Hey.

I'm somewhere between "completely clueless" and "mildly informed" on this topic, so please forgive me if I get the terminology wrong or misunderstood something. That said, here's my question:

Electrum uses deterministic key generation, i.e. it derives my private keys "on demand" from the seed generated at the time of installation/wallet creation.

(Roughly) correct so far?

This key is stored *unencrypted* by default inside electrum.dat, but setting a transaction password will make electrum *encrypt* the seed. Correct?

Here's my question: say someone gets physical access of my computer. My hdd is not encrypted, so he will be able to receive a complete copy of all files on my computer.

The seed is encrypted with a 128 bit key, so assuming my password was chosen sufficiently random, the seed should be protected.

But what about the password itself? I realized I have no clue how the password is stored, and if it is a possible attack vector to retrieve the password, and with the help of it, retrieving the seed.

Can you explain how that approach is prevented (note that by "explain" I mean: a bit more technical than "Explain like I'm 5", but not with the full detail of "Explain like I'm an open source encryption software developer" :P)