Bitcoin Forum
July 19, 2018, 04:17:55 AM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Time to move from Electrum  (Read 415 times)
Subutai
Jr. Member
*
Offline Offline

Activity: 114
Merit: 0

An Intelligent P2P Cloud Computing Platform


View Profile WWW
January 25, 2018, 10:38:09 AM
 #21

Always thought Electrum was a popular choice and it actually is for many people.
So I think they'll resolve their issues, it's been around for so long.

Core seems to be the best way to go If you don't mind running a full node.

☁️ JOIN SUBUTAI ON: TELEGRAM (https://t.me/SubutaiKHAN) - REDDIT (https://www.reddit.com/r/SubutaiKHAN) ☁️
1531973875
Hero Member
*
Offline Offline

Posts: 1531973875

View Profile Personal Message (Offline)

Ignore
1531973875
Reply with quote  #2

1531973875
Report to moderator
1531973875
Hero Member
*
Offline Offline

Posts: 1531973875

View Profile Personal Message (Offline)

Ignore
1531973875
Reply with quote  #2

1531973875
Report to moderator
1531973875
Hero Member
*
Offline Offline

Posts: 1531973875

View Profile Personal Message (Offline)

Ignore
1531973875
Reply with quote  #2

1531973875
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1531973875
Hero Member
*
Offline Offline

Posts: 1531973875

View Profile Personal Message (Offline)

Ignore
1531973875
Reply with quote  #2

1531973875
Report to moderator
1531973875
Hero Member
*
Offline Offline

Posts: 1531973875

View Profile Personal Message (Offline)

Ignore
1531973875
Reply with quote  #2

1531973875
Report to moderator
digaran
Hero Member
*****
Offline Offline

Activity: 868
Merit: 586

Don't panic, I'm not a merit source!


View Profile
January 25, 2018, 12:10:17 PM
 #22

Always thought Electrum was a popular choice and it actually is for many people.
So I think they'll resolve their issues, it's been around for so long.

Core seems to be the best way to go If you don't mind running a full node.
I do mind running a full node, I wanted to kill myself after realizing that I'd get nothing if I run a full node. lol. Electrum is a good choice, it is open source and if you have something to add to the code to make it better, you should do it. if any other wallet is better than Electrum, you should use it.

HOWEYCOINS   ▮      Excitement and         ⭐  ● TWITTER  ● FACEBOOK   ⭐      
  ▮    guaranteed returns                 ●TELEGRAM                         
  ▮  of the travel industry
    ⭐  ●Ann Thread ●Instagram   ⭐ 
✅    U.S.Sec    ➡️
✅  approved!  ➡️
alexeyneu
Member
**
Offline Offline

Activity: 72
Merit: 10


View Profile
January 25, 2018, 08:06:37 PM
 #23

(Real Hacking)
....do not allow https (website) to http (RPC) access to localhost, so the attacking website commonly has to be http only as well.


Source : https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/

do you know what is https?
Spendulus
Legendary
*
Offline Offline

Activity: 1946
Merit: 1011



View Profile
January 30, 2018, 11:43:00 PM
Merited by RGBKey (1)
 #24

So as you can see from the notice above, ( https://bitcointalk.org/index.php?topic=2702103.0 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?

I'm afraid your logic is backwards.

Cryptography exists and is used for security because methods are published, put into use, flaws are discovered and the method is improved, repeatedly.

This has been the case since the 1950s.

Electrum is an example of this process, is it not?
buwaytress
Hero Member
*****
Offline Offline

Activity: 686
Merit: 621


I bit, therefore I am


View Profile
February 02, 2018, 09:46:08 AM
Merited by HCP (1)
 #25

I'm probably close to being the average Bitcoin user:
- with very average technical understanding
- owning a modest sum of coins (and in possession of and controlling even less)
- using mainstream consumer hardware and OS
- transacting at most once a day

I've tried many wallets in my time and Electrum is still the best fit for me, based on above reasons. As others point out, that the developer(s) behind Electrum respond quickly and effectively to vulnerabilities makes me even more confident. That said, I don't think I can ever trust anything I don't fully understand. That's not a criticism of Electrum, that's probably just a best practice of security.

dhas
Full Member
***
Offline Offline

Activity: 168
Merit: 120


View Profile
February 09, 2018, 01:57:26 AM
 #26

I'm probably close to being the average Bitcoin user:
- with very average technical understanding
- owning a modest sum of coins (and in possession of and controlling even less)
- using mainstream consumer hardware and OS
- transacting at most once a day

I've tried many wallets in my time and Electrum is still the best fit for me, based on above reasons. As others point out, that the developer(s) behind Electrum respond quickly and effectively to vulnerabilities makes me even more confident. That said, I don't think I can ever trust anything I don't fully understand. That's not a criticism of Electrum, that's probably just a best practice of security.
However the charges of this wallet was so high, when I tried to withdraw or transfer my amount into different wallet charges was almost half of my amount, that's why I can't used now my electrum. But in terms of services and features of this wallet no problem, only the charges amount for me is the problem.
pooya87
Legendary
*
Online Online

Activity: 1344
Merit: 1106


Buy bitcoin they said... who listened?


View Profile
February 09, 2018, 04:25:31 AM
 #27

~
However the charges of this wallet was so high, when I tried to withdraw or transfer my amount into different wallet charges was almost half of my amount, that's why I can't used now my electrum. But in terms of services and features of this wallet no problem, only the charges amount for me is the problem.

what charges?
you mean the transaction fees that you are paying the miners to process your transaction? also known as network fees?
what does that have to do with Electrum. it was the huge backlog of 200,000 unconfirmed transactions which caused the high fees. and Electrum is simply suggesting fees you can change them if you think the suggestion is not appropriate.

HCP
Hero Member
*****
Offline Offline

Activity: 658
Merit: 874

<insert witty quote here>


View Profile
February 09, 2018, 04:57:30 AM
 #28

However the charges of this wallet was so high, when I tried to withdraw or transfer my amount into different wallet charges was almost half of my amount, that's why I can't used now my electrum. But in terms of services and features of this wallet no problem, only the charges amount for me is the problem.
It isn't the wallet causing that problem... it's most likely the way you've been accumulating Bitcoins. I would guess you have collected a large number of very small amounts of Bitcoin. This leads to transactions that you attempt to send having a large "data" size. Fees are calculated on the "data" size of your transaction, not the amount of BTC being sent.

If this is indeed the case (lots of small coins), then pretty much any wallet that you used would probably "suggest" just as much for you transaction fees, if not more.

NOTE: If you have a look at the "coins" tab (View -> Show Coins), you'll see all the different coins you've amassed and how much they're worth individually.

Also, Electrum supports completely custom fees, so you can set ANY fee you want.

Neuron76
Jr. Member
*
Offline Offline

Activity: 32
Merit: 15


View Profile
February 09, 2018, 12:37:04 PM
 #29

So as you can see from the notice above, ( https://bitcointalk.org/index.php?topic=2702103.0 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?

Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.
Spendulus
Legendary
*
Offline Offline

Activity: 1946
Merit: 1011



View Profile
February 09, 2018, 12:59:15 PM
 #30

So as you can see from the notice above, ( https://bitcointalk.org/index.php?topic=2702103.0 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?

Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.

A finding of a problem with Electrum 3.03 and earlier certainly is a reason to move from those versions of Electrum. Logically that would be to later versions of Electrum that do not have the problem.

Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
Neuron76
Jr. Member
*
Offline Offline

Activity: 32
Merit: 15


View Profile
February 10, 2018, 05:43:52 PM
 #31

So as you can see from the notice above, ( https://bitcointalk.org/index.php?topic=2702103.0 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?

Electrum is a great wallet.
A vulnerability may be found in any wallet (even in a hardware one, Ledger is an example).
IMHO no point of moving from Electrum if you are satisfied with it.

A finding of a problem with Electrum 3.03 and earlier certainly is a reason to move from those versions of Electrum. Logically that would be to later versions of Electrum that do not have the problem.

Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.

Do you mean that cold wallet on a computer without internet may not work with the latest version of Electrum on another computer?
HCP
Hero Member
*****
Offline Offline

Activity: 658
Merit: 874

<insert witty quote here>


View Profile
February 10, 2018, 10:30:04 PM
 #32

Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
If you've downloaded the update... checked the digital signature (in the case of Electrum)... And transfer it to the air gapped computer, do you think that a user would be running any more risk than copying your transactions back and forth via USB?

Even if you messed up and downloaded a compromised version of the wallet... the fact that the computer itself is air gapped, should prevent any wallet/key leakage. At worst, the malware would only be able to try and slip something out via your USB... or potentially tamper with the transaction in some way (ie. change destination address during signing)

I would have thought that doing you due diligence of double checking your transactions and/or USB for anything "odd" should help prevent that.

Biomech
Legendary
*
Offline Offline

Activity: 1344
Merit: 1018


Anarchy is not chaos.


View Profile
February 10, 2018, 10:38:12 PM
 #33

It was my understanding that the vulnerability was specifically to ONLINE wallets, and that an air gapped cold wallet wouldn't be a problem at all. A signed raw transaction can be broadcast from any connected node, so that scenario really doesn't apply.

Unless I'm wrong Cheesy

At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.

Equaliser! Bringing the Blockchain Home  New exchange new exchange coming soon  Looks like it could be a contender. Disclosure: This is an affiliate link. Costs you nothing, might make me something. Cypherfunks will rise Again! https://bitcointalk.org/index.php?topic=469407.0
miccb
Jr. Member
*
Offline Offline

Activity: 58
Merit: 0


View Profile
February 11, 2018, 03:04:12 AM
 #34

 issue with security is less with Electrum wallet but more with the personal device. If the device is compromised then it doesn’t matter how safe Electrum is.

█❉❉❉BUBBLETONE❉❉❉█
❉Blockchain for Telecom❉
 ❉ICO Starts:March 20, 2018❉ (http://bubbletone.io/)
pooya87
Legendary
*
Online Online

Activity: 1344
Merit: 1106


Buy bitcoin they said... who listened?


View Profile
February 11, 2018, 05:26:16 AM
 #35

It was my understanding that the vulnerability was specifically to ONLINE wallets, and that an air gapped cold wallet wouldn't be a problem at all. A signed raw transaction can be broadcast from any connected node, so that scenario really doesn't apply.

Unless I'm wrong Cheesy

At any rate, I upgraded the day of the announcement, I still use and love electrum, and the fact that they found and killed the bug expeditiously does nothing to reduce my trust of this team.

you are correct.
the wallet had to be OPEN and ONLINE and also you should have had a website open which tried to execute wallet commands through JSONRPC and your wallet had to have no password for this vulnerability to work!

just having Electrum installed, or having it always offline (cold storage), or setting the simplest password could prevent this.

Spendulus
Legendary
*
Offline Offline

Activity: 1946
Merit: 1011



View Profile
February 12, 2018, 05:54:23 PM
 #36

Note that for certain cold storage applications it's required to not be updating the programs used say in an air gapped computer.
If you've downloaded the update... checked the digital signature (in the case of Electrum)... And transfer it to the air gapped computer, do you think that a user would be running any more risk than copying your transactions back and forth via USB?

Even if you messed up and downloaded a compromised version of the wallet... the fact that the computer itself is air gapped, should prevent any wallet/key leakage. At worst, the malware would only be able to try and slip something out via your USB... or potentially tamper with the transaction in some way (ie. change destination address during signing)

I would have thought that doing you due diligence of double checking your transactions and/or USB for anything "odd" should help prevent that.

lol, I Knew this concept would be controversial.

But here's where I was coming from.

Suppose you have an air gapped computer doing nothing but offline transactions. The intent is for it to sit in the corner for ten years and do that.

Now, how often and why would you mess with the programs on that thing?

Let's say for the ten years there are released 19 application program updates for a single wallet, and 26 operating system updates.

I look at that group of changes as major tampering with a secure air gapped machine. Too much too often for too little or zero return in terms of benefits.
sdp
Sr. Member
****
Offline Offline

Activity: 424
Merit: 251



View Profile WWW
February 12, 2018, 06:12:02 PM
Merited by pooya87 (1)
 #37

another option?

ingredients:
  • pen/pencil for writing: 1
  • paper to write on: as much as rquired
  • 16-sided hexadecimal dice: 1
  • an even ground to roll the dice 64 times: as big as possible!

congratulations you now own a private key. not to get your bitcoin address you need:
  • some tool to convert the hexadecimal result to a bitcoin address.
  • a DVD with live linux to run that tool

now you are only trusting ECDSA and hashes to be safe. Grin

There are no 16-faced Platonic solids.  The only games in town are: tetra-hedron, cube, decahedron, do-decahedron, and icosahedron, which have four, six, ten, twelve, and twenty-sides respectively.

You may have other shapes with exactly 16-faces but it will mean there will be a bias to some outcomes more than others.  You could use a 20-sided die and mark four of them as "re-roll".

██████████████████████████████████████████████
██████████████████████████████████████████████
█████                                    █████
█████                                    █████
█████                                    █████
█████           ▄█▄        ▄█▄           █████
█████          ████████████████          █████
█████           ▀████████████▀           █████
█████           ████▀    ▀████           █████
█████           ████▄    ▄████           █████
█████           ▄████████████▄           █████
█████          ████████████████          █████
█████           ▀█▀        ▀█▀           █████
█████                                    █████
█████                                    █████
█████                                    █████
██████████████████████████████████████████████
██████████████████████████████████████████████
▄██████████████████████████▄
██                        ██
██                        ██
██                        ██
██             ▄█▀███████████
██              ▀▀▀▀▀▀▀▀▀▀██▀
██                        ██
██                        ██
██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄██████████████████████████▄
██                        ██
██                        ██
██                        ██
██                        ██
████████████████████████████
██                        ██
██                        ██
██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄██████████████████████████▄
██                 ▄███▀  ██
██             ▄▄██▀▀  ▄█ ██
██     ▄    ▄███▀▀  ▄███  ██
██    ██▄▄██▀▀   ▄█████   ██
██   ████▀▀  ▄▄██▀▀ ▀█    ██
██  █▀▀   ▄▄██▀           ██
██    ▄▄███▀              ██
██▄▄▄████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄██████████████████████████▄
██                        ██
██  ████▄  ▄▄▄▄▄▄▄▄▄▄▄▄   ██
██     ▀█▄ ▀▀▀▀▀▀▀▀▀██    ██
██      ██         ██     ██
██       ███████████      ██
██        ▄▄     ▄▄       ██
██       ▀██▀   ▀██▀      ██
██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
▄██████████████████████████▄
██                       ▄██
██                     █████
██         ▄         ███▀ ██
██       ▄███     ▄███▀   ██
██   ▄▄███▀▀███▄████▀     ██
██▄▄███▀     ▀███▀        ██
████▀                     ██
██▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄██
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄███████████▄  ██████████████
█           █  █            █
█           █  █            █
█           █  █            █
█           █  █            █
█           █  █            █
█           █  █            █
█           █  █            █
██████▀██████  ██████▀███████
 ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
Spendulus
Legendary
*
Offline Offline

Activity: 1946
Merit: 1011



View Profile
February 12, 2018, 08:45:12 PM
 #38

another option?

ingredients:
  • pen/pencil for writing: 1
  • paper to write on: as much as rquired
  • 16-sided hexadecimal dice: 1
  • an even ground to roll the dice 64 times: as big as possible!

congratulations you now own a private key. not to get your bitcoin address you need:
  • some tool to convert the hexadecimal result to a bitcoin address.
  • a DVD with live linux to run that tool

now you are only trusting ECDSA and hashes to be safe. Grin

There are no 16-faced Platonic solids.  The only games in town are: tetra-hedron, cube, decahedron, do-decahedron, and icosahedron, which have four, six, ten, twelve, and twenty-sides respectively.

You may have other shapes with exactly 16-faces but it will mean there will be a bias to some outcomes more than others.  You could use a 20-sided die and mark four of them as "re-roll".
These dice have a top and a bottom, each with eight sides, those being 45 degrees each. Top and bottom is an eight sided pyramid.  Given that symmetry it seems reasonable to consider them as a combo of a coin flip (top or bottom) and a random one of eight.

Personally I think this is far superior to any method of computer-generating "random numbers." The simple reason is the certainty that you have that nobody has monkeyed with the subroutines, because there are none.
HCP
Hero Member
*****
Offline Offline

Activity: 658
Merit: 874

<insert witty quote here>


View Profile
February 13, 2018, 01:40:33 AM
 #39

Like this (it's even in "hex"):



There is another version of a d16... like this:



I believe you can also get this type in "hex" as well.

Spendulus
Legendary
*
Offline Offline

Activity: 1946
Merit: 1011



View Profile
February 13, 2018, 02:53:34 AM
 #40

Like this (it's even in "hex"):



There is another version of a d16... like this:



I believe you can also get this type in "hex" as well.

I'm willing to argue that flawed dice, such as ones that SDP warns about, have demonstrable irrefutable levels of randomness and hence have serious advantages over TRUST in pseudo random computer algorithms.

(onslaught of criticism expected...)
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!