5
1
Electrum seems very user friendly, thin and convenient, but is it cryptographically secure? One of the ways to attack any cryptographic system is to exploit weaknesses in the key generation algorithm. Electrum uses a deterministic algorithm based on a pseudo-random seed to derive the public and private keys. Is this a cryptographically secure way of generating keys?
1
The seed generated by Electrum is a 128-bit random number. It is encoded as a sequence of 12 words, for the purpose of memorization. However, it is important to understand that it has 128-bits of entropy.
https://bitcointalk.org/index.php?topic=153990.msg1632127#msg1632127
-5
No, it`s not! My wallet just got hacked, and about 0.15 BTC were taken from the wallet. Luckily, they were dumb enough to do it 4 minutes after my last transaction... and to the same address.
In other words, avoid Electrum!
Does that actually show that Electrum is cryptographically insecure? How do you know that you don't have a trojan on your computer? – Nick ODell – 2016-09-27T16:49:36.693
Forensics investigations to gather evidence cost much more the 0.15 BTC to properly execute. Did you check the digital signatures of the Electrum code to validate its integrity before installing it? Can you prove you did not fall victim to a prior phishing attack, have an existing Trojan, or were other malware (e.g. key logger, viruses, worms) already functioning on your computer prior to the Electrum installation? Visiting porn sites is also problematic. – skaht – 2016-10-05T20:02:04.407
1That makes sense. If each word represents 11 bits, you would only need a dictionary of just over 2K words to represent the entire 128-bit seed as long as you are willing to repeat words. I wonder why the Electrum designers didn't go with a 160-bit seed to cover the entire Bitcoin address space. But that is off topic. Thanks for your help. – Tom – 2014-02-24T17:43:18.837
You can find the answer here https://bitcointalk.org/index.php?topic=153990.msg1641145#msg1641145 and the replies in that thread.
– rdymac – 2014-02-24T21:53:30.980