|
ThePokerTranslator (OP)
|
 |
July 31, 2016, 08:20:05 PM |
|
I'm figuring out which client to use. Could we discuss which one is better? Major factors to consider: security and ease of use.
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
steven0021
|
|
July 31, 2016, 08:37:38 PM
Last edit: July 31, 2016, 08:49:51 PM by steven0021 |
|
Multibit HD have a fee limit of 0.0005 per KB, Electrum does not.
Multibit HD have a repair wallet feature which is a fast way to delete any transaction that have been dropped from the network. Electrum doesn't have such feature, but some said recovering electrum wallet from seed does the same thing (haven't tried that so I don't know if it's true).
In Multibit HD you'll have to create a payment request for each deposit, Electrum doesn't need you to create a request and lists multiple address for you to choose.
I believe there are more, but I don't use Multibit HD all that much so there are some features that I'm not familiar with.
Edit:
For security, both appear to be at the same level for standard wallet. But in Electrum you have the option to create a 2FA wallet.
|
|
|
|
pooya87
Legendary
 Offline
Activity: 3430
Merit: 10498
|
|
August 01, 2016, 06:23:21 AM |
|
Multibit HD have a fee limit of 0.0005 per KB, Electrum does not.
Multibit HD have a repair wallet feature which is a fast way to delete any transaction that have been dropped from the network. Electrum doesn't have such feature, but some said recovering electrum wallet from seed does the same thing (haven't tried that so I don't know if it's true).
In Multibit HD you'll have to create a payment request for each deposit, Electrum doesn't need you to create a request and lists multiple address for you to choose.
I believe there are more, but I don't use Multibit HD all that much so there are some features that I'm not familiar with.
Edit:
For security, both appear to be at the same level for standard wallet. But in Electrum you have the option to create a 2FA wallet.
i just wanted to add that you should try both of these wallets yourself and get familiar with their features, and there is nothing saying this is good and that is bad. it is only a matter of preference in the end about which you choose. - Miltibit HD had (i say had because i think they removed it) a feature that you had to pay an extra fee to the developers in order to use their wallet on each transactions. - i find using Electrum as an cold storage much easier when it comes to spending. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
paffie
Newbie
Offline
Activity: 58
Merit: 0
|
|
August 01, 2016, 06:26:33 AM |
|
One more thing: electrum has a lot more coin controll features. You can actually freeze spending from a certain address, only spend from a certain address, chose your inputs, empty your wallet, edit your fee. Also, multisig is supported by electrum, and it has an android version. On the other hand, i personally find multibit HD more newbie-friendly. As been said before: you could try them both out, and pick the one you like the best  |
|
|
|
|
f___o
Newbie
Offline
Activity: 9
Merit: 0
|
|
August 01, 2016, 09:48:53 AM |
|
I'm figuring out which client to use. Could we discuss which one is better? Major factors to consider: security and ease of use.
Multibit HD is better protected against brute force attack. https://i.imgur.com/b59utxl.png |
|
|
|
|
|
BitcoinSupremo
|
|
August 01, 2016, 04:41:31 PM |
|
Electrum is without a doubt the best, its enough for any of you that think different to check the alternative clients both section of Multibit and Electrum you will see there that a lot more problems happen with Multibit than with Electrum. With this I don't want to say Multibit HD is bad , not at all but just want to underline less problems from Electrum as for the security both have seeds and allow a top notch password very difficult to be hacked by brute force. In security they are both very safe, but less problems happen with Electrum and Multibit HD is more prone to problems from what I have seen in the Multibit section.
|
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1499
No I dont escrow anymore.
|
|
August 01, 2016, 10:19:08 PM |
|
Electrum is without a doubt the best, its enough for any of you that think different to check the alternative clients both section of Multibit and Electrum you will see there that a lot more problems happen with Multibit than with Electrum. With this I don't want to say Multibit HD is bad , not at all but just want to underline less problems from Electrum as for the security both have seeds and allow a top notch password very difficult to be hacked by brute force. In security they are both very safe, but less problems happen with Electrum and Multibit HD is more prone to problems from what I have seen in the Multibit section.
Looks like you missed the post directly above yours. This is roughly my experience as well. I'm figuring out which client to use. Could we discuss which one is better? Major factors to consider: security and ease of use.
Multibit HD is better protected against brute force attack.  Quoted so the picture shows. |
Im not really here, its just your imagination.
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
August 02, 2016, 12:31:47 AM |
|
Ok, so the graph is showing that there are several orders of magnitude more Passwords/s between Electrum and Multibit HD... But, playing devils advocate here... what are the actual settings/circumstances being tested here? It doesn't really explain much... Is this purely just the number of passwords per second that one particular brute forcing app was able to test? If so, is that the ONLY brute forcing app in existence? If not, is there any proof that other brute forcing apps can't check Multibit HD Passwords just as fast? ie. is it because Multibit is deliberately slow and only allows a certain number of password entries per time period and ANY brute forcing app will show similar results?  |
|
|
|
f___o
Newbie
Offline
Activity: 9
Merit: 0
|
|
August 02, 2016, 11:42:50 AM |
|
Ok, so the graph is showing that there are several orders of magnitude more Passwords/s between Electrum and Multibit HD... But, playing devils advocate here... what are the actual settings/circumstances being tested here? It doesn't really explain much... Is this purely just the number of passwords per second that one particular brute forcing app was able to test? If so, is that the ONLY brute forcing app in existence? If not, is there any proof that other brute forcing apps can't check Multibit HD Passwords just as fast? ie. is it because Multibit is deliberately slow and only allows a certain number of password entries per time period and ANY brute forcing app will show similar results? Not sure know what I can disclose. Electrum uses two rounds SHA256. Multibit HD uses scrypt with 16384,8,1. |
|
|
|
|
f___o
Newbie
Offline
Activity: 9
Merit: 0
|
|
August 02, 2016, 11:54:11 AM |
|
Tests on CPU clusters with 24 threads are similar. I can publish more when the thesis is finished. What you take from it now is electrum is not defended against brute force, multibit hd is. ThePokerTranslator asked about security, this attack must have a wallet file. It might not what they ask about.
|
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
August 02, 2016, 10:51:50 PM |
|
Not sure know what I can disclose. Electrum uses two rounds SHA256. Multibit HD uses scrypt with 16384,8,1.
Tests on CPU clusters with 24 threads are similar. I can publish more when the thesis is finished. What you take from it now is electrum is not defended against brute force, multibit hd is. ThePokerTranslator asked about security, this attack must have a wallet file. It might not what they ask about.
Ok, so if I am correctly understanding what you are saying... is that 2 rounds of SHA256 is a lot "faster" to compute than Scrypt 16384,8,1... so that, as it currently stands with current technology and methodologies, you can test passwords faster against an Electrum "wallet.dat" than you can against a Multibit HD "wallet.dat", because you can hash the input password faster. Is that correct? NOTE: I am not disputing your findings... I was just curious as to the how and what that graph was depicting... and if it is as I have asked, this is indeed useful information to know. |
|
|
|
f___o
Newbie
Offline
Activity: 9
Merit: 0
|
|
August 03, 2016, 08:39:03 AM |
|
Not sure know what I can disclose. Electrum uses two rounds SHA256. Multibit HD uses scrypt with 16384,8,1.
Tests on CPU clusters with 24 threads are similar. I can publish more when the thesis is finished. What you take from it now is electrum is not defended against brute force, multibit hd is. ThePokerTranslator asked about security, this attack must have a wallet file. It might not what they ask about.
Ok, so if I am correctly understanding what you are saying... is that 2 rounds of SHA256 is a lot "faster" to compute than Scrypt 16384,8,1... so that, as it currently stands with current technology and methodologies, you can test passwords faster against an Electrum "wallet.dat" than you can against a Multibit HD "wallet.dat", because you can hash the input password faster. Is that correct? NOTE: I am not disputing your findings... I was just curious as to the how and what that graph was depicting... and if it is as I have asked, this is indeed useful information to know. Yes. Is more complex, but yes. See schildbach app, it uses scrypt(4096,8,1). This scrypt can be calculated fast like sha 256. I think because its for phone which is not fast for scrypt default. Multibit classic uses md5. md5 is little bit broken. multibit hd is a good improvement over this. Do not think now electrum is not good wallet please. Its special attack. Use longer password and all is ok. Dont get your file stolen is even better. |
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
August 03, 2016, 11:08:01 AM |
|
Yes. Is more complex, but yes. See schildbach app, it uses scrypt(4096,8,1). This scrypt can be calculated fast like sha 256. I think because its for phone which is not fast for scrypt default. Multibit classic uses md5. md5 is little bit broken. multibit hd is a good improvement over this.
Do not think now electrum is not good wallet please. Its special attack. Use longer password and all is ok. Dont get your file stolen is even better.
Ahhh OK... excellent. I'm just a naturally skeptical person, so when people show pretty graphs that 1. I don't understand and 2. don't really explain what I'm looking at, I get curious  I have faith that Electrum is still a relatively secure wallet... Alll this means is that Multibit is "a bit more" secure when it comes to someone trying to brute force my wallet file should it get stolen. |
|
|
|
|
Coin-Keeper
|
|
August 05, 2016, 08:27:59 PM |
|
I have used both of these wallets and they appear to be very secure. The only security issues I have ever read about while reading all over the net seem to come from operator error! It is important for you to decide what actions are necessary before you select a wallet. e.g. - I have somewhat recently moved to using a Trezor for wallets where I want quick access and security "on the fly". Because of my use scenario I want to have a "decoy" wallet should I ever face a physical loss or a mild adversary. Enter passphrases and that allows the Trezor to become a different wallet (in a sense). While that is easy, be aware that many software products do not allow passphrases on the Trezor (incompatible). So in this instance I cannot use MyCelium AND enjoy my passphrases as SOP. I don't mean the PIN, I mean actual passphrases in tandem with the seed to generate the addresses. MultiBit also creates issues for me in this application.
For others with different use needs; both of these two software products you are citing are great!
|
|
|
|
equator
Legendary
Offline
Activity: 1190
Merit: 1002
|
|
August 06, 2016, 07:18:05 AM |
|
about Multibit i have never used so i cannot say about it, but i have been using electrum for the past 12 months above and i am very much happy with it. The only problem is their that if the phassphrase keys are stolen then we cannot generate a new phassphrase for the wallet like i mean if the wallet got hacked and the hacker gets your seed key then he can operate your wallet from any where so if we want to change the seed key then it is not possible and we have to leave that wallet and create a new wallet and start from new. This is the problem faced by one of my friend as his computer got hacked and the hacker stole the seed key. now he is not able to use that wallet. So this is the only one problem faced.
|
|
|
|
|
|
RealBitcoin
|
|
August 06, 2016, 08:27:34 AM |
|
Electrum is without a doubt the best, its enough for any of you that think different to check the alternative clients both section of Multibit and Electrum you will see there that a lot more problems happen with Multibit than with Electrum. With this I don't want to say Multibit HD is bad , not at all but just want to underline less problems from Electrum as for the security both have seeds and allow a top notch password very difficult to be hacked by brute force. In security they are both very safe, but less problems happen with Electrum and Multibit HD is more prone to problems from what I have seen in the Multibit section.
Looks like you missed the post directly above yours. This is roughly my experience as well. I'm figuring out which client to use. Could we discuss which one is better? Major factors to consider: security and ease of use.
Multibit HD is better protected against brute force attack. Quoted so the picture shows. Is that the password or the private key statistics? Because if it's a password, then it can be easily defended if you put something 50-60 character long. |
|
|
|
Herbert2020
Legendary
Offline
Activity: 1946
Merit: 1137
|
|
August 06, 2016, 11:29:35 AM |
|
-
Is that the password or the private key statistics?
Because if it's a password, then it can be easily defended if you put something 50-60 character long.
it is the password which is used to encrypt the wallet file and NO you do not need a 50-60 char long pass. brute force is done with a dictionary or similar ways so you are still pretty safe with a password which is 8 char long but it is random letter+number+signs although i am interested to hear from f___o about the method he is talking about for breaking these encryptions, is it brute force the way i think or is it something else? |
Weak hands have been complaining about missing out ever since bitcoin was $1 and never buy the dip.
Whales are those who keep buying the dip.
|
|
|
|
RealBitcoin
|
|
August 06, 2016, 11:48:51 AM |
|
-
Is that the password or the private key statistics?
Because if it's a password, then it can be easily defended if you put something 50-60 character long.
it is the password which is used to encrypt the wallet file and NO you do not need a 50-60 char long pass. brute force is done with a dictionary or similar ways so you are still pretty safe with a password which is 8 char long but it is random letter+number+signs although i am interested to hear from f___o about the method he is talking about for breaking these encryptions, is it brute force the way i think or is it something else? 8 chars are you joking right? You should have at least 20 chars, but that is pretty bad for longterm. So anything over 30 chars should be considered. |
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
August 06, 2016, 12:49:46 PM |
|
it is the password which is used to encrypt the wallet file and NO you do not need a 50-60 char long pass. brute force is done with a dictionary or similar ways so you are still pretty safe with a password which is 8 char long but it is random letter+number+signs
although i am interested to hear from f___o about the method he is talking about for breaking these encryptions, is it brute force the way i think or is it something else?
As he explained to me earlier... that graph shows the relative speed with which one can test passwords against the encrypted wallet file due to the hashing algorithms they use for comparing input password will file password. Some algorithms are super fast, so you can test passwords faster... as you can compute their hashes faster to test against the encrypted file. Of course, this is still brute forcing... so if you use a "secure" password which is nice and long (I hesitate to give a definite value, but certainly longer than 8 and the longer the better), and uses uppercase, lowercase, numbers and symbols... brute forcing is still going to take a "long" time to run through all the possible combinations... What the graph shows is just that one program (MultibitHD) would take considerably longer than the other (Electrum) due to password test speed. |
|
|
|
Herbert2020
Legendary
Offline
Activity: 1946
Merit: 1137
|
|
August 07, 2016, 11:47:05 AM |
|
it is the password which is used to encrypt the wallet file and NO you do not need a 50-60 char long pass. brute force is done with a dictionary or similar ways so you are still pretty safe with a password which is 8 char long but it is random letter+number+signs
although i am interested to hear from f___o about the method he is talking about for breaking these encryptions, is it brute force the way i think or is it something else?
As he explained to me earlier... that graph shows the relative speed with which one can test passwords against the encrypted wallet file due to the hashing algorithms they use for comparing input password will file password. Some algorithms are super fast, so you can test passwords faster... as you can compute their hashes faster to test against the encrypted file. Of course, this is still brute forcing... so if you use a "secure" password which is nice and long (I hesitate to give a definite value, but certainly longer than 8 and the longer the better), and uses uppercase, lowercase, numbers and symbols... brute forcing is still going to take a "long" time to run through all the possible combinations... What the graph shows is just that one program (MultibitHD) would take considerably longer than the other (Electrum) due to password test speed. when i said 8 i didn't really calculate anything but let me do it now here and you check if i am doing it right: there are 26 letters in English x2 because of lower case and upper case there are 10 numbers there are 32 signs (symbols) on the keyboard only (*, /, #, $, ,, ^) and i won't count the rest of the signs (ƒ, ¥,£,...) this total is 94 so a random password like this: Df@m$Jdu (8 char long) has 6E+15 different possible variations. and if i understand the picture above correctly the worst case scenario is going through 2.5E+5 passwords/s so it would take 2.44e+10 sec or in other words it takes 773 years to go through the passwords. |
Weak hands have been complaining about missing out ever since bitcoin was $1 and never buy the dip.
Whales are those who keep buying the dip.
|
|
|
|
