Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Adding another entity to rely on to hold funds "safe" just adds another link to the chain that can die, disappear, change it's mind and be broken.

I personally love how Electrum wallet does it:

You may generate and regenerate wallet using only key word phrase. Keep it safe in memory or in bank deposit box.

No backups needed. You may always regenerate wallet by keyphrase.



With M-of-N multisignature you don't need to fully trust any single party.

With Electrum you have to have a fully trusted machine to sign transactions. Using M-of-N multisig transaction is safe even if NSA secretly owns your machine.


No backups needed

Doesn't Electrum do this by backing up your wallet to "the cloud"? Even if it is 100% properly encrypted, I can't say that I feel good about this. Feels like one bug away from compromising many people's wallets.


No, it does not.


Are you sure? Why does the restore process require a server address?

https://electrum.org/seed.html

The screenshot uses ecdsa.org, which seems to be just an Electrum server of some kind.


Pretty sure that's because Electrum doesn't download the entire blockchain but relies on servers for most of it and only downloads a certain amount of recent history and trusts servers for older history. And it doesn't have to be that server, which is why app lets you change the URL, any server serving blockchain history you trust is fine. It's using your passphrase as the one and only seed for key generation, so it can reliably generate same private key every time. Someone correct me if I'm mistaken on any details.


Electrum is a thin client that has to ask a full node for the chain so that it can pluck out the relevant transactions to rebuild your local wallet state.

https://en.bitcoin.it/wiki/Thin_Client_Security

It knows which transactions are relevant because of the keys that can be deterministically generated from your seed, but the seed itself isn't sent to a server.


The idea is spreading the security to multiple systems. Electrum doesn't help you if you enter the passphrase on a compromised computer.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: