Where does verifying the signature help?

[BlackHatCoiner]

In electrum.org it says that hackers can hack the site and replace their own software that hides malicious code in the electrum software.

It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too? Also, by that tutorial of how to verify electrum I don't get why should I trust gpg4win.org, couldn't this site get compromised as well?

And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?

Anyway, back to the point, I have reset my windows 10 laptop. I've downloaded from another laptop electrum-4.0.2-setup.exe and then I transfered it to a usb. The clear laptop (the one I reset) is not internet connected and it'll never be. I've verified the signature (same way, downloaded to my old laptop and transfered the file with a usb).

Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?

[1715052776]

1715052776

[1715052776]

1715052776

[1715052776]

1715052776

[1715052776]

1715052776

[jackg]

The idea of using gpg verification is offering that extra bit of security. When you first download the key sure it may be compromised but surely people would notice? You cam also generally save a key pair for verification at a later stage.

Also keys should be staked in different places - the github, potentially tomasv's account here, the site and some directories. Sites can be compromised, it's just a case of hacking the dns or social engineering with the registrar.

If the computer is staying offline then yes it is effectively cold storage. The only way you'll lose your funds if it has been verified is if you lose the seed.

[BlackHatCoiner]

If the computer is staying offline then yes it is effectively cold storage. The only way you'll lose your funds if it has been verified is if you lose the seed.

I'm gonna be a little paranoid, but I didn't format the laptop. I just reset it from the Reset button of windows 10. Whole reset tho. Deleted the entire system. Is there any possibility to... you know... have generated addresses by hackers of the previous system? I've read that files remain on hard drive, even on format.

I'm not using seed. I've just packed some thousands of addresses plus their private keys. Honestly, I'm not using seeds for one reason. I have not understood how they work (and I find them pretty less secure). Hence, I'm not touching them.

[bob123]

In electrum.org it says that hackers can hack the site and replace their own software that hides malicious code in the electrum software.

It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too?

It is possible.
But an attacker would have to compromise 1) the website/server and 2) the PGP key which is (hopefully) stored securely offline.

It simply adds another layer of protection.

And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?

Yes, it is.
By compromising the server.

Yes, those sites differ.
One is a multi billion dollar company, the other is an open source project.

Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?

If your PC never goes online, yes it is cold storage.
There is always a possibility of losing coins. For example by getting malware to your cold storage PC via USB and transferring the private keys out via the USB and the online PC.

Nothing is 100% secure.

[hugeblack]

The short answer is if you cannot verify every line of the code, then you must trust the developers. Verify signature gives you an opportunity to make sure (Not 100%), that the code was signed by the real developer and not scam.
You can verify the signature using several programs, and hacking a site like electrum.org will not pass without making a fuss but again, unless you can read every line in soruce code, you must trust dev.

Cold storage is simply that private keys/wallet seed are created in an environment that does not and will not connect to the Internet, so if the device connects at any moment to the Internet, it will not be considered a cold storage.


BTW: I am currently studying a subject related to probability, but in an advanced way, so if I find some time, I will create some chart for you to the possibility of losing your money if electrum.org hacked, wallet bugs, gpg4win.org, and all of them.

[Abdussamad]

In electrum.org it says that hackers can hack the site and replace their own software that hides malicious code in the electrum software.

It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too? Also, by that tutorial of how to verify electrum I don't get why should I trust gpg4win.org, couldn't this site get compromised as well?

And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?

Anyway, back to the point, I have reset my windows 10 laptop. I've downloaded from another laptop electrum-4.0.2-setup.exe and then I transfered it to a usb. The clear laptop (the one I reset) is not internet connected and it'll never be. I've verified the signature (same way, downloaded to my old laptop and transfered the file with a usb).

Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?

digital signatures that are modified are no longer valid. they will not verify.

gpg4win provides an easy to use gui frontend to gnu privacy guard on windows. its releases are also gpg signed so you can verify them. there are alternative software that you can use gpg itself or kleopatra which is cross platform.

[Abdussamad]

In electrum.org it says that hackers can hack the site and replace their own software that hides malicious code in the electrum software.

It says that we have to verify the signature of electrum.org, in order to be sure that the software was not compromised. Now I'm asking, why are we 100% sure that they can't change his signature too? Also, by that tutorial of how to verify electrum I don't get why should I trust gpg4win.org, couldn't this site get compromised as well?

And a bigger question, how exactly can you compromise a site?? Is this possible? Does google.com differs from electrum.org?

Anyway, back to the point, I have reset my windows 10 laptop. I've downloaded from another laptop electrum-4.0.2-setup.exe and then I transfered it to a usb. The clear laptop (the one I reset) is not internet connected and it'll never be. I've verified the signature (same way, downloaded to my old laptop and transfered the file with a usb).

Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?

digital signatures that are modified are no longer valid. they will not verify.

gpg4win provides an easy to use gui frontend to gnu privacy guard on windows. its releases are also gpg signed so you can verify them. there are alternative software that you can use gpg itself or kleopatra which is cross platform.

Is this a purely cold storage? Can I buy a thousands bitcoins now without having the fear of losing my coins?

yep

[target]

I have not tried recovering coins from a wallet installed in windows but so far base on what I've read is that you also need to keep the .dat file upon recovering. This is in case your computer mysteriously just died. Recovering will need your private key and seed and the .dat file, maybe just keep them all for to make sure yo ucan recover your wallet.

Signature is for checking whether the downloaded file isn't corrupted and the correct file. If the server is hacked then you could be downloading the different file.

[HCP]

I'm not using seed. I've just packed some thousands of addresses plus their private keys. Honestly, I'm not using seeds for one reason. I have not understood how they work (and I find them pretty less secure). Hence, I'm not touching them.

I'm not sure why you consider one "very large randomly generated" number any less secure than 1000 "very large randomly generated" numbers...

A seed is basically just another "private key"... For a deterministic wallet, it's the starting point for deriving all your other private keys... such that you will be able to recover all of your private keys, knowing just the seed. It makes backups ridiculously easy and means you only need to secure 1 thing... instead of 1000 things... which makes it a lot easier to create an "offline" backup that is non-digital and can be stored in "permanent" media (like paper, stamped into metal etc)

Whereas, for a non-deterministic wallet, if you lose your private keys, they're gone... you'll never be able to recreate them in a billion years of trying... and writing/printing out thousands of keys is a nightmare! Nevermind trying to recover from those backups! Your only real option would be "digital" backups of wallet files and such.


So, what is it exactly that you don't understand about seeds? ... and why do you consider them "less secure"?

[pooya87]

I'm not using seed. I've just packed some thousands of addresses plus their private keys. Honestly, I'm not using seeds for one reason. I have not understood how they work (and I find them pretty less secure). Hence, I'm not touching them.

that makes no sense. if i am not mistaken, based on your other topic you have created these "thousands of addresses" using Electrum and seed(s) so you are using it just making things that much more difficult for yourself. specifically since you can not recover any of these addresses since they are not deterministic and you don't seem to have the back up of the seed(s) stored.

[BlackHatCoiner]

How exactly can one seed save a thousand addresses? It can only 30 as I know.

Secondly, as I said, I'm not using it because it's unknown technology for me. I'm saving the private keys inside rars with very strong passwords  in safe places. I don't have to worry about anything.

[hosseinimr93]

How exactly can one seed save a thousand addresses? It can only 30 as I know.

Any seed phrase can generate millions of addresses.
If you see only 30 addresses in your wallet, that's how your wallet works.

You can test this using iancoleman.
Generate a seed phrase and then click on "more rows" at bottom of addresses shown.

[o_e_l_e_o]

How exactly can one seed save a thousand addresses? It can only 30 as I know.

You should read this: https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc

Put simply, your seed phrase (plus any additional passphrase you might use) is converted in to a 512 bit number using a hash function. This number is hashed again to produce your "master private key". This master private key can be combined with an a 32 bit index number* and hashed again to create around 4.3 billion different child private keys. These private keys can be used to create addresses, or they can also be hashed with an index number to create 4.3 billion more keys each, and so on, and so on. The derivation paths you see used, for example, m/44'/0'/0'/0/0, tell you the index numbers used at each level of hashing to reach the final private key.

If you want to create more than 30 addresses in Electrum, then go the Console tab and enter the following to create 100 more:

Code:

[wallet.create_new_address(False) for i in range(100)]

Secondly, as I said, I'm not using it because it's unknown technology for me. I'm saving the private keys inside rars with very strong passwords  in safe places. I don't have to worry about anything.

You definitely need to worry. Creating a RAR file doesn't mean it is automatically encrypted, and even if it is encrypted, it may be done so insecurely. It all depends on the software you are using. To add the keys to the RAR file, they must first exist on your computer in unprotected plain text, which is a massive risk. If your password is something you have thought up and can remember, then it isn't secure enough.

There is a reason that every good wallet and every knowledgeable user tells you to store your seed phrase on paper. Your own system is far inferior.


*For anyone about to correct me, I know it is the public key and not the private key that is hashed in unhardened derivation, and I know there is also the chain code, and I know the 4.3 billion is for unhardened and hardened keys combined, but in the interests of keeping things simple I glossed over all that.

[BlackHatCoiner]

You definitely need to worry. Creating a RAR file doesn't mean it is automatically encrypted, and even if it is encrypted, it may be done so insecurely. It all depends on the software you are using. To add the keys to the RAR file, they must first exist on your computer in unprotected plain text, which is a massive risk. If your password is something you have thought up and can remember, then it isn't secure enough.

There is a reason that every good wallet and every knowledgeable user tells you to store your seed phrase on paper. Your own system is far inferior.

Why do I definitely have to worry? I'm using winrar to create an encrypted rar with the private keys on non internet connected computer.

How exactly can you crack a rar without brute forcing it?

[o_e_l_e_o]

I'm using winrar to create an encrypted rar with the private keys on non internet connected computer.

Is the computer permanently airgapped, or have you just unplugged the internet cable? Have you used a clean OS? Once you've created the encrypted file, are you wiping the plain text keys from your hard drive (and I mean actually wiping them by writing over the memory regions with random data, not just deleting the file they are stored in).

How exactly can you crack a rar without brute forcing it?

If you've used AES-256, then yes, mostly likely an attacker would need to brute force it. Did you pick a password yourself, or did you use an open source password manager to generate a long and random password for you? How are you storing this password separately from the RAR files? How are you backing up this password?

No security system is ever 100% safe, but you are introducing a lot of extra unknowns and a lot of unnecessary risk.

[bob123]

How exactly can you crack a rar without brute forcing it?

By attacking the (poorly implemented) crypto, for example.

WinRAR was vulnerable for a very long time because they always used the same IV.
Such an encrypted archive could have been decrypted by anyone in less than a minute.

Meanwhile, this vulnerability has been fixed.
But given the fact that this vulnerability was present for a very long time and is incredibly severe, i wouldn't be surprised if there were more mistakes in the implementation.

[BlackHatCoiner]

Is the computer permanently airgapped, or have you just unplugged the internet cable? Have you used a clean OS? Once you've created the encrypted file, are you wiping the plain text keys from your hard drive (and I mean actually wiping them by writing over the memory regions with random data, not just deleting the file they are stored in).

I have no cable to unplug it. I just haven't connected to any wifi. Yes I have clean OS. As I said, I reset the machine. Why should I wipe them from the cold storage? No one will ever open the laptop again. It will remain closed. Only I can open it, in special occations.

If you've used AES-256, then yes, mostly likely an attacker would need to brute force it. Did you pick a password yourself, or did you use an open source password manager to generate a long and random password for you? How are you storing this password separately from the RAR files? How are you backing up this password?

No security system is ever 100% safe, but you are introducing a lot of extra unknowns and a lot of unnecessary risk.

I did not use a password from an open source password generator, because I had to write it down on a paper which I may lose. I thought of a password that I've never used before and it's very strong. I can memorise it.

How exactly can you crack a rar without brute forcing it?

By attacking the (poorly implemented) crypto, for example.

WinRAR was vulnerable for a very long time because they always used the same IV.
Such an encrypted archive could have been decrypted by anyone in less than a minute.

Meanwhile, this vulnerability has been fixed.
But given the fact that this vulnerability was present for a very long time and is incredibly severe, i wouldn't be surprised if there were more mistakes in the implementation.

So you call rars... weak?

_______________

An on topic point of this discussion. One big negative from bitcoin. You've got to be secure AF.

[o_e_l_e_o]

Why should I wipe them from the cold storage? No one will ever open the laptop again.

You're sure about that? If that laptop gets stolen, then an attacker could recover your private keys without too much hassle.

I thought of a password that I've never used before and it's very strong. I can memorise it.

If you can memorise it, it's likely not strong enough. If you thought it up yourself, then it definitely isn't random enough.

One big negative from bitcoin. You've got to be secure AF.

You are making it far harder than it needs to be. Write your seed on a piece of paper. Keep that paper secure. For added protection also use one or more passphrases and write those on different pieces of paper.

[pooya87]

Secondly, as I said, I'm not using it because it's unknown technology for me. I'm saving the private keys inside rars with very strong passwords  in safe places. I don't have to worry about anything.

so does this mean that "rar" technology and the encryption used by whatever software you are using is a "known technology" to you that you decided to trust that and can not trust the Electrum seed creation process and the BIP32 key derivation function?

[BlackHatCoiner]

Can one of you give me a topic so I can understand how seed works and why it can't be brute forced?

[pooya87]

Can one of you give me a topic so I can understand how seed works and why it can't be brute forced?

it can't because seed or better said mnemonic is representation of an entropy so it is only as strong as your entropy generator which happens to be the same as when wallets used to generate a single key. so when you see 12 words you are actually seeing the human readable form of a 128-bit entropy which has the same strength as a bitcoin private key.
i don't know if there is any topic but you can look at https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

[BlackHatCoiner]

Can one of you give me a topic so I can understand how seed works and why it can't be brute forced?

it can't because seed or better said mnemonic is representation of an entropy so it is only as strong as your entropy generator which happens to be the same as when wallets used to generate a single key. so when you see 12 words you are actually seeing the human readable form of a 128-bit entropy which has the same strength as a bitcoin private key.
i don't know if there is any topic but you can look at https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

I'm thinking it logically.

If we take 10 million words from a dictionary then it's 10.000.000^12, oh ok.. that's strong.

[pooya87]

If we take 10 million words from a dictionary then it's 10.000.000^12, oh ok.. that's strong.

we are not selecting words from a dictionary or even the 2048 word long list to create the seed phrase. in fact there is absolutely no word selection anywhere in seed generation process.
as i said it is an entropy generated by an RNG and then encoded using a special encoding that returns words instead of characters. (pad with checksum to be divisible by 11 and then split the whole thing into 11 bit chunks each of which representing a word in that 2048 word long list.)

[o_e_l_e_o]

Can one of you give me a topic so I can understand how seed works and why it can't be brute forced?

A 12 word seed phrase encodes 2^128 bits of entropy.
A 24 word seed phrase encodes 2^256 bits of entropy.
A well-generated private key has 2^256 bits of entropy.

To brute force a private key, you need to guess the correct 256 bits of entropy, perform elliptical curve multiplication to get the public key, then perform two hash functions to get the address to check for funds.

To brute force a 24 word seed phrase, you need to guess the correct 256 bits of entropy, hash it 2048 times to get the seed number, perform several elliptical curve multiplications and hashes depending on the derivation path, then perform another elliptical curve multiplication to get the public key and two more hash functions to get the address.

So although a 24 word seed phrase and a random private key both have 256 bits of entropy, it is more resource intensive to brute force the seed phrase than it is a private key.

[BlackHatCoiner]

If I generate a seed on electrum, will it work only on electrum or all wallets have the same code?

[o_e_l_e_o]

If I generate a seed on electrum, will it work only on electrum or all wallets have the same code?

Electrum uses its own method for generating seed phrases which can therefore only be recovered on Electrum and a handful of other wallets which support Electrum seed phrases.

The "generic" seed phrase is called a BIP39 seed phrase and is importable to almost all wallets, Electrum included.

[BlackHatCoiner]

Do those big companies like huobi use the seed way for storing their addresses safe?

[elda34b]

Do those big companies like huobi use the seed way for storing their addresses safe?

What do you mean the seed way of storing addresses?

Big exchanges usually use multi-sig cold wallet and another hot wallet to store their funds. Pretty sure they use HW wallet to increase the security (only a few people hold them) too. Not sure if this is related to this topic though.

[sheenshane]

If I generate a seed on electrum, will it work only on electrum or all wallets have the same code?

The post above was right, Electrum wallet can't be able to restore in any wallet. Because it is incompatible with other BIP39 wallets.
So, both or each wallet has unique in generating seed phrases and this Electrum wallet uses HMAC for the authentication.

Do those big companies like huobi use the seed way for storing their addresses safe?

Yes, of course! any form of wallet should have this seed way. They used both hot wallet and cold wallet. Hot wallet for the frequently using and the cold wallet for storing offline, which impossible to hack. Unlike if the hacker will be able to steal the physical wallet which is most likely will not happen.

[pooya87]

Do those big companies like huobi use the seed way for storing their addresses safe?

your question make no sense because safety is not achieved by using or not using a "seed". safety is gained by the security measures they take such as using cold storage to store the bulk of their balance, how easy it is to hack their database, how stupid are their employees to leak stuff,...

The post above was right, Electrum wallet can't be able to restore in any wallet. Because it is incompatible with other BIP39 wallets.

there are some wallets that accept Electrum mnemonics too.

So, both or each wallet has unique in generating seed phrases and this Electrum wallet uses HMAC for the authentication.

this statement makes no sense. HMAC is not used for authentication! it is used instead of the checksum and later as a key derivation function.

[bob123]

They used both hot wallet and cold wallet. Hot wallet for the frequently using and the cold wallet for storing offline, which impossible to hack. Unlike if the hacker will be able to steal the physical wallet which is most likely will not happen.

Gaining physical access is not always necessary.
It depends on their system and network topology. If their (online accessible) server is doing the requests to top up the hot wallet, it might be possible to compromise the cold wallet by compromising their server.
Obviously, this would be negligent and definitely not a real cold wallet. But the possibility exists, especially if no it security specialists have been hired.

So, both or each wallet has unique in generating seed phrases and this Electrum wallet uses HMAC for the authentication.

this statement makes no sense. HMAC is not used for authentication! it is used instead of the checksum and later as a key derivation function.

Well, the HMAC is a hashed message authentication code. It is usually used to protect the integrity of messages.
But @sheenshane probably just read the wikipedia article and thought he knows what it is used for in the key derivation of electrum.. Therefore his statement made little to no sense.