███▄  ▄███   ███    ███    ███    ███    ███▀
    ███           ▀███▄   ████████    ███    ███    ███    ███    ███
    ▀██            ▀████   ▀████▀      ██     ██    ▀██    ▀█▀    ▀█▀


.
.
.
        ▄▄▀                ▀▄▄
     ▄ ▀▀                    ▀▀ ▄
   ▄ ▀▀▀                      ▀▀▀ ▄
  ▄▀▀▀                          ▀▀▀▄
 ▀█▄▄                            ▄▄█▀
▄█  ▄                            ▄  █▄
▀█ █▀                            ▀█ █▀
█▄  ▄                            ▄  ▄█
▀█ █                              █ █▀
█▄   █                          █   ▄█
 ██▄█▀                          ▀█▄██
  ▀▀  ▄█                      █▄  ▀▀
  ▀██▄ ▀  █▄              ▄█  ▀ ▄██▀
    ▀▀▀   ██  █▄      ▄█  ██   ▀▀▀
     ▀███▄▄▀  ███    ███  ▀▄▄███▀
        ▀▀▀▀▄▄▄▄▀    ▀▄▄▄▄▀▀▀▀
          ▀▀█████▀▀▀▀█████▀▀
.
.
Free Bitcoins
Chat Lottery & Games
Level Up System with Rewards
▄████████▄  ▄████████▄
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
 ████████    ████████
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
▀████████▀  ▀████████▀
.
SebastianJu
Legendary
*
Offline Offline

Activity: 1806


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
November 05, 2015, 04:39:50 PM
 #38

I found some small bugs in the portable version.

I can not change the language. Regardless what i try.

I can not import private keys. There are only sweep and export options. And sweep sounds like a highly dangerous option.

I'm not sure but i believe the satoshi per kb option was set back by upgrading. I first thought it is an automatic calculation depending on net load that raised the fee but it is only satoshi per kb? Not sure yet.

                                                                       
    ▄▄███████▄▄                           ▄      ▄
   ██████████████▄                       ███    ███
  ███▀ ▄▄▄▄▄▄▄ ▀████                     ███    ███
  █████████████▄ ▀███                    ███    ███   █▄ ▄▄
   ▀████▄  ▄▄███  ▀███                   ███    ███  ▄████
   ▄███████████   ▄███                  ███    ███  ▀▀███▀▀
   ███           ▄███         ▄▄▄▄      ███    ███     █    ▄▄  ▄▄▄▄
  ▄███     ▄▄▄▄█████        ▄█████▄    ▄██▀   ▄██▀    ███   █████████
  ███▄    ████████         ▄███▀▀███   ███    ███    ███▀   █████▀████
   ███     ▀▀█████▄      ▄█████▄ ███   ███    ███    ███    ████   ███
   ███         ▀███▄     ███▀███ ███  ███▀   ███▀    ███    ███▀   ███
   ███           ███▄    ███  ▀▀ ███  ███    ███    ███▀   ▄███    ███
   ▀██▄           ███    ███▄  ▄███   ███    ███    ███    ███    ███▀
    ███           ▀███▄   ████████    ███    ███    ███    ███    ███
    ▀██            ▀████   ▀████▀      ██     ██    ▀██    ▀█▀    ▀█▀


.
.
.
        ▄▄▀                ▀▄▄
     ▄ ▀▀                    ▀▀ ▄
   ▄ ▀▀▀                      ▀▀▀ ▄
  ▄▀▀▀                          ▀▀▀▄
 ▀█▄▄                            ▄▄█▀
▄█  ▄                            ▄  █▄
▀█ █▀                            ▀█ █▀
█▄  ▄                            ▄  ▄█
▀█ █                              █ █▀
█▄   █                          █   ▄█
 ██▄█▀                          ▀█▄██
  ▀▀  ▄█                      █▄  ▀▀
  ▀██▄ ▀  █▄              ▄█  ▀ ▄██▀
    ▀▀▀   ██  █▄      ▄█  ██   ▀▀▀
     ▀███▄▄▀  ███    ███  ▀▄▄███▀
        ▀▀▀▀▄▄▄▄▀    ▀▄▄▄▄▀▀▀▀
          ▀▀█████▀▀▀▀█████▀▀
.
.
Free Bitcoins
Chat Lottery & Games
Level Up System with Rewards
▄████████▄  ▄████████▄
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
 ████████    ████████
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
██      ██  ██      ██
▀████████▀  ▀████████▀
.
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 316



View Profile WWW
February 10, 2016, 03:56:31 AM
 #39

Portable version user here. Cold wallet that uses Electrum live and a FIPS USB drive with isolated crypto for wallet storage. Electrum is signed and jailed.. No NIC on when booting for signing.

Have fun showing me how vulnerable I am..

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
RealBitcoin
Hero Member
*****
Offline Offline

Activity: 742

Bitcoin is Money!


View Profile WWW
February 20, 2016, 07:35:09 AM
 #40

calculate the checksum of the electrum file, and put it in a text file next to it, and rename that file to something like blablabla.txt

that way every time you run it, you can check if it has been replaced with a malicious one or not. It works for me, so it should work for you.

And if you rename the file to a random stuff, then the virus wont know whats in the txt file.


Also rename the electrum executable too to something random.

"We cannot solve our problems with the same thinking we used when we created them." - Albert Einstein
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 316



View Profile WWW
February 20, 2016, 10:05:40 PM
 #41

calculate the checksum of the electrum file, and put it in a text file next to it, and rename that file to something like blablabla.txt

that way every time you run it, you can check if it has been replaced with a malicious one or not. It works for me, so it should work for you.

And if you rename the file to a random stuff, then the virus wont know whats in the txt file.


Also rename the electrum executable too to something random.

Just put a MD5 or SHA3 hash in any file anywhere(neither have practical collisions).

Disc image patching isn't where I the attacker am going to attack. I'm going to inline patch UI callbacks post-execution by using debug APIs on Windows, Linux, and OSX. You can't do this on Android or IOS without paring internal "services" to allow trans-sandbox communication and even then you have to give the attacker memory through mailbox buffers..

Jails and memory corruption protection on Linux and OSX and a special user and owning folder and EFS and DEP for Windows 7/8/10. Along with that hash. It'd take a specialized rootkit to get past this which rootkit authors probably won't do unless it become a big trend.

Things will get better when AMD gets something like SkyLake's SGX. This is basically like Truszone in IOS and Anroid by ARM. You'll be able to isolate processes with hardware protection and not even rootkits can interact..

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
RealBitcoin
Hero Member
*****
Offline Offline

Activity: 742

Bitcoin is Money!


View Profile WWW
February 21, 2016, 08:14:46 AM
 #42



Just put a MD5 or SHA3 hash in any file anywhere(neither have practical collisions).

Disc image patching isn't where I the attacker am going to attack. I'm going to inline patch UI callbacks post-execution by using debug APIs on Windows, Linux, and OSX. You can't do this on Android or IOS without paring internal "services" to allow trans-sandbox communication and even then you have to give the attacker memory through mailbox buffers..

Jails and memory corruption protection on Linux and OSX and a special user and owning folder and EFS and DEP for Windows 7/8/10. Along with that hash. It'd take a specialized rootkit to get past this which rootkit authors probably won't do unless it become a big trend.

Things will get better when AMD gets something like SkyLake's SGX. This is basically like Truszone in IOS and Anroid by ARM. You'll be able to isolate processes with hardware protection and not even rootkits can interact..

Ok that sounds complicated and i dont really understand, but what i get is that you will attack post execution by corrupting my memory.

Ok but for that you still need some pre-installed malware on the PC, a trojan , that will allow you to do this and remote control my pc like this.

As with any virus, first you need to get your virus on the PC, and then attack like this.


Any electrum user with a quarter brain knows not to download shit or open random links if they have money on their PC.

So how would you get the virus on the PC?

"We cannot solve our problems with the same thinking we used when we created them." - Albert Einstein
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 316



View Profile WWW
February 21, 2016, 08:08:23 PM
 #43



Just put a MD5 or SHA3 hash in any file anywhere(neither have practical collisions).

Disc image patching isn't where I the attacker am going to attack. I'm going to inline patch UI callbacks post-execution by using debug APIs on Windows, Linux, and OSX. You can't do this on Android or IOS without paring internal "services" to allow trans-sandbox communication and even then you have to give the attacker memory through mailbox buffers..

Jails and memory corruption protection on Linux and OSX and a special user and owning folder and EFS and DEP for Windows 7/8/10. Along with that hash. It'd take a specialized rootkit to get past this which rootkit authors probably won't do unless it become a big trend.

Things will get better when AMD gets something like SkyLake's SGX. This is basically like Truszone in IOS and Anroid by ARM. You'll be able to isolate processes with hardware protection and not even rootkits can interact..

Ok that sounds complicated and i dont really understand, but what i get is that you will attack post execution by corrupting my memory.

Ok but for that you still need some pre-installed malware on the PC, a trojan , that will allow you to do this and remote control my pc like this.

As with any virus, first you need to get your virus on the PC, and then attack like this.


Any electrum user with a quarter brain knows not to download shit or open random links if they have money on their PC.

So how would you get the virus on the PC?

"pre-installed" what? My process just has to run and intercept any time you put in the encryption data to unlock the wallet..

How do I get it on your box with the wallet software?
  • Ads and zero-day
  • zero-day or MITM via DNS hijack
  • zero-day or MITM via TOR entry or exit nodes
  • Header parsing zero-day in your POP3 or IMAP client
  • "spear-phishing"
  • infect something on a USB drive and wait for you to use it if you use an air-gap(works with crypto drives too)
  • MITM non-TLS non-signed executable over subnet box via AP or infected box
  • Brute-force RPC or try SMB zero-day on subnet or AP
A FUD packer or uncommon compiler or compiler-switches so your AV doesn't detect it before I detect and kill your AV or quit before HIPS detects it.

There are others too like Manufacturing backdoors and codec vulnerabilities.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
RealBitcoin
Hero Member
*****
Offline Offline

Activity: 742

Bitcoin is Money!


View Profile WWW
February 22, 2016, 08:50:04 AM
 #44


"pre-installed" what? My process just has to run and intercept any time you put in the encryption data to unlock the wallet..

How do I get it on your box with the wallet software?
  • Ads and zero-day
  • zero-day or MITM via DNS hijack
  • zero-day or MITM via TOR entry or exit nodes
  • Header parsing zero-day in your POP3 or IMAP client
  • "spear-phishing"
  • infect something on a USB drive and wait for you to use it if you use an air-gap(works with crypto drives too)
  • MITM non-TLS non-signed executable over subnet box via AP or infected box
  • Brute-force RPC or try SMB zero-day on subnet or AP
A FUD packer or uncommon compiler or compiler-switches so your AV doesn't detect it before I detect and kill your AV or quit before HIPS detects it.

There are others too like Manufacturing backdoors and codec vulnerabilities.

Pretty large threats exist there. Do you know any ways to defend against these attacks?

What if electrum needs some king of memory obfuscation system, to hide it's computations in the memory so that viruses can't detect it. And rename the process name of it to a random name as well.


"We cannot solve our problems with the same thinking we used when we created them." - Albert Einstein
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 316



View Profile WWW
February 22, 2016, 08:54:16 PM
 #45


Pretty large threats exist there. Do you know any ways to defend against these attacks?

What if electrum needs some king of memory obfuscation system, to hide it's computations in the memory so that viruses can't detect it. And rename the process name of it to a random name as well.



Stop believing in "secure coding practices" and "secure design" and start believing in OSS hardware isolation with low-complexity.

TREZOR without the dishonest price-tag.. It's open source and the only way you can attack it is through memory corruption and a ARM payload that sends keys back over USB.

I don't have the funding else I could emulate their hardware with any cheap hardware. I've looked at the GIT changes for Electrum it's not hard to do. No way I'm paying $100 for a $10 piece of hardware though..

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
RealBitcoin
Hero Member
*****
Offline Offline

Activity: 742

Bitcoin is Money!


View Profile WWW
February 22, 2016, 10:12:31 PM
 #46


Pretty large threats exist there. Do you know any ways to defend against these attacks?

What if electrum needs some king of memory obfuscation system, to hide it's computations in the memory so that viruses can't detect it. And rename the process name of it to a random name as well.



Stop believing in "secure coding practices" and "secure design" and start believing in OSS hardware isolation with low-complexity.

TREZOR without the dishonest price-tag.. It's open source and the only way you can attack it is through memory corruption and a ARM payload that sends keys back over USB.

I don't have the funding else I could emulate their hardware with any cheap hardware. I've looked at the GIT changes for Electrum it's not hard to do. No way I'm paying $100 for a $10 piece of hardware though..

To my understanding Trezor is not that secure because it updates it's firmware from the internet, thats a major attack vector.

Social engineering or the company goes rogue and the signign keys can be compromized, so the entire hardware is worth trash afterthat. That is a major design flaw if you let your "secure" hardware keep contact with the internet.

Best method to store btc is to put it in a cold storage and use QR code to sign the transactions in the offline space. Buy a 2$ cheap webcam, that should do the trick.


Ok but I`m still concerned about online vulnerabilities, if what you say is true, then every online account can be theoretically hacked.

"We cannot solve our problems with the same thinking we used when we created them." - Albert Einstein
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 316



View Profile WWW
February 23, 2016, 02:18:52 AM
 #47


Pretty large threats exist there. Do you know any ways to defend against these attacks?

What if electrum needs some king of memory obfuscation system, to hide it's computations in the memory so that viruses can't detect it. And rename the process name of it to a random name as well.



Stop believing in "secure coding practices" and "secure design" and start believing in OSS hardware isolation with low-complexity.

TREZOR without the dishonest price-tag.. It's open source and the only way you can attack it is through memory corruption and a ARM payload that sends keys back over USB.

I don't have the funding else I could emulate their hardware with any cheap hardware. I've looked at the GIT changes for Electrum it's not hard to do. No way I'm paying $100 for a $10 piece of hardware though..

To my understanding Trezor is not that secure because it updates it's firmware from the internet, thats a major attack vector.

Social engineering or the company goes rogue and the signign keys can be compromized, so the entire hardware is worth trash afterthat. That is a major design flaw if you let your "secure" hardware keep contact with the internet.

Best method to store btc is to put it in a cold storage and use QR code to sign the transactions in the offline space. Buy a 2$ cheap webcam, that should do the trick.


Ok but I`m still concerned about online vulnerabilities, if what you say is true, then every online account can be theoretically hacked.

That's only insecure if they don't internally do a signature check on the image. You have to update firmware from a network.

The only way it can still be vulnerable with an internal signature check is if the transfer or signature code has memory corruption. This code can be done very primitive though where you can give strong attention to crypto implementation and memory handling.

Hardware isolation remedies everything if properly implemented. It's such a small set of function it's not that hard to secure. Even targeted attacks become impossible at some point, because there is only this little query interface to give input to.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 316



View Profile WWW
February 23, 2016, 08:44:56 PM
 #48


That's only insecure if they don't internally do a signature check on the image. You have to update firmware from a network.

The only way it can still be vulnerable with an internal signature check is if the transfer or signature code has memory corruption. This code can be done very primitive though where you can give strong attention to crypto implementation and memory handling.

Hardware isolation remedies everything if properly implemented. It's such a small set of function it's not that hard to secure. Even targeted attacks become impossible at some point, because there is only this little query interface to give input to.

Thats the soft problem. It has a small risk of the signature getting corrupted itself.

What is more likely that the company goes rogue, or gets coerced by the government to hand over the keys and update the device with backdoored updates.

My demands are: complete isolation or junk , there is no other option if you hold millions of $ of bitcoin.

That's a problem with the CPU you're using too. They can get microcode updates with backdoors, and no security product will be able to detect it. Security products also don't check BIOS ROMs. A small isolated device in that environment with crypto is secure though. The NSA would have to find a vulnerability in that small exchange interface or modify the image between repo and signing with a stable backdoor.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
Darra
Newbie
*
Offline Offline

Activity: 2


View Profile
November 06, 2016, 09:43:41 PM
 #49

Hello.
No matter which version of the portable electrum for Windows I run, I keep on getting:

Microsoft Visual C++ Runtime Library

Runtime Error!
Program A:\electrum-2.7.11-portable.exe

R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.



but after clicking ok, the application seems to run normally..
I am using Windows 10 64-bit..
The installation setup runs fine, but due to privacy (and SAFETY!) reasons, I prefer to use the portable one on a crypted drive..
Any idea why do I keep on getting that runtime error message? (i even tried it on a normal,non-crypted drive.. the same happens..)
Do I need to install something on my win 10,or copy some more files to the portable electrum directory?
Thanks for help, in advance.

edit:
I found the answer myself..
The portable version is built without a manifest...
You need to have "electrum.exe.manifest" from the installer version to be included in the same directory with the portable
version, renamed the same as the portable version.. (eg. electrum-2.6.4-portable.exe.manifest )

(see: https://msdn.microsoft.com/en-us/library/ms235560(v=vs.90).aspx     )

Pages: 1 2 3 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!