How to I get rid of electrum?

[BlackHatCoiner]

I had installed it months ago, in order to generate an address, and I wanted keep that address' private key somewhere safe. I did. And then, uninstalled electrum. But few minutes ago I needed to generate another address so I downloaded it again. When I opened it after the installation it seems that it "remembered" my previous wallet's name. How is this possible? Because I'm a little paranoid.

Also, what's the point of that seed since I have the private key in a safe place?

[Rath_]

When I open it after the installation it seems that it "remembered" my previous wallet's name. How is this possible? I uninstalled it.

The uninstaller doesn't delete the data from the AppData. Press WIN + R, enter %appdata% and you should see 'Electrum' folder among some other folders.

Also, what's the point of that seed since I have the private key in a safe place?

It's much easier to back up 12 words than a long private key for a single address, isn't it? Especially, if one wants to keep the backup on some piece of paper or engrave it on some kind of metal.

[BlackHatCoiner]

Thanks.

It's much easier to back up 12 words than a long private key for a single address, isn't it?

In my opinion? It's the same thing.

[ranochigo]

Thanks.

It's much easier to back up 12 words than a long private key for a single address, isn't it?

In my opinion? It's the same thing.

Most people don't want to use the same address over and over again, mostly for privacy reasons. A seed offers much more leverage and convenience over backing up the many addresses generated when you spend your funds.

[Vaculin]

All you need to keep is the seed and you can access it anytime and in any device, names can be changed so you will be able to change it also without a problem, as long as you can access the wallet with the seed, all transaction history will be seen intact.

[BlackHatCoiner]

Since you can save your seed why don't you just export your keys in csv. You will consume the same space.

[nc50lc]

Since you can save your seed why don't you just export your keys in csv. You will consume the same space.

Is this a response to their posts or another question?
Because seed phrase should be saved in a "physical form", written in a piece of paper or other alternatives.
That key dump in csv format is too troublesome/long to write.

And obviously, they won't consume the same amount of space.
Seed phrase is only 12-words (+extension), a key dump will consume one or more notebook pages.

[Husna QA]

-snip- When I opened it after the installation it seems that it "remembered" my previous wallet's name. How is this possible? Because I'm a little paranoid.

As BitCryptex said, uninstalling Electrum only removes software, while wallet files, configuration settings, blockchain headers, etc. are not deleted and stored in the Electrum datadir. You can find it at the following location:

On Windows:
- Show hidden files
- Go to \Users\YourUserName\AppData\Roaming\Electrum (or %APPDATA%\Electrum)

On Mac:
- Open Finder
- Go to folder (shift+cmd+G) and type ~/.electrum

On Linux:
- Home Folder
- Go -> Location and type ~/.electrum

Reference: https://electrum.readthedocs.io/en/latest/faq.html

Also, what's the point of that seed since I have the private key in a safe place?

In summary, a the private key is what lets you access the funds associated with one public address in your wallet. But when you create new public addresses for each new deposit to your wallet for security reasons, it also creates a new private key which means when you backup your wallet, you’ll have to save all these public key - private key pairs. Instead if your wallet is Deterministic, you could simply use the seed words to restore your wallet. Seed words can be used to programatically generate all the public key - private key pairs you own.

[BlackHatCoiner]

Yes but isn't easier for someone to brute force a seed? Sorry, but I don't get how the seed works. You say that by having it you have access to all of your keys. Does it work like that?

Private key 1 = Hash(seed +"1")
Private key 2 = Hash (seed + "2")

And so on.

[mocacinno]

Yes but isn't easier for someone to brute force a seed? Sorry, but I don't get how the seed works. You say that by having it you have access to all of your keys. Does it work like that?

Private key 1 = Hash(seed +"1")
Private key 2 = Hash (seed + "2")

And so on.

Many interesting discussions have been devoted to this topic... For example: bitcointalk.org/index.php?topic=1716725.0

Bottom line is pretty simple: no, it's not easy to brute force a seed...

A seed might look like just 12 words out of a fixed wordlist... So a normal person would assume it's as safe as a 12 character password... But it's not... It's as safe as a 12 character password using random characters out of a 2048 character set (well, the last word is a checksum)... And to top it off, one iteration while brute-forcing a seed is very resouce intensive (seed => master private key => derivation of private key 1 => public key 1 => address 1 => checking for balance... derive the next private key, check all derivation paths,...).

So far, i haven''t heared about any key collisions that weren't caused by some bug in the rng...

It's just one of those things that are hard to grasp, a seed looks really easy to brute-force since it's just a string of 12 words you actually know... But if you'd try to write a small script to scan the complete keyspace, you'd very soon learn that it's basically "allmost impossible" (defenately with the hardware we currently have)

[NeuroticFish]

I had installed it months ago, in order to generate an address, and I wanted keep that address' private key somewhere safe. I did.

I think that you are doing it wrong. If the computer had any "surprise" on it you'll find out very late, when the funds from your safe wallet get vanished.
I'd consider using a live OS (maybe on a stick) which you use only for this purpose (with no internet, obviously). And then you'll format the stick and you are pretty much OK. If you use Tails with default settings you'll have Electrum on it and it will never save the wallet, so you are sure the data is lost at reboot.

Also writing down the private key is easy to mistake, be careful.

It's much easier to back up 12 words than a long private key for a single address, isn't it?

In my opinion? It's the same thing.

Actually writing down seed is easier. But beware, Electrum seed works only with Electrum (if you use it with a different wallet you'll get different addresses).

[BlackHatCoiner]

I think that you are doing it wrong. If the computer had any "surprise" on it you'll find out very late, when the funds from your safe wallet get vanished.
I'd consider using a live OS (maybe on a stick) which you use only for this purpose (with no internet, obviously). And then you'll format the stick and you are pretty much OK. If you use Tails with default settings you'll have Electrum on it and it will never save the wallet, so you are sure the data is lost at reboot.

Ah don't tell me that stuff... I think I've been a big paranoid enough. I don't think anyone will stole my funds, like ever...

[o_e_l_e_o]

Private key 1 = Hash(seed +"1")
Private key 2 = Hash (seed + "2")

It's actually:

Seed phrase and passphrase (if used) are fed in to 2048 rounds of PBKDF2 using HMAC-SHA512 to derive a 512 bit seed number.
512 bit seed number undergoes HMAC-SHA512 to generate master private key and master chain code.
Master public key is calculated from master private key using elliptic curve multiplication.
Master public key, master chain code, and index number are fed in to HMAC-SHA512, and the left 256 bits added to the master private key to generate a child private key. The right 256 bits become the child chain code.
Repeat the last step multiple times to work down the derivation path to reach your desired private key - for a legacy address on Electrum this will be m/44'/0'/0'/0/0.

Backing up a seed phrase is better than backing up an individual private key for multiple reasons. It is easier to do (since you should be writing it down by hand on paper and not storing it electronically), it is less prone to errors, it provides access to all your addresses instead of just one, it doesn't encourage address reuse, it solves problems with change outputs, and the list goes on.

-snip-

Although you are obviously correct regarding a seed phrase being secure, it actually doesn't matter if BlackHatCoiner thinks it is more secure or not. He used Electrum to generate a private key, which means that private key must have come from a seed phrase. Whether or not he backs up the seed phrase or not makes no difference to the fact that his address is only as secure as the seed phrase which generated it.

[mocacinno]

@o_e_l_e_o: you are 100% correct, but you messed up the quote in your previous post...

I never claimed that:
Private key 1 = Hash(seed +"1")
Private key 2 = Hash (seed + "2")

I was quoting BlackHatCoiner when he assumed this fact, but the quote has been messed up so it looks like i was the one who made this assumption

[o_e_l_e_o]

My bad - deleted the wrong line from the reply. Fixed.

[NotATether]

Electrum-style seed phrases select a word from a dictionary of 2048 words, so take the exponent of that by eleven (the last word is a checksum as o_e_l_e_o said) and you get 2.658456e+36, while the number of valid private keys is many times larger, 2**256 minus a relatively smaller, but still extremely large, number, to give 1.1579209e+77 combinations.

Still, it's easier to disguise a seed phrase when you write it down than a private key. You could put several dummy words in the phrase and arrange them in a pattern that only you know, and that's possible because they are just a bunch of words. You can even write them in a different language if you want to obscure them. Whereas a private key has a fixed format that anybody with technical knowledge can recognize.

[bitmover]

It's much easier to back up 12 words than a long private key for a single address, isn't it?

In my opinion? It's the same thing.

Seed and private keys are very different things

A seed is a master key which is able to generate all of your private keys, which are mathematically related. Saving a bunch of private keys without their mathematical relationship in a piece of paper is very uncomfortable, dangerous, tiresome and inefficient.

From mastering bitcoin:

https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc
Deterministic wallets were developed to make it easy to derive many keys from a single "seed." The most advanced form of deterministic wallets is the HD wallet defined by the BIP-32 standard. HD wallets contain keys derived in a tree structure, such that a parent key can derive a sequence of children keys, each of which can derive a sequence of grandchildren keys, and so on, to an infinite depth. This tree structure is illustrated in Type-2 HD wallet: a tree of keys generated from a single seed.

Saving a seed results in:


You are doing this:

[pooya87]

Electrum-style seed phrases select a word from a dictionary of 2048 words, ~~ (the last word is a checksum as o_e_l_e_o said) ~.

this is wrong.
you are thinking of BIP39 mnemonics not Electrum since the later do not use checksum at all. there is an initial version byte that must be satisfied and could act as a checksum but it isn't exactly a checksum specially since it is too small (8-bits or 12-bits depending on the type).
as for the dictionary, Electrum is not limited to the default dictionaries and can have any custom ones that contain any number of words.

Still, it's easier to disguise a seed phrase when you write it down than a private key. You could put several dummy words in the phrase and arrange them in a pattern that only you know, and that's possible because they are just a bunch of words. You can even write them in a different language if you want to obscure them. Whereas a private key has a fixed format that anybody with technical knowledge can recognize.

that does not give you any kind of meaningful security.

[o_e_l_e_o]

Electrum-style seed phrases select a word from a dictionary of 2048 words, so take the exponent of that by eleven (the last word is a checksum as o_e_l_e_o said) and you get 2.658456e+36

Further to pooya87's reply above, when we are considering BIP39 phrases (and not Electrum phrases) the last word is not wholly a checksum. It contains the checksum, but it also contains some of your entropy as well. The exact proportions of each are dependent on how long your phrase is.

In BIP39 seed phrases, there is 1 bit of checksum for every 32 bits of entropy, and each word encodes 11 bits of data. So for a 12 word phrase, which contains 12*11 = 132 bits of data, 128 bits are entropy and 4 bits are checksum. This means the final word encodes 7 bits of entropy and the 4 bits of checksum. For a 24 word phrase, the final word encodes 3 bits of entropy and 8 bits of checksum.

Because of this, it's not accurate to calculate the security of BIP39 phrases by calculating 2048 raised to the number of words. Instead you have to calculate 2 raised to the bits of entropy - 2¹²⁸ in the case of 12 word seed phrases, or 2²⁵⁶ in the case of 24 words.

[HCP]

He used Electrum to generate a private key, which means that private key must have come from a seed phrase. Whether or not he backs up the seed phrase or not makes no difference to the fact that his address is only as secure as the seed phrase which generated it.

Does Electrum not work like BIP39 in the sense that you start with a random seed (ie. very large random number)... and then convert that seed to the mnemonic phrase? As opposed to generating a mnemonic phrase and then going from that to the seed?

It's been such a long time since I looked at the inner workings of the Electrum code