Iii) Update to have a section where known vulnerabilities are described version-wise and a set of best practices to deal with them is presented. "(outdated but does not have known vulnerabilities)", "(outdated and has known vulnerabilities)" For instance, it can be empty, "(is not safe to use)", Where TEXT depends on the situation we are in. Ii) Modify Electrum main window title/caption "Electrum x.y.z" to "Electrum x.y.z TEXT", I) Make Electrum regularly check whether a more recent version is available. If you have them unencrypted it might be more convinient (and not much less secure) to simply use electrum without a password. Keep in mind that it is NOT advised to store such sensitive information (seed, xpriv) on your PC. passwords and its not as hardware-demanding as John the Ripper or Hashcat. However, I will limit my contribution to this reply here. Simply follow TryNinjas steps to import the seed into a new electrum wallet. bitcoin wallet address attached to my electrum wallet Do You Think Your Bitcoins. I appreciate your proposal to come with a solution and a PR. All except for the defaultwallet, which it asks the password for. These were set up with no passwords, and work just fine with today's Electrum 4.3.2-1. More specifically, a few moments after the vulnerability appeared on github, a ton of responsible users who used the most recent version so far have become targets to trivial exploits (i.e., hundreds or thousands of hackers are qualified to implement them) which could allow to hack wallets with or without brute-forcing their passwords. I have Electrum on a machine from 2018 with several wallets holding the keys to various amounts of BTC. Find your wallets seed in the wallet menu and enter a strong password you have. The current situation we are in is a good example that the above-mentioned view is hard to defend if user's security is taken into account. Edit on GitHub Frequently Asked Questions ¶ How does Electrum work ¶ Electrum’s focus is speed, with low resource usage and simplifying Bitcoin. Get full transaction history for an address in your default Electrum wallet. (Note: i dont use bitcoin, you can steal my empty wallet if you just need to keep their software up-to-date. Wait a few seconds while it guesses the port, then an alert() appears with: seed:.I left the wallet password blank - the default setting. Create a new wallet, all default settings.If you did set a password, some misdirection is required, but it's still game over, no? ![]() Electrum encrypts your wallet file, and your password is needed to unlock it. ![]() The JSON RPC server is enabled by default, it does use a random port but a website can simply scan for the right port in seconds. Electrum will ask you to verify your seed phrase during the wallet creation. I installed Electrum to look, and I'm confused why this isn't being treated as a critical and urgent vulnerability? If this bug wasn't already open for months, I would have reported this as a vulnerability, but maybe I misunderstand something. Using importprvkey, I imported all the private keys of an Electrum wallet into a Bitcoin Core wallet (courtesy the electrum2core script -tip: somedude).Then, in Electrum, I created a new bech32 receiving address and sent funds to it. Hello, I'm not a bitcoin user, a colleague pointed me at this bug report because localhost RPC servers drive me crazy □.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |