|
ChainSmoker (OP)
|
 |
September 02, 2017, 08:46:50 PM |
|
I am a fan of electrum bitcoin wallet but something very weird is happening with this wallet now when using for cold storage.After creating a wallet on offline machine the wallet is created with 20 Receiving Address and 6 Change Address.Exporting master public keys and then importing these keys to Online Machine results in same 20 Receiving Address and 6 Change Address but once the wallet is synced then the problem starts.In Receiving Addresses 4 new addresses are added automatically at the bottom of 20 addresses and that's not all you don't own these addresses.I tried signing the message using any of these 4 address and it results in error.In offline machine,error is 'Address not found in wallet'.In Online machine,also error which means both machines don't have private keys to this address so if we send bitcoins to these address they will be LOST. I expect some explanation to this from Electrum developer or someone experienced?
|
|
|
|
jackg
Copper Member
Legendary
 Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
 |
September 02, 2017, 08:59:11 PM |
|
I am a fan of electrum bitcoin wallet but something very weird is happening with this wallet now when using for cold storage.After creating a wallet on offline machine the wallet is created with 20 Receiving Address and 6 Change Address.Exporting master public keys and then importing these keys to Online Machine results in same 20 Receiving Address and 6 Change Address but once the wallet is synced then the problem starts.In Receiving Addresses 4 new addresses are added automatically at the bottom of 20 addresses and that's not all you don't own these addresses.I tried signing the message using any of these 4 address and it results in error.In offline machine,error is 'Address not found in wallet'.In Online machine,also error which means both machines don't have private keys to this address so if we send bitcoins to these address they will be LOST. I expect some explanation to this from Electrum developer or someone experienced?
These 24 addresses are probably produced from your public key. If you bring your offline computer online, you will get the private keys from those addresses. If you try to sign a transaction from one of those addresses on the offline computer after loading the inputs from the online computer and then broadcasting back on the online computer, you should be able to spend the coins. Your seed is a randomeley generated number, two numbers can then be produced by that. A master public key (xpub) and a master private key (xpriv). These keys are used to control your wallet, the offline wallet has xpriv and the seed, the online wallet has the xpub. Both can be used to generate addresses, however, only your xpriv and your seed are able to produce your private keys. |
|
|
|
|
|
ChainSmoker (OP)
|
|
September 02, 2017, 09:12:14 PM |
|
I am a fan of electrum bitcoin wallet but something very weird is happening with this wallet now when using for cold storage.After creating a wallet on offline machine the wallet is created with 20 Receiving Address and 6 Change Address.Exporting master public keys and then importing these keys to Online Machine results in same 20 Receiving Address and 6 Change Address but once the wallet is synced then the problem starts.In Receiving Addresses 4 new addresses are added automatically at the bottom of 20 addresses and that's not all you don't own these addresses.I tried signing the message using any of these 4 address and it results in error.In offline machine,error is 'Address not found in wallet'.In Online machine,also error which means both machines don't have private keys to this address so if we send bitcoins to these address they will be LOST. I expect some explanation to this from Electrum developer or someone experienced?
These 24 addresses are probably produced from your public key. If you bring your offline computer online, you will get the private keys from those addresses. If you try to sign a transaction from one of those addresses on the offline computer after loading the inputs from the online computer and then broadcasting back on the online computer, you should be able to spend the coins. Your seed is a randomeley generated number, two numbers can then be produced by that. A master public key (xpub) and a master private key (xpriv). These keys are used to control your wallet, the offline wallet has xpriv and the seed, the online wallet has the xpub. Both can be used to generate addresses, however, only your xpriv and your seed are able to produce your private keys. Then what's the use of cold storage if i have to bring offline pc online to generate the private key of those 4 addresses? The weird thing is Electrum generated 4 address and none of the wallets(online and offline) has the clue of the private keys of those address.I tested my mpub key in virtual pc running windows 7 and this time those 4 addresses are not generated.Again weird. |
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
September 02, 2017, 09:18:08 PM
Last edit: September 02, 2017, 09:35:15 PM by jackg |
|
I am a fan of electrum bitcoin wallet but something very weird is happening with this wallet now when using for cold storage.After creating a wallet on offline machine the wallet is created with 20 Receiving Address and 6 Change Address.Exporting master public keys and then importing these keys to Online Machine results in same 20 Receiving Address and 6 Change Address but once the wallet is synced then the problem starts.In Receiving Addresses 4 new addresses are added automatically at the bottom of 20 addresses and that's not all you don't own these addresses.I tried signing the message using any of these 4 address and it results in error.In offline machine,error is 'Address not found in wallet'.In Online machine,also error which means both machines don't have private keys to this address so if we send bitcoins to these address they will be LOST. I expect some explanation to this from Electrum developer or someone experienced?
These 24 addresses are probably produced from your public key. If you bring your offline computer online, you will get the private keys from those addresses. If you try to sign a transaction from one of those addresses on the offline computer after loading the inputs from the online computer and then broadcasting back on the online computer, you should be able to spend the coins. Your seed is a randomeley generated number, two numbers can then be produced by that. A master public key (xpub) and a master private key (xpriv). These keys are used to control your wallet, the offline wallet has xpriv and the seed, the online wallet has the xpub. Both can be used to generate addresses, however, only your xpriv and your seed are able to produce your private keys. Then what's the use of cold storage if i have to bring offline pc online to generate the private key of those 4 addresses? The weird thing is Electrum generated 4 address and none of the wallets(online and offline) has the clue of the private keys of those address.I tested my mpub key in virtual pc running windows 7 and this time those 4 addresses are not generated.Again weird. I'd recommend you don't use those four addresses just because they may appear foreign to your offline computer - although it may have something to defend against this. However, if you send say 0.001 BTC to one (or even less), then you'll see that the address will be online if you use blockchain.info/xpub/'public key' and it will appear in your online computer. On the offline computer, can you use ismine(one of your new addresses) and see if you get 'true' printed from the command line. |
|
|
|
|
|
ChainSmoker (OP)
|
|
September 02, 2017, 09:50:34 PM |
|
I'd recommend you don't use those four addresses just because they may appear foreign to your offline computer - although it may have something to defend against this.
However, if you send say 0.001BTC to one (or even less), then you'll see that the address will be online if you use blockchain.info/xpub/'public key' and it will appear in your online computer.
On the offline computer, can you use ismine(one of your new addresses) and see if you get 'true' printed from the command line.
address not found when trying to sign message on the offline PC.If that new address indeed belongs to my wallet then offline pc should have generated it when signing the message but it didn't. |
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
September 02, 2017, 10:03:33 PM |
|
I'd recommend you don't use those four addresses just because they may appear foreign to your offline computer - although it may have something to defend against this.
However, if you send say 0.001BTC to one (or even less), then you'll see that the address will be online if you use blockchain.info/xpub/'public key' and it will appear in your online computer.
On the offline computer, can you use ismine(one of your new addresses) and see if you get 'true' printed from the command line.
address not found when trying to sign message on the offline PC.If that new address indeed belongs to my wallet then offline pc should have generated it when signing the message but it didn't. I found these commands: wallet.storage.put('gap_limit', 24) wallet.storage.write() If you run these in the console on your offline wallet does it produce the same addresses? You may have to restart the wallet first. |
|
|
|
|
|
ChainSmoker (OP)
|
|
September 02, 2017, 10:43:47 PM |
|
I'd recommend you don't use those four addresses just because they may appear foreign to your offline computer - although it may have something to defend against this.
However, if you send say 0.001BTC to one (or even less), then you'll see that the address will be online if you use blockchain.info/xpub/'public key' and it will appear in your online computer.
On the offline computer, can you use ismine(one of your new addresses) and see if you get 'true' printed from the command line.
address not found when trying to sign message on the offline PC.If that new address indeed belongs to my wallet then offline pc should have generated it when signing the message but it didn't. I found these commands: wallet.storage.put('gap_limit', 24) wallet.storage.write() If you run these in the console on your offline wallet does it produce the same addresses? You may have to restart the wallet first. You are right.When i typed the above command in online pc changing 24 to 50 then it added more address to my receiving tab.In offline PC i haven't tested yet because i am out right now.But i am curious if this is the case of gap limit then why can't i get back to default 20 address gap limit in my online electrum wallet? I tried this command wallet.storage.put('gap_limit', 20)
wallet.storage.write()and it restarted electrum and still 24 addresses I also tried this command wallet.change_gap_limit(20) No change. Edit. Using the command wallet.change_gap_limit(16) reset back the addresses to default 20 just like we get after creating the wallet but the weird thing is the command includes the number 16 not 20 but the receiving addresses are 20 |
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
September 02, 2017, 10:51:25 PM |
|
I'd recommend you don't use those four addresses just because they may appear foreign to your offline computer - although it may have something to defend against this.
However, if you send say 0.001BTC to one (or even less), then you'll see that the address will be online if you use blockchain.info/xpub/'public key' and it will appear in your online computer.
On the offline computer, can you use ismine(one of your new addresses) and see if you get 'true' printed from the command line.
address not found when trying to sign message on the offline PC.If that new address indeed belongs to my wallet then offline pc should have generated it when signing the message but it didn't. I found these commands: wallet.storage.put('gap_limit', 24) wallet.storage.write() If you run these in the console on your offline wallet does it produce the same addresses? You may have to restart the wallet first. You are right.When i typed the above command in online pc changing 24 to 50 then it added more address to my receiving tab.In offline PC i haven't tested yet because i am out right now.But i am curious if this is the case of gap limit then why can't i get back to default 20 address gap limit in my online electrum wallet? I tried this command wallet.storage.put('gap_limit', 20)
wallet.storage.write()and it restarted electrum and still 24 addresses I also tried this command wallet.change_gap_limit(20) No change. Edit. Using the command wallet.change_gap_limit(16) reset back the addresses to default 20 just like we get after creating the wallet but the weird thing is the command includes the number 16 not 20 but the receiving addresses are 20 I think it would be a fairly counterproductive step to delete addresses I think. You can freeze your 4 addresses so they're not used. |
|
|
|
|
|
ChainSmoker (OP)
|
|
September 02, 2017, 11:15:20 PM |
|
I think it would be a fairly counterproductive step to delete addresses I think.
You can freeze your 4 addresses so they're not used.
I understand what's happening now.Electrum indeed has 20 default address gap limit.I have few bits at the 4th address from the top so electrum wallet thinks that all the 4 address from top are used address so it automatically creates 4 new address even though gap limit is 20.I tried the command to change gap limit to 24 on offline pc and same 4 addresses are now generated in offline pc too. I have 1 different question now.Does leaking of any 1 of the private keys of any electrum address can lead to generation of electrum seed by hacker? if any 1 electrum address private key gets leaked does that mean other address private key can be generated by hacker? |
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
September 02, 2017, 11:33:17 PM |
|
I think it would be a fairly counterproductive step to delete addresses I think.
You can freeze your 4 addresses so they're not used.
I understand what's happening now.Electrum indeed has 20 default address gap limit.I have few bits at the 4th address from the top so electrum wallet thinks that all the 4 address from top are used address so it automatically creates 4 new address even though gap limit is 20.I tried the command to change gap limit to 24 on offline pc and same 4 addresses are now generated in offline pc too. I have 1 different question now.Does leaking of any 1 of the private keys of any electrum address can lead to generation of electrum seed by hacker? if any 1 electrum address private key gets leaked does that mean other address private key can be generated by hacker? I think that warning you get on the wallet is just to increase the security of your wallet. You shouldn't share any of your private keys with anyone anyway - so don't do it unless you really have to. There may be a way to brute force the seed from a couple of private keys looking at the patterns they share, however, I think it'd take large amounts of computer power. As an extra note, you might want to increas the limit to say 100 and then you don't have to worry about the addresses being reproduced every time (I'm not sure this will slow down your wallet too much and as it'll be on the offline computer it won't have any effect on the electrum servers themselves). |
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
September 03, 2017, 12:42:50 AM |
|
I have 1 different question now.Does leaking of any 1 of the private keys of any electrum address can lead to generation of electrum seed by hacker? if any 1 electrum address private key gets leaked does that mean other address private key can be generated by hacker?
From the seed words, a Master Private Key is derived and then all the subsequent child keys. The reverse is not possible, i.e.: It is not possible to derive the seed words from the Master Private Key. However, it is possible to derive the Master Private Key (and de-facto all the child keys) if one get access to only one private key and the Master Public Key. Therefore, protect your Master Public Key as well as your Master Private Key, or any Private key. This is true not only for Electrum, but also to any BIP39/42 HD wallet - including Trezor or Ledger. Worse, if a hacker derives your Master Private Key on a Trezor - they also can access all the other alt coins stored on the same device (LTC, DASH, ETH, BCH, etc). Does trezor not use different seeds for each coin? If not then that's not a great architecture for the device to follow (it's fairly difficult to hack though). Your public key can be leaked providing you don't also leak any private keys. Is there not a way to derive a public key form an address anyway? If wallet explorers like blockchain.info have information on public keys then it would technically be possible to do as far as I understand it. Also, I'm interested to know if there's a piece of software that implements this (possibly one I could test on an offline and sand boxed PC)? |
|
|
|
|
Cobalt9317
Copper Member
Sr. Member
Offline
Activity: 434
Merit: 278
Offering Escrow 0.5 % fee
|
|
September 03, 2017, 11:44:36 AM |
|
We can customize fee in Electrum but don't make it too slow Look for my idea fee | Walking. | | Bicycle. | | Bus. | | Bullet Train Joke Train. |
|
|
|
|
|
|
