Electrum Safety Concerns

[Zetler]

Hi,

Brute force I consider practically impossible.

But how safe is the seed from being copied? I see a few ways:

1. After creating a new wallet the seed is displayed as a QR code. If you are in a public space it is not too unlikely that a security camera or someone with a phone captures your screen, making it possible for someone tech-savvy to obtain your seed.

2. Does a virus exists which captures the screen and sends the screenshot back to the hacker? Say he infects a million computers. It is too many to look through manually, but he could make a script to look for electrum installations.

3. Key logging. After you install you need to write in the seed. Anyone logging your keys will get the seed.

The safest way to use Electrum, as far as I can see, is to have two copies of it. One wallet is for daily use on your computer connected to the internet. Keep small amounts in this wallet. The other wallet, where you store the majority of your BTC, you create on a computer that is never connected to the internet. Write down the seed by hand and keep multiple copies of it in safe locations. To check the balance you can use the public key on any online computer.

Agree?

[zetaray]

Your concerns all seem valid, but you shouldn't be creating a wallet on a public machine anyway.

[dabura667]

Hi,

Brute force I consider practically impossible.

But how safe is the seed from being copied? I see a few ways:

1. After creating a new wallet the seed is displayed as a QR code. If you are in a public space it is not too unlikely that a security camera or someone with a phone captures your screen, making it possible for someone tech-savvy to obtain your seed.

2. Does a virus exists which captures the screen and sends the screenshot back to the hacker? Say he infects a million computers. It is too many to look through manually, but he could make a script to look for electrum installations.

3. Key logging. After you install you need to write in the seed. Anyone logging your keys will get the seed.

The safest way to use Electrum, as far as I can see, is to have two copies of it. One wallet is for daily use on your computer connected to the internet. Keep small amounts in this wallet. The other wallet, where you store the majority of your BTC, you create on a computer that is never connected to the internet. Write down the seed by hand and keep multiple copies of it in safe locations. To check the balance you can use the public key on any online computer.

Agree?

1. You shouldn't make any serious new wallets in a public place with security cameras.

2. If you have a virus capturing screens, you've probably got bigger things to worry about like someone taking out a $5M debt in your name.

3. Don't type your seed. Copy and Paste it from one window to the next. write it down on paper with a pen.

The safest way to use anything bitcoin related is to do it offline. The next safest thing is to keep your computer safe, don't run around screaming your BTC balance and don't do anything with a huge fat wallet in front of security cameras.

[bobdutica]

No need to create two separate wallets, with separate seeds, unless you really want to.
I think it is better to create your wallet in private, on a computer that is not and never will be connected to the internet. Write down your seed by hand and keep it in a very safe place, or memorize the seed and destroy any and all copies of it.
Then export the "Master Public Key" to a usb thumb drive, then create a "watch only" Electrum wallet on an online PC using the "Master Public Key".
That way, you can use all the public keys you want to receive bitcoins, but will not be able to send any bitcoins from that wallet unless you first create an unsigned transaction to a file on a usb thumb drive, put that drive into your offline only PC and sign the transaction, then bring the thumb drive back to the online PC to send it.

[Zetler]

bobdutica, I generally agree, except about memorization. I believe it'll be almost impossible to recall a seed after a few months.

The best way to hide a seed, perhaps, is by writing it on four post-its
Post-it A: first half of the seed
Post-it B: first half of the seed
Post-it C: second half of the seed
Post-it D: second half of the seed

Each of these will be saved on a separate safe place. All you need to remember is the location of either (A or B) and either (C or D) and that each note has half the seed.

You can for example give A to your parents and C to your brother, and you can even explain to them the scheme. They will not collude and steal your coins (God, I hope not) and if either of them lose their note (through theft or otherwise) it does not matter. You still have B and D. If something happens to you (meaning you die) they can inherit your coins if they both kept your notes.

If I had 100+ BTC I'd do it this way. Now I have less than one, so I don't bother 

[AussieHash]

The best way to hide a seed, perhaps, is by writing it on four post-its
Post-it A: first half of the seed
Post-it B: first half of the seed
Post-it C: second half of the seed
Post-it D: second half of the seed

Each of these will be saved on a separate safe place. All you need to remember is the location of either (A or B) and either (C or D) and that each note has half the seed.
You can for example give A to your parents and C to your brother, and you can even explain to them the scheme. They will not collude and steal your coins (God, I hope not) and if either of them lose their note (through theft or otherwise) it does not matter. You still have B and D. If something happens to you (meaning you die) they can inherit your coins if they both kept your notes.

A better way would be to use Shamir's secret sharing.  
A python implementation used in Piper 1.08 is https://github.com/rxl/secret-sharing/tree/2f412e012232f4b0cb779977a49898b2b71ce9ae
A c implementation on debian and homebrew is SSSS http://point-at-infinity.org/ssss/

For example if your electrum hexadecimal seed is 'e1d03e5a9fb44a99690f4d07b8f66205' then your mnemonic is 'begun coffee nowhere grow spot angel king dude exist reality dragon check'

Entering the mnemonic into SSSS :

ssss-split -t 2 -n 4
Generating shares using a (2,4) scheme with dynamic security level.
Enter the secret, at most 128 ASCII characters: Using a 584 bit security level.
1-f63dc651d4acf14299074509712c2042c281f03466ee3f8d646ee8b73d82ca9301090b2fab129031a19d4c95ed43be84ce7bae4329319d4e3ece788367f1c8890566cc96aee6cd897e
2-5e2b7b637ae8dace1e142f4ef56444bfddd0010d53ba2b4a0c3803ca8d2cbeb7d167faa8a0b27c8af12cebf8837b23f261e2705ac2d56a1ce4ba0e6e2a197720ae8f7ba4023d877917
3-c626ef8d1f2b3c4a631af68c76a398eb28e0ae1a4089d8f72bf5a51e1d496d54614255d5a62dd8e3c1438923a693572004953a526476c72d529623caeebee247c82816b5998b410935
4-0e06010626608dd71032fbc1fdf48d45e373e37f391202c4dc95d531ec7056fe71ba19a6b7f3a5fc504fa5225f0a191f3ed1cc69151c84b95052e3b4b1c80873f95c15c15b8b12f9d2

Entering the mnemonic into halfmoon's script into python

>>> import secretsharing
>>> from secretsharing.shamir import Secret
>>> secret = Secret.from_printable_ascii("begun coffee nowhere grow spot angel king dude exist reality dragon check")
>>> shares = secret.split(2, 4)
>>> print shares
['01-1cb7f259376d969123383ca3dc779a20a768305f5f430189da3494c827517af3b14cbb504fe1ef423a9eea3c8f0e687f852347dd04bf5201942f53e9054f5b10818', '02-196fe4b26ea2125db227bf33653cb0b8f07ed52be7888720b1dc8c8c86b6aeba923b04f82a264908c6808e233360819e74bbf5452ac671c59e1f3259ad26445ce4d', '03-1627d70ba5d68e2a411741c2ee01c751399579f86fce0cb789848450e61be28173294ea0046aa2cf52623209d7b29abd6454a2ad50cd9189a80f10ca54fd2da9482', '04-12dfc964dd0b09f6d006c45276c6dde982ac1ec4f813924e612c7c154581164854179847deaefc95de43d5f07c04b3dc53ed501576d4b14db1feef3afcd416f5ab7']

Note these 2 implementations are not compatible, so you have to use the same one to combine the fragments back !

[Abdussamad]

Regarding 2. there is such thing as van eck phreaking:

http://en.wikipedia.org/wiki/Van_Eck_phreaking