Bitcoin Forum
November 17, 2024, 11:52:16 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: A Feature in electrum wallet  (Read 596 times)
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
July 31, 2023, 07:16:19 AM
 #21

Moreover, there is no guarantee that a hacker will use Electrum to log in to this wallet.
Again, when you open your wallet, you are not "logging in" to anything. You are simply accessing the private keys and their derived addresses which are already stored on your computer.

Latest Electrum version is Electrum-4.4.5 which was released on June 20, 2023. Download it ASAP if you haven't done already.
And most importantly, verify your download before you install it. [GUIDE] How to Safely Download and Verify Electrum [Guide]
Yamane_Keto
Hero Member
*****
Offline Offline

Activity: 630
Merit: 510



View Profile WWW
July 31, 2023, 08:57:20 AM
 #22

I have around 0.04 BTC sitting in my wallet at a couple of addresses. Since it wasn't wiped, I guess it's not compromised yet.
But I will create another wallet and move my funds for further security.
If 0.04 BTC is a good investment for you and you are skeptical or afraid, then I suggest that you read a little about how Bitcoin works and the basics of creating an airgapped system. It may be appropriate for you to buy a hardware wallet according to your budget, but without creating a new wallet in an environment that did not and will not connect to the Internet, or at least it is safe ( An open source OS, you do not download applications of unknown sources or randomly click on links) you will not get rid of these doubts.

creating a watchonly wallet would be a better option instead of reopening your wallet from time to time.

Today I saw a thread in the scam accusation board where a guy claims $165K ETH was wiped from his wallet. I don't know what wallet he was using. I have read similar cases in this forum. A campaign manager named Julerz was hacked, and he used Electrum then. I am afraid about it.
The story of 165K ETH may not be true, and Julerz coins had stolen because of malware, as the coins were stolen as soon as the wallet was opened, so the hackers might not have waited until the new BIG transfer happen.

えいごをはなせますか。
Charles-Tim
Legendary
*
Offline Offline

Activity: 1736
Merit: 5219


Leading Crypto Sports Betting & Casino Platform


View Profile
July 31, 2023, 09:16:07 AM
 #23

( An open source OS, you do not download applications of unknown sources or randomly click on links)
If the device is airgapped, it will not connect to the internet. Bluetooth and WiFi card removed. Open source OS like Linux is recommended.

creating a watchonly wallet would be a better option instead of reopening your wallet from time to time.
The purpose of having a watch-only wallet is not because you do not want to be opening the wallet on an airgapped device often. If you properly setup up the airgapped wallet, it is airgapped and safe.

The purpose of watch-only wallet is to for making PSBT (unsigned transaction), broadcasting transaction signed on an airgapped device and to easily know the total amount of your coins. For making transaction, you need to open the airgapped wallet and it will receive the unsigned transaction and sign it.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
apogio
Hero Member
*****
Offline Offline

Activity: 616
Merit: 1222


Top-tier crypto casino and sportsbook


View Profile WWW
July 31, 2023, 09:37:21 AM
 #24

is there any way I can check if my wallet is already compromised or not?

I have been somehow compromised lately. Here is the topic if you feel like checking it: https://bitcointalk.org/index.php?topic=5461230.0

There is no way to tell if your wallet is compromised.

If you have second thoughts for some reason, I suggest you take immediate action sending your funds to another wallet that you own. Personally I also performed a factory reset on my phone.

 
 BETFURY .....
██████▄██▄███████████▄█▄
█████▄█████▄████▄▄▄█
███████████████████
████▐███████████████████
███████████▀▀▄▄▄▄███████
██▄███████▄▀███▀█▀▀█▄▄▄█
▀██████████▄█████▄▄█████▀██
██████████▄████▀██▄▀▀▀█████▄
█████████████▐█▄▀▄███▀██▄
███████▄▄▄███▌▌█▄▀▀███████▄
▀▀▀███████████▌██▀▀▀▀▀█▄▄▄████▀
███████▀▀██████▄▄██▄▄▄▄███▀▀
████████████▀▀▀██████████
 
..... Leading iGaming Platform .....
 
UP TO 60%
A P R   B T C
S T A K I N G
 
 8,000+ 
GAMES
 
 HIGH ODDS 
SPORTSBOOK
█▀▀











█▄▄
USE CODE: BTWIN
 
.GET 50 FREE SPINS!.
▀▀█











▄▄█
[/
Charles-Tim
Legendary
*
Offline Offline

Activity: 1736
Merit: 5219


Leading Crypto Sports Betting & Casino Platform


View Profile
July 31, 2023, 09:59:21 AM
 #25

If you have second thoughts for some reason, I suggest you take immediate action sending your funds to another wallet that you own. Personally I also performed a factory reset on my phone.
If it is phone, do not leave huge amount of money on mobile wallets.

If you have high amount, go for airgapped option or hardware wallet. If you want to leave it untouched, you can use a paper wallet that is created on HD wallet like Electrum with passphrase recommended. Backup the passphrase and seed phrase differently in different locations.

For the low amount you have on your phone, you can still avoid malware. I am using Android  as example, but likely you will be able to do this on your iOS devices.

After formating your phone, go to Playstore -> settings -> network preferences and set app download preference to 'ask me everytime.

 

Always make sure that other apps are not allowed to install apps. Assuming you have just downloaded Electrum from https://electrum.org, you give the browser/app the permission to install app from unknown source. After you install Electrum, go to settings and disable back the browser to install from unknown source. Check other apps and browsers too to uncheck the ones that are checked to install from unknown source.

Make use of good browsers like Tor, Duckduckgo mobile (not the desktop version in beta, although not about this discussion) or Firefox. Use ad blocker, but still always avoid ads and link ads.

Visit the correct URL and avoid torrent files.

If you have another mobile device, you can go for Electrum 2FA wallet or multisig wallet. Electrum 2FA wallet has extra fee.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Shishir99 (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 517



View Profile WWW
July 31, 2023, 03:16:35 PM
 #26

Thanks, everyone for the suggestions!
I will make sure to use a new OS or a fresh OS to create a new wallet.
I understand that using a malware-affected computer and creating another wallet on the same device is useless.
I am using Windows 10 at this moment. I wanted to move to Linux but I never used it.
I am not sure if I will understand the new interface. Moreover, I am afraid of losing my current files and software that are available.
I don't know if I will be able to find this software for Linux.


Once again, Thanks, everyone!

▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
July 31, 2023, 03:38:15 PM
Last edit: August 01, 2023, 02:51:11 PM by o_e_l_e_o
 #27

I am not sure if I will understand the new interface. Moreover, I am afraid of losing my current files and software that are available.
I don't know if I will be able to find this software for Linux.
For people moving from Windows, I usually suggest Linux Mint as a starting point. It is (as far as I am aware) the Linux distro with the most similar look and feel to Windows, so it eases the transition. It is also fairly newbie friendly and has a good amount of guides and troubleshooting online, as well as a good sized community which will help with any problems you might run in to.

In terms of software, then there are four options available to you if your particularly piece of software won't run on Linux -
  • Find an alternative piece of software which does run on Linux (bonus here is the alternatively will probably be FOSS)
  • Use Wine to run Windows programs inside Linux
  • Dual boot, although doing this means you still end up with Windows on your device and you lose a lot of the benefits of moving to a Linux OS
  • Have one Linux machine, and one Windows machine
Cricktor
Legendary
*
Offline Offline

Activity: 952
Merit: 1524


Crypto Swap Exchange


View Profile
July 31, 2023, 04:31:40 PM
 #28

I have around 0.0x BTC sitting in my wallet at a couple of addresses.

Security advise #1: don't show off the amount of coins you have, regardless of the amount, as there's no need for. The higher the disclosed amount is, the more reckless it would be. (I have intentionally removed the number in your cited text but it's now public and cited by someone else anyway.)


Latest Electrum version is Electrum-4.4.5 which was released on June 20, 2023. Download it ASAP if you haven't done already.

Security advise #2: o_e_l_e_o already mentioned the very importance to verify the downloaded files of Electrum or any other wallet software. Never skip this! (Refuse to use Google or other engine search to find the download as fake Electrum copies pay to be on top of search results!)

I don't update my Electrum immediately when a new version is released, unless there's an urgent security issue in the release notes. I wait some days (varies) until a new version "matures" and no issues show up. At first e.g. I didn't like all new changes in the v4.4.x branch, but it's no solution to deny and stay on v4.3.4, so I accepted the new features and life goes on.

By no means complete, a lot of good suggestions have already been given.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Agbe
Legendary
*
Offline Offline

Activity: 1078
Merit: 1359



View Profile
July 31, 2023, 06:10:07 PM
 #29

Electrum is a non custodial wallet which is also decentralized, so it is very hard for unknown hacker to hack your wallet unless the hacker knows yours wallet details. Therefore, the best way for you to secure your Electrum wallet is to keep your password, seed phrase away from sight of people and you don't have to tell people about it. Securing your wallet is your personal issue mostly if you have big amount of funds inside.
You can still on the pin for payment so that whenever you are doing transaction it will request the pin before you click the pay button. And if the person only know your password and seed phrase, he can't transfer your coins without the pin.


.
.Duelbits.
█▀▀▀▀▀











█▄▄▄▄▄
TRY OUR
  NEW  UNIQUE
GAMES!
.
..DICE...
███████████████████████████████
███▀▀                     ▀▀███
███    ▄▄▄▄         ▄▄▄▄    ███
███   ██████       ██████   ███
███   ▀████▀       ▀████▀   ███
███                         ███
███                         ███
███                         ███
███   ▄████▄       ▄████▄   ███
███   ██████       ██████   ███
███    ▀▀▀▀         ▀▀▀▀    ███
███▄▄                     ▄▄███
███████████████████████████████
.
.MINES.
███████████████████████████████
████████████████████████▄▀▄████
██████████████▀▄▄▄▀█████▄▀▄████
████████████▀ █████▄▀████ █████
██████████      █████▄▀▀▄██████
███████▀          ▀████████████
█████▀              ▀██████████
█████                ██████████
████▌                ▐█████████
█████                ██████████
██████▄            ▄███████████
████████▄▄      ▄▄█████████████
███████████████████████████████
.
.PLINKO.
███████████████████████████████
█████████▀▀▀       ▀▀▀█████████
██████▀  ▄▄███ ███      ▀██████
█████  ▄▀▀                █████
████  ▀                    ████
███                         ███
███                         ███
███                         ███
████                       ████
█████                     █████
██████▄                 ▄██████
█████████▄▄▄       ▄▄▄█████████
███████████████████████████████
10,000x
MULTIPLIER
NEARLY UP TO
.50%. REWARDS
▀▀▀▀▀█











▄▄▄▄▄█
Shishir99 (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 517



View Profile WWW
August 01, 2023, 02:40:01 PM
 #30

Use Wine to run Windows problem inside Linux
I guess I heard about this before. Did you mean Windows Program? I have to move all my stuff to a separate SSD in case I mess with setting up the new OS. I am too lazy to do these things, and I fear my laziness might cost me a considerable loss. I will have to see some youtube videos regarding how I can run Windows programs in Linux. I was aware of this, but my brain was turned off for some reason.

You can still on the pin for payment so that whenever you are doing transaction it will request the pin before you click the pay button. And if the person only know your password and seed phrase, he can't transfer your coins without the pin.

My wallet is already encrypted and needs a password to make a transaction. I don't remember if I have seen the pin thing. Is the 3rd party 2fa thing available in Electrum, which may cost extra transaction fees?

By no means complete, a lot of good suggestions have already been given.
Thanks for the security tip. I will keep that in mind.

▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
hosseinimr93
Legendary
*
Offline Offline

Activity: 2590
Merit: 5687



View Profile
August 01, 2023, 02:54:33 PM
 #31

My wallet is already encrypted and needs a password to make a transaction. I don't remember if I have seen the pin thing. Is the 3rd party 2fa thing available in Electrum, which may cost extra transaction fees?
Agbe is referring to a feature which is available on the mobile version of electrum.
In the mobile version of electrum, you can set a pin code which is a 6 digit number and will be asked from you every time you want to make a transaction. That's different from the 2FA code in the 2FA wallet that is provided by a third party called trustedcoin.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
August 01, 2023, 02:57:12 PM
 #32

Did you mean Windows Program?
I did, haha, but the typo is appropriate. Windows is a problem. Tongue

Is the 3rd party 2fa thing available in Electrum, which may cost extra transaction fees?
Yes. You can set up a 2FA in Electrum, in which case you require the authorization of a third party called TrustedCoin in order to make a transaction. You will need a 2FA authenticator app on a separate device to your wallet. In addition to paying a higher transaction fee because your transactions are larger since they are now a 2-of-3 multi-sig instead of a regular single sig, you also have to pay a fee to TrustedCoin for co-signing every transaction that you make.

I dislike this solution because I dislike involving third parties in my wallets, and I definitely don't want to pay them a fee for being involved in my wallets. If you want the security of a multi-sig, then you can set up a multi-sig yourself using multiple devices.
Z-tight
Legendary
*
Offline Offline

Activity: 1050
Merit: 1108



View Profile
August 01, 2023, 03:02:03 PM
 #33

You can still on the pin for payment so that whenever you are doing transaction it will request the pin before you click the pay button. And if the person only know your password and seed phrase, he can't transfer your coins without the pin.
This pin will only protect you from an attack on your local wallet file, it won't protect you if an attacker knows your seed phrase or your private keys. If an attacker has your seed phrase, they will steal your funds by importing your wallet on their own device and spend the funds, setting up a pin for payment can't protect you from that.

A passphrase is most appropriate if you want to add more security to your seed phrase, this will allow you have a 'dummy' wallet and another wallet that is protected by a passphrase, so even if your seed phrase is exposed to an attacker, they can't steal your funds without the passphrase.

Charles-Tim
Legendary
*
Offline Offline

Activity: 1736
Merit: 5219


Leading Crypto Sports Betting & Casino Platform


View Profile
August 01, 2023, 03:14:31 PM
 #34

You can still on the pin for payment so that whenever you are doing transaction it will request the pin before you click the pay button. And if the person only know your password and seed phrase, he can't transfer your coins without the pin.
Also it would be requested for when you want to check your seed phrase and private keys. But you can no more see the private keys of your addresses on mobile Electrum anymore in the recent updates.

A passphrase is most appropriate if you want to add more security to your seed phrase, this will allow you have a 'dummy' wallet and another wallet that is protected by a passphrase, so even if your seed phrase is exposed to an attacker, they can't steal your funds without the passphrase.
On Electrum, you can be able to see the seed phrase together with the passphrase. Malware like screen scraping malware would be enough to steal both seed phrase and passphrase.

On Bluewallet, the passphrase is not with the seed phrase, maybe that will not be possible on Bluewallet.

For offline attack, a strong passphrase is enough.


There is nothing better more than to avoid malware.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
tranthidung
Legendary
*
Offline Offline

Activity: 2464
Merit: 4279


Farewell o_e_l_e_o


View Profile WWW
August 01, 2023, 03:54:51 PM
 #35

This pin will only protect you from an attack on your local wallet file, it won't protect you if an attacker knows your seed phrase or your private keys. If an attacker has your seed phrase, they will steal your funds by importing your wallet on their own device and spend the funds, setting up a pin for payment can't protect you from that.
It is right.

Quote
A passphrase is most appropriate if you want to add more security to your seed phrase
It is inaccurate.

Seed phrase is seed phrase and its security depends on the BIP (Bitcoin Improvement Proposal) used to create it. It does not depends on the password to protect the wallet file created by that seed phrase. A wallet password is used to protect the file and you must differentiate two things: cracking the seed phrase is different than crack the wallet password.

Quote
this will allow you have a 'dummy' wallet and another wallet that is protected by a passphrase, so even if your seed phrase is exposed to an attacker, they can't steal your funds without the passphrase.
It is true that if the hacker only can not hack the wallet password and can not have your seed phrase, your bitcoin will not be stolen. If the hacker can get your wallet password or your seed phrase, it's done, your bitcoin will be stolen.

but
Quote
this will allow you have a 'dummy' wallet and another wallet that is protected by a passphrase
A wallet with a password is not called as a dummy wallet, dummy means empty. You can use different passwords (like 3 different passwords) for 3 different wallet files with a same seed phrase but all of three wallets are not dummy.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Z-tight
Legendary
*
Offline Offline

Activity: 1050
Merit: 1108



View Profile
August 01, 2023, 04:13:22 PM
Merited by EarnOnVictor (2)
 #36

Seed phrase is seed phrase and its security depends on the BIP (Bitcoin Improvement Proposal) used to create it. It does not depends on the password to protect the wallet file created by that seed phrase. A wallet password is used to protect the file and you must differentiate two things: cracking the seed phrase is different than crack the wallet password.
I don't think you read my post correctly. I wasn't talking about a password but a passphrase, which is another layer of protection that works by extending the seed phrase and adds more protection to your funds, because if an attacker gets your seed phrase, they won't be able to steal your funds without the passphrase.
It is true that if the hacker only can not hack the wallet password and can not have your seed phrase, your bitcoin will not be stolen. If the hacker can get your wallet password or your seed phrase, it's done, your bitcoin will be stolen.
Yet again i wasn't talking about a password, and if you have a very strong passphrase and your seed phrase is stolen, it is very difficult for an attacker to brute force your passphrase, so your funds would not be stolen.
A wallet with a password is not called as a dummy wallet, dummy means empty. You can use different passwords (like 3 different passwords) for 3 different wallet files with a same seed phrase but all of three wallets are not dummy.
When you extend your seed phrase with a passphrase, a new wallet is created or generated and to open this wallet you must use the combination of your seed phrase + passphrase, but with just your seed phrase only your base wallet will be opened, and you can call it a 'dummy' wallet because it can be used to set up a situation of plausible deniability.

tranthidung
Legendary
*
Offline Offline

Activity: 2464
Merit: 4279


Farewell o_e_l_e_o


View Profile WWW
August 01, 2023, 04:21:31 PM
 #37

When you extend your seed phrase with a passphrase, a new wallet is created or generated and to open this wallet you must use the combination of your seed phrase + passphrase, but with just your seed phrase only your base wallet will be opened, and you can call it a 'dummy' wallet because it can be used to set up a situation of plausible deniability.
Above all you are confusing yourself. Password and passphrase.

Wallet passphrase is only used in Bitcoin Core but it is a password. The wallet passphrase is to lock and unlock your Bitcoin Core wallet.
Code:
walletpassphrase "passphrase" timeout
Bitcoin Core, walletpassphrase command

In Electrum wallet, nothing is called as wallet passphrase. What you implied with wallet passphrase is indeed extended words. When you create a wallet with Electrum software, if you click on Options, you will see "Extend this seed with custom words". Nothing is called as wallet passphrase like you described.

The password is to protect your wallet file.
"Choose a password to encrypt your wallet keys.
Leave this field empty if you want to disable encryption"


Please check it yourself. I am on topic and correcting you because we are discussing about Electrum wallet, not Bitcoin Core wallet.


▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Z-tight
Legendary
*
Offline Offline

Activity: 1050
Merit: 1108



View Profile
August 01, 2023, 04:47:22 PM
 #38

Above all you are confusing yourself. Password and passphrase.
No, i am not!
In Electrum wallet, nothing is called as wallet passphrase. What you implied with wallet passphrase is indeed extended words. When you create a wallet with Electrum software, if you click on Options, you will see "Extend this seed with custom words". Nothing is called as wallet passphrase like you described.
Passphrase, custom words, 13th or 25th word, seed extension, etc, they all mean the same thing, and since passphrases are a bip39 standard, then it is the appropriate word to use as defined there:   https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#From_mnemonic_to_seed
Quote
A user may decide to protect their mnemonic with a passphrase. If a passphrase is not present, an empty string "" is used instead

Charles-Tim
Legendary
*
Offline Offline

Activity: 1736
Merit: 5219


Leading Crypto Sports Betting & Casino Platform


View Profile
August 01, 2023, 04:55:12 PM
 #39

@tranthidung

Z-tight is absolutely correct. Passphrase is the extended word. From his previous posts and our discussion, it is clear that he meant passphrase (extended word) which he called it.

Passphrase can be regarded as password, and also as the BIP38 encryption password. But Z-tight is definitely correct. In this discussion, it is clear that passphrase is not password. While referring to seed phrase, passphrase is the extended word.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
tranthidung
Legendary
*
Offline Offline

Activity: 2464
Merit: 4279


Farewell o_e_l_e_o


View Profile WWW
August 01, 2023, 05:09:28 PM
Last edit: August 01, 2023, 05:19:46 PM by tranthidung
 #40

Passphrase, custom words, 13th or 25th word, seed extension, etc, they all mean the same thing, and since passphrases are a bip39 standard, then it is the appropriate word to use as defined there:   https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#From_mnemonic_to_seed
Electrum wallet does not use BIP39!

Electrum wallet seed version system

https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#mnemonic_passphrase

If you use different custom words for two wallets, you will have two different wallets. They are not a same wallet with same receiving addresses.
If you create the wallet with Electrum mnemonic seed and you import it, if you choose BIP39, it will show Checksum failed.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!