Paranoid questions about creating addresses

Stone

Member
I'm using electrum. I want to create hundreds of addresses, but because I'm a little paranoid I don't know how I will do it safely. I have already generated addresses but I'm thinking for buying bitcoins on the long-term.

1) Why does verification of electrum proves electrum won't generate private keys that may be already known? Like a hacker put them so he can steal the coins later. It doesn't require internet connection. The private keys are simply not random. I know that it is open source, but I don't get how with verification, I have to be 101% sure that I'm safe.

2) If they write the SHA256 of the exe on electrum.org and I test it that it has the same SHA256 result, I have the clear program right? No hackers could face that step?

3) Can I deside my randomness' fate? Can I put the ones and zeros by myself somehow? Do you have any scripts on github so I can check the code?

4) Can I somehow generate thousands of different addresses on electrum? (And export them in csv). I see that it only generates 10-15 by default.
 

Ivan

Member
I don't think that I should be that suspicious. We can trust ThomasV right? Have you ever heard any electrum incidents of stolen funds in cold storage?
 

Kingston

Member
When you generate a seed in electrum, you are technically generating every address that will ever be used in your wallet. The private keys are calculated from your seed. So if you have two computers that are not connected to the internet, and create wallets with the same seed on both computers, both will “generate” the exact same addresses in the exact same order.

When generating a seed, you need to be sure that the seed is in fact random. As long as you are certain your computer can generate random numbers that are truly random, an authentic version of electrum should generate a random seed.

You can compile electrum yourself so you personally know what it is doing when generating a seed. Or you can generate a seed yourself.

You can set the gap limit in electrum to higher than the default for your electrum client to display more addresses.
 

Camden

Member


1) Why does verification of electrum proves electrum won't generate private keys that may be already known? Like a hacker put them so he can steal the coins later. It doesn't require internet connection. The private keys are simply not random. I know that it is open source, but I don't get how with verification, I have to be 101% sure that I'm safe.
It doesn't. Verification of Electrum only ensures that the binaries are compiled and verified by ThomasV. You're still trusting ThomasV and someone else unless you review the codes yourself. Vulnerabilities can be put intentionally or unintentionally.


2) If they write the SHA256 of the exe on electrum.org and I test it that it has the same SHA256 result, I have the clear program right? No hackers could face that step?

You're still obtaining the SHA256 hash from the site and that is the point for MITM attacks to happen. PGP is better since you're validating against an identity so you just have to make sure that the chain of trust is not compromised.

3) Can I deside my randomness' fate? Can I put the ones and zeros by myself somehow? Do you have any scripts on github so I can check the code?
Not as far as I know of. Humans aren't the best at generating entropy anyways

4) Can I somehow generate thousands of different addresses on electrum? (And export them in csv). I see that it only generates 10-15 by default.

You can generate a large amount of addresses at once.

wallet.create_new_address(False) for i in range(X)

Or increase the gap limit.
 

Juan

Member

3) Can I deside my randomness' fate? Can I put the ones and zeros by myself somehow? Do you have any scripts on github so I can check the code?
You can add a custom extension word when creating a new wallet:
https://en.bitcoin.it/wiki/Seed_phrase

To do so, click "Options" on the screen where your wallet generation seed is displayed. Check "Extend this seed with custom words" in the prompt, and enter the extension word(s) of your choice. This way your private keys will be derived from the seed phrase as generated by Electrum plus the word(s) of your choice.

Important Warning:
Keep a backup of your extension word(s) as well. Unlike the encryption password, you won't be able to recover your wallet from the generation seed without it (which also is kind of the point).

(be aware though that a compromised version of Electrum that would "fake" your seed could just as easily send your extension word(s) to its control server)
 
Top