Bitcoin Forum
October 20, 2018, 07:56:54 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Best wallet for Security + Offline Transactions  (Read 912 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
BlueTopaz
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
November 27, 2016, 12:31:46 PM
 #1

Hey guys, please suggest which is the best wallet for bitcoin and litecoin in terms of security.
please suggest for offline transaction ability as well.

Thanks.
1540022214
Hero Member
*
Offline Offline

Posts: 1540022214

View Profile Personal Message (Offline)

Ignore
1540022214
Reply with quote  #2

1540022214
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1540022214
Hero Member
*
Offline Offline

Posts: 1540022214

View Profile Personal Message (Offline)

Ignore
1540022214
Reply with quote  #2

1540022214
Report to moderator
1540022214
Hero Member
*
Offline Offline

Posts: 1540022214

View Profile Personal Message (Offline)

Ignore
1540022214
Reply with quote  #2

1540022214
Report to moderator
ranochigo
Legendary
*
Offline Offline

Activity: 1568
Merit: 1094

Somewhat inactive.


View Profile WWW
November 27, 2016, 01:08:05 PM
 #2

Bitcoin Core would definitely be the one with the most features and have no privacy compromises when you are talking about having a wallet. Bitcoin Core allows users to transmit transactions offline by offering the feature to sign transactions offline in the console. That being said, it isn't easy to create offline transactions and sign them.

Armory is the solution to this. Armory basically relies on Bitcoind, similar to Bitcoin Core, to synchronize with the network and make transactions. This is ideally a great setup to use.

However, you can also use Electrum and they also have the feature to create a raw unsigned transaction on the online computer sign it on an offline computer. Electrum is more lightweight but it does not offer great privacy nor wallet file security.*

*It is definitely strong but when comparing with Bitcoin Core: https://imgur.com/b59utxl

Coding Enthusiast
Sr. Member
****
Offline Offline

Activity: 515
Merit: 389


Novice C♯ Coder


View Profile WWW
November 28, 2016, 05:50:49 PM
 #3

Electrum is more lightweight but it does not offer ♯♯ wallet file security.

This part is not right. Electrum uses AES-256-CBC which is, to my knowledge, a pretty strong way of encrypting the wallet file for security.

Projects List+Suggestion box
Donation link using BIP21
Bech32 Donation link!
BitcoinTransactionTool (0.9.2):  Ann - Source Code
Watch Only Bitcoin Wallet (supporting SegWit) (3.1.0):  Ann - Source Code
SharpPusher (broadcast transactions) (0.10.0): Ann - Source Code

Sosaso75
Sr. Member
****
Offline Offline

Activity: 432
Merit: 250


View Profile
November 28, 2016, 06:04:33 PM
 #4

Electrum is more lightweight but it does not offer ♯♯ wallet file security.

This part is not right. Electrum uses AES-256-CBC which is, to my knowledge, a pretty strong way of encrypting the wallet file for security.

I agree with this user.

I am NOT superstitious,but I am a little stitious !
Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 573
Merit: 502



View Profile
November 28, 2016, 06:44:21 PM
 #5

A chain is only as strong as the weakest link.  The software products mentioned are all strong running on a clean "non-malware" machine.  I have been teaching security for some time now and the weak link is usually a "dirty" machine caused many times by ongoing operator error with their OPSec.  A good counter measure is to picture your machine "dirty" and ask if that would enable a bad actor to steal your coins?  We are currently participating in the Electrum forum so lets stay here and consider two solutions.  1.  Use Electrum with cold storage where an offline computer holds the private keys and no access is available to the online "dirty" machine.  2. Use Electrum with a hardware wallet on an online machine.  A decent hardware wallet doesn't even allow Electrum to see the private keys so "malware" will never get the needed keys to move coins.  Beyond doubt nobody wants to knowingly operate a "malware infected" machine.  The subject of how to remove malware and prevent it in the first place is another thread.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
f___o
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
November 28, 2016, 08:05:36 PM
 #6

Electrum is more lightweight but it does not offer ♯♯ wallet file security.

This part is not right. Electrum uses AES-256-CBC which is, to my knowledge, a pretty strong way of encrypting the wallet file for security.

I agree with this user.

He is wrong. AES-256-CBC is used in many wallets. So no difference between them. Look at multibit hd beta 0.5 any why it is early. It uses AES-256-CBC and scrypt for key-stretching. Electrum uses SHA256d for key-stretching, same as mining. In this picture you can see brute force attacks with a normal computer. All the wallets use AES-256-CBC. The question is about offline computer. Is encryption important when offline?

https://imgur.com/b59utxl (if it does not load, click)
Coding Enthusiast
Sr. Member
****
Offline Offline

Activity: 515
Merit: 389


Novice C♯ Coder


View Profile WWW
November 29, 2016, 05:13:11 AM
 #7

Electrum is more lightweight but it does not offer ♯♯ wallet file security.

This part is not right. Electrum uses AES-256-CBC which is, to my knowledge, a pretty strong way of encrypting the wallet file for security.

I agree with this user.

He is wrong. AES-256-CBC is used in many wallets. So no difference between them. Look at multibit hd beta 0.5 any why it is early. It uses AES-256-CBC and scrypt for key-stretching. Electrum uses SHA256d for key-stretching, same as mining. In this picture you can see brute force attacks with a normal computer. All the wallets use AES-256-CBC. The question is about offline computer. Is encryption important when offline?

(if it does not load, click)

Then what is your explanation for this: http://docs.electrum.org/en/latest/faq.html#what-encryption-is-used-for-wallets
I will add the link to code on GitHub if I can find it since I am bad at python.

Also the picture you have included here is out of context and does not say anything.
What is this result of?
Is it result of brute forcing encrypted wallet files?
How old is this?
How strong or weak was the passwords which were used? (the length of the password for example was it "123" or was it "2Fd#4dlR&jfh8"?
How many tests were performed on how many variations of passwords?

Projects List+Suggestion box
Donation link using BIP21
Bech32 Donation link!
BitcoinTransactionTool (0.9.2):  Ann - Source Code
Watch Only Bitcoin Wallet (supporting SegWit) (3.1.0):  Ann - Source Code
SharpPusher (broadcast transactions) (0.10.0): Ann - Source Code

ranochigo
Legendary
*
Offline Offline

Activity: 1568
Merit: 1094

Somewhat inactive.


View Profile WWW
November 29, 2016, 05:24:18 AM
 #8

Then what is your explanation for this: http://docs.electrum.org/en/latest/faq.html#what-encryption-is-used-for-wallets
I will add the link to code on GitHub if I can find it since I am bad at python.

Also the picture you have included here is out of context and does not say anything.
What is this result of?
Is it result of brute forcing encrypted wallet files?
I came across this several days ago and hence I made my statement. Bitcoin Core does have a more advanced encryption [1] and more than AES-256-CBC.
How old is this?
Probably fairly new, it was uploaded on Aug 1 anyway and it has appeared on the forum quite sometime ago.
How strong or weak was the passwords which were used? (the length of the password for example was it "123" or was it "2Fd#4dlR&jfh8"?
Doesn't really matter. The results showed the number of keys tested per second and not the time it takes to crack them.

Although I have to agree that Electrum is quite secure, I have to say that Bitcoin Core, Multibit etc is harder to bruteforce as compared to Electrum. It wouldn't be a problem if you're using a long and strong password. It is a problem if you are making a cold storage and someone else have access to your encrypted wallet files anyway.



[1] https://en.bitcoin.it/wiki/Wallet_encryption

f___o
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
November 29, 2016, 08:49:17 AM
 #9

Electrum is more lightweight but it does not offer ♯♯ wallet file security.

This part is not right. Electrum uses AES-256-CBC which is, to my knowledge, a pretty strong way of encrypting the wallet file for security.

I agree with this user.

He is wrong. AES-256-CBC is used in many wallets. So no difference between them. Look at multibit hd beta 0.5 any why it is early. It uses AES-256-CBC and scrypt for key-stretching. Electrum uses SHA256d for key-stretching, same as mining. In this picture you can see brute force attacks with a normal computer. All the wallets use AES-256-CBC. The question is about offline computer. Is encryption important when offline?

https://imgur.com/b59utxl (if it does not load, click)

Then what is your explanation for this: http://docs.electrum.org/en/latest/faq.html#what-encryption-is-used-for-wallets
I will add the link to code on GitHub if I can find it since I am bad at python.

Also the picture you have included here is out of context and does not say anything.
What is this result of?
Is it result of brute forcing encrypted wallet files?
How old is this?
How strong or weak was the passwords which were used? (the length of the password for example was it "123" or was it "2Fd#4dlR&jfh8"?
How many tests were performed on how many variations of passwords?

The graph shows brute force attack on wallets. The numbers are passwords/s. It is from my research 2 month ago. All wallets you see use AES-256-CBC. That is not important. If your password is strong, brute force is not working. With electrum you must have a strong password, with others not so much. I will show you in source if it helps.

Here is defined Hash(x), here it is used as secret for encryption. This is normal and called key-stretching or key derivation function. It is used because a password does not have the correct bits.

Now we look at bitcoin core. Here is encryption and look here is benchmark to help find a good number of sha512 rounds. In my research the wallets used 128675 to 240718 rounds. Think what would take longer 128000 rounds sha512 or two rounds sha256. AES is the same for all, it does not matter.

And question again, why is the password and key-stretching important if the computer is offline? Offline computer can have simple or no password.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!