Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Easy cold storage with Tails Linux, and Electrum for newbies
by
cellard
on 05/02/2019, 04:01:30 UTC
Quote from: Wind_FURY on December 28, 2018, 06:31:10 AM
Quote from: hatshepsut93 on December 28, 2018, 04:59:15 AM
Quote from: cellard on December 28, 2018, 03:23:44 AM
I was considering usnig Electrum to create a cold storage setup, however I have been convinced that using anything but a full client is insanity. Look at the recent events as posted by theymos on the sticky:

https://bitcointalk.org/index.php?topic=5090097.0

Just stick to full blockchains. Get a full client that you can trust like Core, run it in an online computer with no coins, then run another Core client in the airgapped computer. Move raw transactions into the online computer and broadcast them.

I don't see why bother with any other software. "As a newbie" is not really an excuse. Start with the real thing. Developing bad habits its not good in Bitcoin.

There's no arguing that Core is better than any other wallet, but it's wrong to dismiss other wallets. Electrum has been around for years, it was reviewed by many people, it's one of the most popular wallets, and for a reason.
Almost every software has some bugs, this is a reality. When a serious bug was discovered in Core client earlier this year, people didn't say that it's insane to use Bitcoin, we just accepted that software is not perfect.
The recent Electrum vulnerability didn't render it broken in a sense that attackers could easily steal private keys, it abused error massages from servers to execute a social engineering attack. If you are using it as cold storage, you would be unlikely to get affected because you'd need to get through many steps - first you'd need to broadcast a transaction on your watch-only Electrum wallet that is connected to a malicious server, than you'd need to download a malicious client and install it on your air-gapped machine, and only then your coins would get stolen if you sent some coins again.

Bitcoin ecosystem remains a harsh place for unexperienced people, and for anyone involved it's important to develop a deeper understanding of cybersecurity.

Plus let's be in the reality that not all Bitcoin investors will be patient or motivated enough to run bitcoind/Core wallet, and download the blockchain. That was one of the causes why we have other tools that were developed for the community, such as Electrum.

For purely cold storage purposes, I believe the guide is as good as the user's ability to secure his seeds.

You can't really compare the bug that was found in Core, which was theoretical at best, and fixed anyway before it even had a chance to do anything.

The Electrum bug as explained by theymos sounded as if you were just a click away from losing your coins:

Quote from: theymos
This message is false, sent to you by a hacker. If you click the link in the message and install the software, then your BTC will be stolen.

When has Bitcoin Core had anything like that? I mean fuck, I could have believed that was a real update myself and click on there. At least if you are going to use Electrum with Tails, be sure to download the latest one, check the gpg keys, and disable internet when generating the wallet, then create a watch-only wallet and put the private keys in cold storage to never see the internet again. This also requires a level of expertise, at the end of the day there are no shortcuts to Bitcoin security. I understand not wanting to download the entire blockchain but you will still need the watch-only/airgap private keys dual setup as a must.