Bitcoin Forum
October 23, 2018, 02:18:15 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Somewhat clueless questions about the Electrum seed, and security in general  (Read 1030 times)
oda.krell
Legendary
*
Offline Offline

Activity: 1470
Merit: 1007



View Profile
November 05, 2013, 01:57:55 PM
 #1

Hey.

I'm somewhere between "completely clueless" and "mildly informed" on this topic, so please forgive me if I get the terminology wrong or misunderstood something. That said, here's my question:

Electrum uses deterministic key generation, i.e. it derives my private keys "on demand" from the seed generated at the time of installation/wallet creation.

(Roughly) correct so far?

This key is stored *unencrypted* by default inside electrum.dat, but setting a transaction password will make electrum *encrypt* the seed. Correct?

Here's my question: say someone gets physical access of my computer. My hdd is not encrypted, so he will be able to receive a complete copy of all files on my computer.

The seed is encrypted with a 128 bit key, so assuming my password was chosen sufficiently random, the seed should be protected.

But what about the password itself? I realized I have no clue how the password is stored, and if it is a possible attack vector to retrieve the password, and with the help of it, retrieving the seed.

Can you explain how that approach is prevented (note that by "explain" I mean: a bit more technical than "Explain like I'm 5", but not with the full detail of "Explain like I'm an open source encryption software developer" :P)

Not sure which Bitcoin wallet to use? Take a look at Electrum.
Electrum is an open-source lightweight client: user friendly, fast, and guaranteed to keep your coins safe.
Get the executables (Windows, OSX, Linux, Android), source code and documentation on the Electrum homepage.
1540261095
Hero Member
*
Offline Offline

Posts: 1540261095

View Profile Personal Message (Offline)

Ignore
1540261095
Reply with quote  #2

1540261095
Report to moderator
1540261095
Hero Member
*
Offline Offline

Posts: 1540261095

View Profile Personal Message (Offline)

Ignore
1540261095
Reply with quote  #2

1540261095
Report to moderator
1540261095
Hero Member
*
Offline Offline

Posts: 1540261095

View Profile Personal Message (Offline)

Ignore
1540261095
Reply with quote  #2

1540261095
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
al.matic
Newbie
*
Offline Offline

Activity: 57
Merit: 0


View Profile
November 05, 2013, 02:24:08 PM
 #2

But what about the password itself? I realized I have no clue how the password is stored, and if it is a possible attack vector to retrieve the password, and with the help of it, retrieving the seed.

I don't think the password is stored anywhere. When you type the password Electrum derives the wallet encryption/decryption key directly from the password (it does not compare the password or its hash with anything).
ThomasV
Moderator
Legendary
*
Offline Offline

Activity: 1899
Merit: 1017



View Profile WWW
November 05, 2013, 06:10:15 PM
 #3

The seed is 128 bits long. (which is very strong, because it corresponds, in terms of bruteforce iterations, to the strength of a 256 bits ecdsa public key, not to a 128 bits key)
The seed is encrypted with the user chosen password.

Whenever something needs to be signed (for example if you spend bitcoins), then the seed is temporarily decrypted with the user provided password.

Electrum: the convenience of a web wallet, without the risks
oda.krell
Legendary
*
Offline Offline

Activity: 1470
Merit: 1007



View Profile
November 05, 2013, 06:34:12 PM
 #4

Okay, I see. My misconception was that I assumed the user password had to be stored somewhere, when in reality, it is itself the key for decrypting the seed. D'oh.

In other words, someone gaining physical access to my (Electrum) files will gain no additional benefit over trying to brute force the user password directly.

Not sure which Bitcoin wallet to use? Take a look at Electrum.
Electrum is an open-source lightweight client: user friendly, fast, and guaranteed to keep your coins safe.
Get the executables (Windows, OSX, Linux, Android), source code and documentation on the Electrum homepage.
fireduck
Sr. Member
****
Offline Offline

Activity: 390
Merit: 251



View Profile
November 05, 2013, 07:20:14 PM
 #5

Okay, I see. My misconception was that I assumed the user password had to be stored somewhere, when in reality, it is itself the key for decrypting the seed. D'oh.

In other words, someone gaining physical access to my (Electrum) files will gain no additional benefit over trying to brute force the user password directly.

An attacker needs the seed.  If you are using a password their options are:

If they have physical access to your stuff:
- Read the piece of paper you probably have your seed words on

If they can run things on your computer (malware):
- Read the seed out of your computers RAM when you type in your password
- Read the electrum files off your drive and read your password when you type it
- Read the electrum files off your drive and brute force your password


Bitrated user: fireduck.
bizz
Hero Member
*****
Offline Offline

Activity: 492
Merit: 500


View Profile
November 05, 2013, 09:55:25 PM
 #6

Okay, I see. My misconception was that I assumed the user password had to be stored somewhere, when in reality, it is itself the key for decrypting the seed. D'oh.

In other words, someone gaining physical access to my (Electrum) files will gain no additional benefit over trying to brute force the user password directly.

If they can run things on your computer (malware):
- Read the seed out of your computers RAM when you type in your password
- Read the electrum files off your drive and read your password when you type it
- Read the electrum files off your drive and brute force your password



To continue: if you create offline Electrum system (http://electrum.org/tutorials.html#offline-mpk) you can remove those risks.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!