Difference from Electrum HD wallet to Core HD wallet.dat file

[cellard]

Which are the security differences comparing the Electrum HD wallet which has an exportable seed to the HD wallet.dat from Bitcoin Core software?

For cold storage and assuming both wallets are created in airgapped computers, which one would you trust the most and why?

Being able to export the seed from Electrum seems handy but I have always been very paranoid about it.

[ranochigo]

In terms of convenience, Electrum wins Core with no questions. Electrum allows the user to export the keys and to store a physical copy of the seeds thus giving them the reliability of physical backups. It's not possible with wallet.dat.

In terms of security, Core would win. Core allows the user to encrypt their wallet and thus giving them a better security. While Core allows the user to export its HD key, the wallet still has to be backed-up relatively frequently whenever the password is changed. It does seem more of a hassle to manage the wallet.dat.

I would trust Electrum more. I am confident that I can manage my own seeds well without the use of passwords and it can be stored relatively easily without considering the degradation of storage media for the wallet.dat files.

[achow101]

In terms of convenience, Electrum wins Core with no questions. Electrum allows the user to export the keys and to store a physical copy of the seeds thus giving them the reliability of physical backups. It's not possible with wallet.dat.

While it is inconvenient to do, it is possible to get the seed value (not a mnemonic, which many people, including you, confuse for being the seed) from Bitcoin Core and back that up. The seed value can be gotten using the dumpwallet command and the seed value will be there in WIF format. You can use that with sethdseed to restore the seed value to a new wallet.

In terms of security, Core would win. Core allows the user to encrypt their wallet and thus giving them a better security.

You can encrypt Electrum wallets too.

While Core allows the user to export its HD key, the wallet still has to be backed-up relatively frequently whenever the password is changed. It does seem more of a hassle to manage the wallet.dat.

That is untrue. The seed does not change when the password is changed. It is only changed when the wallet is first encrypted.

Which are the security differences comparing the Electrum HD wallet which has an exportable seed to the HD wallet.dat from Bitcoin Core software?

Besides the seed, there are other security concerns with the derivation of private keys themselves. Electrum uses a derivation path with non-hardened derivation nodes since it follows BIP 44. There is an inherent security risk to this because it is possible to retrieve the private key of the parent of a non-hardened node if you have the private key of that non-hardened node, and the extended public key (xpub) of the parent. With hardened derivation, this is not possible. Bitcoin Core uses exclusively hardened derivation paths. Unfortunately this makes public derivation impossible so it is more annoying to use as you have to import addresses to watch.

I would trust Bitcoin Core more in general.

[ranochigo]

While Core allows the user to export its HD key, the wallet still has to be backed-up relatively frequently whenever the password is changed. It does seem more of a hassle to manage the wallet.dat.

That is untrue. The seed does not change when the password is changed. It is only changed when the wallet is first encrypted.

Ah I see. But wouldn't that make the changing of passwords useless? If the seeds aren't changed, the derivation of the addresses for the wallet.dat (with new password) the same as the one in the older HD wallet? This would make the old and the new wallet essentially the same and anyone who gains access to the old wallets can continue to steal funds from newer address.

From what I understood, the seed is refreshed with a password change and all of the addresses used previously are exported into the wallet.dat. I'm sure I may be missing something here.

[cellard]

Which are the security differences comparing the Electrum HD wallet which has an exportable seed to the HD wallet.dat from Bitcoin Core software?

Besides the seed, there are other security concerns with the derivation of private keys themselves. Electrum uses a derivation path with non-hardened derivation nodes since it follows BIP 44. There is an inherent security risk to this because it is possible to retrieve the private key of the parent of a non-hardened node if you have the private key of that non-hardened node, and the extended public key (xpub) of the parent. With hardened derivation, this is not possible. Bitcoin Core uses exclusively hardened derivation paths. Unfortunately this makes public derivation impossible so it is more annoying to use as you have to import addresses to watch.

I would trust Bitcoin Core more in general.

Thanks, this is I think what I once read about but vaguely remember. I've always been paranoid about this "remember this seed that spawns your entire wallet's history" cryptography. I think it is insanity actually. But man, it is really tempting to use it. It's kinda cool to be able to have your wallet "in your brain" so to speak, so even if you have a domestic accident of sorts, like your house is set on fire, a flood and whatnot, you don't have to worry about physical loses because you still have the seed.

The question would be: What has higher chances of disaster: Loss of funds due an Electrum weakness, or loss of funds because of an accident/physical theft stealing your wallet.dat files?

If there was some place online that one could trust, you could have a backup of an encrypted wallet.dat I guess, (like some of those supposedly encrypted end-to-end mail providers for instance) however, that is another risk you have to add.

[joniboini]

If there was some place online that one could trust, you could have a backup of an encrypted wallet.dat I guess, (like some of those supposedly encrypted end-to-end mail providers for instance) however, that is another risk you have to add.

I'd rather not trust anyone to keep my wallet.dat files, even if I know them in real life. We don't know for sure what happens on their end (learned this the hard way). If you want to make a backup for the wallet file just store it offline. Buy a new computer or air-gapped devices to store your wallet details.

[Lucius]

Thanks, this is I think what I once read about but vaguely remember. I've always been paranoid about this "remember this seed that spawns your entire wallet's history" cryptography. I think it is insanity actually. But man, it is really tempting to use it. It's kinda cool to be able to have your wallet "in your brain" so to speak, so even if you have a domestic accident of sorts, like your house is set on fire, a flood and whatnot, you don't have to worry about physical loses because you still have the seed.

The question would be: What has higher chances of disaster: Loss of funds due an Electrum weakness, or loss of funds because of an accident/physical theft stealing your wallet.dat files?

If there was some place online that one could trust, you could have a backup of an encrypted wallet.dat I guess, (like some of those supposedly encrypted end-to-end mail providers for instance) however, that is another risk you have to add.

When it comes to cryptocurrency maximum safety is the most important, and I think a good number of users still do not understand how important it is to take advantage of all available opportunities that we have today. I remember that my first wallet was Bitcoin Core and then I switch to MultiBit Classic, and from first day backup is something that was most important to me in addition to keeping my personal computer clean from viruses/malware.

Electrum HD has changed things to the better for users, now we only need seed words as backup - but it has also added a new attack vector on users in the form of false wallets/phishing sites responsible for the loss of fairly large funds.

Electrum is great wallet, but only if you use it on clean device and if seed is in a safe place, otherwise it becomes a risk which I personally do not want to have with my BTC. It it same for any type of online backup, for me this is something what is not an option.

[hatshepsut93]

Electrum HD has changed things to the better for users, now we only need seed words as backup - but it has also added a new attack vector on users in the form of false wallets/phishing sites responsible for the loss of fairly large funds.

Is this really a new attack vector though? Thieves could just as easily create fake Core wallet and spread it through google ads.

Electrum is great wallet, but only if you use it on clean device and if seed is in a safe place, otherwise it becomes a risk which I personally do not want to have with my BTC. It it same for any type of online backup, for me this is something what is not an option.

This is true for any wallet or crypto system, no one has invented a software that can safely manage crypto keys on a potentially infected machine. As for backups, Electrum has a small advantage because mnemonic seeds are easier to manage so they are less likely to get lost.

Also, everyone should be using some sort of cold storage, because exposing your wallets to the Internet is an unnecessary risk. This is more important than small differences between Core and Electrum wallets.

[bob123]

While Core allows the user to export its HD key, the wallet still has to be backed-up relatively frequently whenever the password is changed. It does seem more of a hassle to manage the wallet.dat.

That is untrue. The seed does not change when the password is changed. It is only changed when the wallet is first encrypted.

Ah I see. But wouldn't that make the changing of passwords useless? If the seeds aren't changed, the derivation of the addresses for the wallet.dat (with new password) the same as the one in the older HD wallet? This would make the old and the new wallet essentially the same and anyone who gains access to the old wallets can continue to steal funds from newer address.

From what I understood, the seed is refreshed with a password change and all of the addresses used previously are exported into the wallet.dat. I'm sure I may be missing something here.

The reason to change the password is to have a different password.

The wallet file itself is encrypted using a randomly created master key. This master key is then encrypted with a derivation (using SHA512) from the password.

Therefore changing the password doesn't change anything inside of your wallet (besides how to decrypt the master key (which is used to encrypt/decrypt the sensitive information)).


If someone has access to your old wallet file, he can access it using the old password.
The same wallet file with a changed password is basically the same wallet, just accessible with a different password.