Bitcoin Forum
November 21, 2017, 08:08:01 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Somewhat clueless questions about the Electrum seed, and security in general  (Read 1014 times)
oda.krell
Legendary
*
Offline Offline

Activity: 1386



View Profile
November 05, 2013, 01:57:55 PM
 #1

Hey.

I'm somewhere between "completely clueless" and "mildly informed" on this topic, so please forgive me if I get the terminology wrong or misunderstood something. That said, here's my question:

Electrum uses deterministic key generation, i.e. it derives my private keys "on demand" from the seed generated at the time of installation/wallet creation.

(Roughly) correct so far?

This key is stored *unencrypted* by default inside electrum.dat, but setting a transaction password will make electrum *encrypt* the seed. Correct?

Here's my question: say someone gets physical access of my computer. My hdd is not encrypted, so he will be able to receive a complete copy of all files on my computer.

The seed is encrypted with a 128 bit key, so assuming my password was chosen sufficiently random, the seed should be protected.

But what about the password itself? I realized I have no clue how the password is stored, and if it is a possible attack vector to retrieve the password, and with the help of it, retrieving the seed.

Can you explain how that approach is prevented (note that by "explain" I mean: a bit more technical than "Explain like I'm 5", but not with the full detail of "Explain like I'm an open source encryption software developer" :P)

Not sure which Bitcoin wallet to use? I suggest to take a look at Electrum.
Electrum is an open-source lightweight client: user friendly, fast, and one of the safest ways to store, send or receive bitcoins.
For executables (Windows, OSX, Linux, Android), source code and documentation, see the Electrum homepage.
1511294881
Hero Member
*
Offline Offline

Posts: 1511294881

View Profile Personal Message (Offline)

Ignore
1511294881
Reply with quote  #2

1511294881
Report to moderator
1511294881
Hero Member
*
Offline Offline

Posts: 1511294881

View Profile Personal Message (Offline)

Ignore
1511294881
Reply with quote  #2

1511294881
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511294881
Hero Member
*
Offline Offline

Posts: 1511294881

View Profile Personal Message (Offline)

Ignore
1511294881
Reply with quote  #2

1511294881
Report to moderator
1511294881
Hero Member
*
Offline Offline

Posts: 1511294881

View Profile Personal Message (Offline)

Ignore
1511294881
Reply with quote  #2

1511294881
Report to moderator
1511294881
Hero Member
*
Offline Offline

Posts: 1511294881

View Profile Personal Message (Offline)

Ignore
1511294881
Reply with quote  #2

1511294881
Report to moderator
al.matic
Jr. Member
*
Offline Offline

Activity: 57


View Profile
November 05, 2013, 02:24:08 PM
 #2

But what about the password itself? I realized I have no clue how the password is stored, and if it is a possible attack vector to retrieve the password, and with the help of it, retrieving the seed.

I don't think the password is stored anywhere. When you type the password Electrum derives the wallet encryption/decryption key directly from the password (it does not compare the password or its hash with anything).
ThomasV
Moderator
Legendary
*
Offline Offline

Activity: 1892



View Profile WWW
November 05, 2013, 06:10:15 PM
 #3

The seed is 128 bits long. (which is very strong, because it corresponds, in terms of bruteforce iterations, to the strength of a 256 bits ecdsa public key, not to a 128 bits key)
The seed is encrypted with the user chosen password.

Whenever something needs to be signed (for example if you spend bitcoins), then the seed is temporarily decrypted with the user provided password.

Electrum: the convenience of a web wallet, without the risks
oda.krell
Legendary
*
Offline Offline

Activity: 1386



View Profile
November 05, 2013, 06:34:12 PM
 #4

Okay, I see. My misconception was that I assumed the user password had to be stored somewhere, when in reality, it is itself the key for decrypting the seed. D'oh.

In other words, someone gaining physical access to my (Electrum) files will gain no additional benefit over trying to brute force the user password directly.

Not sure which Bitcoin wallet to use? I suggest to take a look at Electrum.
Electrum is an open-source lightweight client: user friendly, fast, and one of the safest ways to store, send or receive bitcoins.
For executables (Windows, OSX, Linux, Android), source code and documentation, see the Electrum homepage.
fireduck
Sr. Member
****
Offline Offline

Activity: 366



View Profile
November 05, 2013, 07:20:14 PM
 #5

Okay, I see. My misconception was that I assumed the user password had to be stored somewhere, when in reality, it is itself the key for decrypting the seed. D'oh.

In other words, someone gaining physical access to my (Electrum) files will gain no additional benefit over trying to brute force the user password directly.

An attacker needs the seed.  If you are using a password their options are:

If they have physical access to your stuff:
- Read the piece of paper you probably have your seed words on

If they can run things on your computer (malware):
- Read the seed out of your computers RAM when you type in your password
- Read the electrum files off your drive and read your password when you type it
- Read the electrum files off your drive and brute force your password

bizz
Hero Member
*****
Offline Offline

Activity: 492


View Profile
November 05, 2013, 09:55:25 PM
 #6

Okay, I see. My misconception was that I assumed the user password had to be stored somewhere, when in reality, it is itself the key for decrypting the seed. D'oh.

In other words, someone gaining physical access to my (Electrum) files will gain no additional benefit over trying to brute force the user password directly.

If they can run things on your computer (malware):
- Read the seed out of your computers RAM when you type in your password
- Read the electrum files off your drive and read your password when you type it
- Read the electrum files off your drive and brute force your password



To continue: if you create offline Electrum system (http://electrum.org/tutorials.html#offline-mpk) you can remove those risks.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!