Electrum Android QR install issue

[Elliander]

I tried installing Electrum for Android on both my Xperia Z 2 Tablet and Samsung S4 phone. I followed the guide here and got as far as installing Python for Android.

The problem is e4a_install.py which I simply can't obtain. Whoever wrote that article should reasonably expect that someone would be reading from an Android device, but a QR code can only be read by a camera on a phone. Not the phone itself (a shame an app can't scan a screenshot). So I had to open up the guide fresh on another device and try scanning the screen, but when I click to add from QR barcode within SL4A it crashes each and every time on both devices and since all of my devices capable of scanning a QR code can't find it I can't obtain it since there is no download link for it.

I'm assuming the QR code is linking to a site that is down. I know I can install from file so does anyone know where I can get this file?

[Elliander]

62 views and no one knows where to find the required file?

[bitllionaire]

why is there not any electrum version in the play store?

[Q7]

When you tried to install did it says operation not allowed as what I remember there is supposed to be a limitation in the android software that prevents other applications to be installed other than those coming from google playstore. Look under your phone settings part which you can change it.

[dabura667]

Be careful with the Android version when restoring a seed.

Do not restore the seed by scanning QR code. ALWAYS type in the words manually.
However, you may use the QR scan to restore the Master Public Key QR code.

Typing in the words by hand will guarantee the same wallet... this is because the Android version is old and no longer maintained, and the Seed QR code used to be in a different format.




As far as the QR codes for installing the script, I'll write them here.

1st QR link
http://www.mithril.com.au/android/sl4a_r5x.apk

2nd QR link
http://python-for-android.googlecode.com/files/PythonForAndroid_r5.apk

3rd QR is a python script, this is the contents. (you can copy and paste instead of reading with a QR code reader).

Code:

e4a_install.py
import urllib, zipfile, os
p="http://download.electrum.org/download/e4a-181zip"
n="e4a-1.8.1"
nz=n+".zip"
urllib.urlretrieve(p,nz)
zipfile.ZipFile(nz).extractall()
os.rename(n,'scripts/'+n)

[Elliander]

Typing in the words by hand will guarantee the same wallet... this is because the Android version is old and no longer maintained, and the Seed QR code used to be in a different format.

If the android version is no longer maintained what are my options? I tried Wallet32 from the playstore, but it isn't capable of restoring from my Electrum seed. (created in version 1.9.8 ) because it says that it's not in the mnemonic word list. The QR scan does read off the correct seed, but it doesn't accept it. I tried "Bitcoin Wallet" app, but that one is incapable of restoring from any seed, and I don't see anything else. I don't feel comfortable using any wallet that cannot be restored from seed and now I am also concerned that "seeds" don't follow any sort of standard which makes me concerned about the long term usability of my holdings. I use online wallets, but after seeing a few go offline suddenly - some permanent, others temporary - I don't feel safe keeping anything in an online wallet.

[dabura667]

If the android version is no longer maintained what are my options? I tried Wallet32 from the playstore, but it isn't capable of restoring from my Electrum seed. (created in version 1.9.8 ) because it says that it's not in the mnemonic word list. The QR scan does read off the correct seed, but it doesn't accept it. I tried "Bitcoin Wallet" app, but that one is incapable of restoring from any seed, and I don't see anything else. I don't feel comfortable using any wallet that cannot be restored from seed and now I am also concerned that "seeds" don't follow any sort of standard which makes me concerned about the long term usability of my holdings. I use online wallets, but after seeing a few go offline suddenly - some permanent, others temporary - I don't feel safe keeping anything in an online wallet.

Right now, if you want to use an Electrum <2.0 seed (1.9.8 would fall under this) with a mobile client, the old Android client is the only way to go. It works fine, but sometimes is unresponsive. (Balance takes a while to update etc)

If you want to input the seed into Android Electrum, please type it in manually. This is the only major thing you need to be careful of.

Once you have restored your wallet, tap "Receive" and look at your addresses.

It will show all your addresses, and does not hide any of them. (so the 1st one will be the first address you ever made with the wallet, and it will list addresses all the way down, and then list change addresses (even though there is no clear end to receive addresses and begin to change addresses.)

Some things I would suggest:

1. Only use Android Electrum to send funds. Receiving funds is a pain because you can't see individual address balances and it shows you all (even used) addresses, so it's hard to tell which to use.
2. After restoring the wallet in Android, check the first couple addressed under "receive" with the first couple addresses (it's probably "Used" and hidden by now on your PC client) and double check that it restored correctly.
3. Set a password that is separate from your Phones PIN.

Just so you know, version 2.0 release should be accompanied by a proper Android version (that you will download from the Play store) that won't suck, so if you're patient, it will be worth it.


Also, HD wallet seeds (whether they be BIP39 or Electrum's mnemonic phrases) use math to derive private keys, and there are tons of developers with the knowledge to recover.

Also, Electrum does not use CENTRALIZED servers, but rather has AN OPEN SOURCE server that ANYONE can run (similar to Bitcoin) and actually uses all the proper checks and balances of the bitcoin network to verify transactions... so fwiw, Electrum is one of the safer bets in terms of wallets to choose.

[Elliander]

Right now, if you want to use an Electrum <2.0 seed (1.9.8 would fall under this) with a mobile client, the old Android client is the only way to go. It works fine, but sometimes is unresponsive. (Balance takes a while to update etc)

I'm confused by this. I thought that the mnemonic seed represented a hexadecimal value universally. Why would the creation of a new version suddenly make a seed that was created less than a month ago useless? Especially since I have the latest version available. That just doesn't make any sense. Do I have to create a new wallet with a new seed every time they update to keep up? Why isn't there backwards compatibility?

Plain text should be able to convert to hexadecimal directly without any issue regardless of what version of a client is being used because hexadecimal itself isn't being changed. I know that 2.0 is going to use 14 words instead of 12, but that shouldn't change what the hexadecimal values mean. A "space" single means "20" in hexadecimal, right? Why would anyone design it to leave out the ability to restore wallets created before the current version?

More importantly, if I convert the seed values to hexadecimal myself, would that be enough to restore?

Just so you know, version 2.0 release should be accompanied by a proper Android version (that you will download from the Play store) that won't suck, so if you're patient, it will be worth it.

That is better, and I am willing to wait, but the issue with seeds not matching up is still an issue to me. I want to be able to trust that I can restore my wallet from a few words I can remember. If there is a lack of standardization for seeds between programs and versions I need to know what steps I have to take to protect it.

I'm not just trying to learn this for my sake. There is only a single business in the entire St. Louis area that deals with bitcoin and I want to see more business adopt it. Fully understanding it myself is the best way for me to teach others and help them benefit from it. I'm directly involved with a number of local businesses and I can really see it helping my friends.

Also, HD wallet seeds (whether they be BIP39 or Electrum's mnemonic phrases) use math to derive private keys, and there are tons of developers with the knowledge to recover.

Does that mean someone can determine the private keys from the list of addresses used? Isn't that a vulnerability? Granted, you need to know the password as well, but that seems like it could be a problem. I know that Electrum creates a new address to send to before sending from when sending Bitcoin, so wouldn't it make more sense to have this one time use address use an address in the future list according to the random value instead of the seed value so that way used address end up being used out of order which would limit it's ability to determine the seed from? And similarly, wouldn't it mean that I shouldn't use the created addresses in sequential order?

What if there was a second type of password that I could use to determine the arrangement of the addresses? The seed creates the address list, the first address decrypts it, and the second password determines the pattern in which the addresses are arranged. That way an attacker trying to determine the seed would not be able to do so without the variable. So if a deterministic wallet address list is determined by (a + b) where "a" is the current "math" and "b" is the variable introduced by the second password it would still be possible to use no second password keeping compatibility with past versions, but the additional variable would change the arrangement. The second password would really be just client specific and only determine the order in which addresses appear, but I would think something like that would help to protect the private keys.

Also, Electrum does not use CENTRALIZED servers, but rather has AN OPEN SOURCE server that ANYONE can run (similar to Bitcoin) and actually uses all the proper checks and balances of the bitcoin network to verify transactions... so fwiw, Electrum is one of the safer bets in terms of wallets to choose.

Right, and that's exactly why I am using it. I only use wallets on centralized servers when I need to buy or sell Bitcoin from a checking account. I want to be able to use the Electrum wallet with a Bitcoin ATM though which I seem to need a mobile device for. I figured that I could print my address and QC code on a card for buying Bitcoin and just trust that the machine is telling me the truth, but I would rather know and I definitely couldn't sell Bitcoin that way.

Now, I don't suppose the new Electrum App will have any merchant features? Or a merchant version? I tried the Coinbase Merchant app, but it had too many errors to really be suitable for business use.

[dabura667]

I'm confused by this. I thought that the mnemonic seed represented a hexadecimal value universally. Why would the creation of a new version suddenly make a seed that was created less than a month ago useless? Especially since I have the latest version available. That just doesn't make any sense. Do I have to create a new wallet with a new seed every time they update to keep up? Why isn't there backwards compatibility?

Plain text should be able to convert to hexadecimal directly without any issue regardless of what version of a client is being used because hexadecimal itself isn't being changed. I know that 2.0 is going to use 14 words instead of 12, but that shouldn't change what the hexadecimal values mean. A "space" single means "20" in hexadecimal, right? Why would anyone design it to leave out the ability to restore wallets created before the current version?

More importantly, if I convert the seed values to hexadecimal myself, would that be enough to restore?

In 1.8.6 (the last version Android was updated), the "Show Seed" window would display a QR code that contained the hex version of the seed. Note that this is not just the hex representation of the english letters of the seed, there is a calculation algorithm using the indices of the words on a wordlist and calculates the hex seed.

In 1.9.8 the "Show Seed" window displays a QR code that contains the English words of the seed (iow. the seed BEFORE being converted into hex)

Because of this, scanning the "Show Seed" window's QR to restore the Android version creates a different wallet from the actual wallet.

This can be avoided in the Android client by typing in the 12 word seed manually with your device's keyboard.

Does that mean someone can determine the private keys from the list of addresses used? Isn't that a vulnerability? Granted, you need to know the password as well, but that seems like it could be a problem. I know that Electrum creates a new address to send to before sending from when sending Bitcoin, so wouldn't it make more sense to have this one time use address use an address in the future list according to the random value instead of the seed value so that way used address end up being used out of order which would limit it's ability to determine the seed from? And similarly, wouldn't it mean that I shouldn't use the created addresses in sequential order?

What if there was a second type of password that I could use to determine the arrangement of the addresses? The seed creates the address list, the first address decrypts it, and the second password determines the pattern in which the addresses are arranged. That way an attacker trying to determine the seed would not be able to do so without the variable. So if a deterministic wallet address list is determined by (a + b) where "a" is the current "math" and "b" is the variable introduced by the second password it would still be possible to use no second password keeping compatibility with past versions, but the additional variable would change the arrangement. The second password would really be just client specific and only determine the order in which addresses appear, but I would think something like that would help to protect the private keys.

No. It merely means that if someone has your seed (the 12 word phrase given to you on startup) they can generate all your private keys. This is why you must protect your 12 word phrase as if it was your private keys. (because it is ALL your private keys)

The password you enter AFTER the phrase is ONLY to encrypt the seed on your computer. That way if anyone hacks into your computer and finds your wallet file, they can't see your 12 word phrase, because it is encrypted with your password (the one you entered AFTER the seed)

Your second paragraph makes no sense, (or at least I couldn't understand it) but it doesn't matter, because the premise (that someone can derive your private keys just from your addresses) is false.

Now, I don't suppose the new Electrum App will have any merchant features? Or a merchant version? I tried the Coinbase Merchant app, but it had too many errors to really be suitable for business use.

Electrum has a merchant script that you can use on your own server. But you need enough programming knowledge to run your own server and run the electrum merchant script. There's no clean package like Coinbase etc.

[Q7]

Ok since I see there is a pretty active discussion going here, I also have a question which I want to ask which relates to security.

Is this possible that when an attacker knows all the list of addresses that belong to the same seed, the attacker can actually find a way to decrypt or reverse engineered (assuming based on the predetermined sequence) and find out the 12-word seed. Let's give an example, everytime you spend you generate a change address. If you spend from the same wallet address repeatedly many times, you will end up with quite a number of change addresses which are all originating from the same seeds. Assuming an attacker finds out these addresses belongs to electrum from the same seed, using the combination of addresses will the guy be able to reverse engineer and decode the seed?

[dabura667]

Ok since I see there is a pretty active discussion going here, I also have a question which I want to ask which relates to security.

Is this possible that when an attacker knows all the list of addresses that belong to the same seed, the attacker can actually find a way to decrypt or reverse engineered (assuming based on the predetermined sequence) and find out the 12-word seed. Let's give an example, everytime you spend you generate a change address. If you spend from the same wallet address repeatedly many times, you will end up with quite a number of change addresses which are all originating from the same seeds. Assuming an attacker finds out these addresses belongs to electrum from the same seed, using the combination of addresses will the guy be able to reverse engineer and decode the seed?

No.

[Elliander]

In 1.8.6 (the last version Android was updated), the "Show Seed" window would display a QR code that contained the hex version of the seed. Note that this is not just the hex representation of the english letters of the seed, there is a calculation algorithm using the indices of the words on a wordlist and calculates the hex seed.

In 1.9.8 the "Show Seed" window displays a QR code that contains the English words of the seed (iow. the seed BEFORE being converted into hex)

Because of this, scanning the "Show Seed" window's QR to restore the Android version creates a different wallet from the actual wallet.

This can be avoided in the Android client by typing in the 12 word seed manually with your device's keyboard.

I created my wallet in 1.9.8 so the QC code would work? Still, when typing in the seed manually, other wallets like Wallet32 didn't recognize it because it wasn't in a mnemonic word list, so setting aside the QC issue and just looking at the 12 words what could cause that kind of mismatch? What's the likelihood that future versions won't be able to recognize the 12 words created today? I took a look at the hex values and you are right. It's not a straight hex representation. So does the calculation algorithm update making old versions unable to be restored?

No. It merely means that if someone has your seed (the 12 word phrase given to you on startup) they can generate all your private keys. This is why you must protect your 12 word phrase as if it was your private keys. (because it is ALL your private keys)

The password you enter AFTER the phrase is ONLY to encrypt the seed on your computer. That way if anyone hacks into your computer and finds your wallet file, they can't see your 12 word phrase, because it is encrypted with your password (the one you entered AFTER the seed)

Oh, I see. So I don't have to have the password and seed memorized, just the seed. That's very good to know. If I backup the wallet file would it follow the same encryption?

I read on Coindesk that when the FBI seized the Silk Road wallets they could see how many Bitcoins were in one of them, but couldn't move it because it was encrypted. Is that true? That without figuring out the password there is no way that they could use the money even if they have access to the Bitcoin wallet file? And if that's true wouldn't that mean that, technically, he will get all his money back in 30 years when he gets out of prison just by memorizing his seed?

In general, I gauge security based on a government's inability to break it. I trust Truecrypt because the government can't break it. If they can't it becomes less likely that a less organized attacker could. Knowing that the government can't freeze assets even with the wallet file in their possession makes Bitcoin feel more secure if true.

Your second paragraph makes no sense, (or at least I couldn't understand it) but it doesn't matter, because the premise (that someone can derive your private keys just from your addresses) is false.

I see. I misunderstood you. I thought that you could learn something from the addresses because of the math, so I thought that if you could randomize the address list in some user controlled way that would improve things, but if you can't derive anything from the sequence it wouldn't matter anyway.

Now, I don't suppose the new Electrum App will have any merchant features? Or a merchant version? I tried the Coinbase Merchant app, but it had too many errors to really be suitable for business use.

Electrum has a merchant script that you can use on your own server. But you need enough programming knowledge to run your own server and run the electrum merchant script.

That's good to know. I'm not there yet myself. (I have limited experience in C, C++, C#, Visual Basic .NET, and ASM) My primary major is in genetic engineering, but I have a second major in computer science so I will eventually want to work with programming like that. I have some ideas for genetic databases that would really benefit from P2P network protocols so I really should learn all about this stuff eventually. Just not right now.

There's no clean package like Coinbase etc.

I wouldn't really consider what they have "clean". It looks clean, but there were multiple errors and infinite loops. I wasn't able to complete a single test transaction and usability is more important than appearance.

Ok since I see there is a pretty active discussion going here, I also have a question which I want to ask which relates to security.

Is this possible that when an attacker knows all the list of addresses that belong to the same seed, the attacker can actually find a way to decrypt or reverse engineered (assuming based on the predetermined sequence) and find out the 12-word seed. Let's give an example, everytime you spend you generate a change address. If you spend from the same wallet address repeatedly many times, you will end up with quite a number of change addresses which are all originating from the same seeds. Assuming an attacker finds out these addresses belongs to electrum from the same seed, using the combination of addresses will the guy be able to reverse engineer and decode the seed?

No.

Then what, if anything, can be determined from knowing a long sequential list of used addresses? Assuming of course an attacker knew exactly what each address was and that they all belonged to the same wallet?

[Q7]

Quote from: dabura667 on December 23, 2014, 01:54:30 AM
Just so you know, version 2.0 release should be accompanied by a proper Android version (that you will download from the Play store) that won't suck, so if you're patient, it will be worth it.

Any indication on when we should see version 2.0 being released? I just been to the electrum official website but there is no mention anywhere that tell the release date or the new enhancement feature on the latest version. Maybe a hint on what we can expect to see? Advanced security, more customization?

[dabura667]

I created my wallet in 1.9.8 so the QR code would work?

That is the exact opposite of what I said.
No it will not work with the current (old) Android app. You must manually enter your seed using the keyboard.

Still, when typing in the seed manually, other wallets like Wallet32 didn't recognize it because it wasn't in a mnemonic word list

Wallet32 is a different wallet. No one told you that Electrum and Wallet32 have compatible phrases. You just assumed that.
Wallet32 uses a mnemonic algorithm and wordlist provided by "BIP39" whereas Electrum's wordlist and mnemonic algorithm were created LONG before BIP39 ever existed.
Electrum will support old seeds. Not to mention that old versions (like 1.9.8 ) will be available on the internet forever. (the project is open source, you know)

If I backup the wallet file would it follow the same encryption?

The wallet file on your hard drive is encrypted. Encryption does not change by moving or copying the file, so yes, it will be the same.

I trust Truecrypt because the government can't break it.

New versions of Truecrypt since May 2014 are said to be broken (backdoored by the government). So you should make sure you're using an old version, or stop using it.
http://arstechnica.com/security/2014/05/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns/

Then what, if anything, can be determined from knowing a long sequential list of used addresses? Assuming of course an attacker knew exactly what each address was and that they all belonged to the same wallet?

They would know the balance of every address they knew. And since they knew (somehow??) that they were all yours, they could piece together your Electrum wallet's entire bitcoin transaction history.

That is it. They can't gain any additional information other than balances.