search

spesmilo / electrum

Electrum Bitcoin Wallet
https://electrum.org
MIT License
7.36k stars 3.07k forks source link

Feature Request: Improve discoverability and messaging around hardware wallet validation of receiving addresses (show address) #6213

Open fresheneesz opened 4 years ago

fresheneesz commented 4 years ago

I just realized that on a compromised machine, the Electrum software could have been overwritten to serve malicious addresses. Since I'm using a hardware wallet, I should be able to verify on the hardware wallet itself what addresses are mine. However I don't see any obvious way of doing this. On Trezor's mobile wallet, they have a feature for showing the address on your trezor.

Electrum should have a feature like this as well, otherwise users who are receiving payments don't get any of the benefits that a hardware wallet brings. I suggest the receiving addresses have a button similar to the Trezor web wallet called "Show Address on Trezor". Or possibly better would be a single button that puts trezor in a mode that allows you to scroll through receiving addresses.

In fact, if you're using a hardware wallet, the ideal thing would be to not even have a way to show the addresses in the Electrum UI without simultaneously showing the address on your hardware wallet. The electrum UI should be clear that the users should check the address on their hardware wallet.

fresheneesz commented 4 years ago

So now that I look deeper, I do see there's something in the right-click menu that allows you to do this. Its kind of unclear to me how much to trust the address that comes up. Not knowing what Trezor's api looks like, how can I really be sure the address that appears on the Trezor is what Electrum says it is?

Also, having the user be required to show the address on the hardware wallet would make good security a lot more fool-proof on Electrum. Otherwise, most people simply aren't going to be aware of this feature, or why its important.

SomberNight commented 4 years ago

There is an "eye" icon on the Receiving tab where the address is shown; and there is a "Show on ..." option in the Addresses tab in the context menu.

Its kind of unclear to me how much to trust the address that comes up. Not knowing what Trezor's api looks like, how can I really be sure the address that appears on the Trezor is what Electrum says it is?

Well it's the hardware manufacturer's responsibility to ensure this. The Trezor API call e.g. takes a bip32 path, so you can only get it to show an address it derives itself.

Also, having the user be required to show the address on the hardware wallet would make good security a lot more fool-proof on Electrum.

See https://github.com/spesmilo/electrum/issues/5126

fresheneesz commented 4 years ago

Well it's the hardware manufacturer's responsibility to ensure this. The Trezor API call e.g. takes a bip32 path, so you can only get it to show an address it derives itself.

That's interesting information. It would be nice if that information was present on the pop up that comes up when you use either the "eye" button or the "Show on .." option. That would give people like me a bit more peace of mind.

See #5126

That would certainly be an improvement. I'll comment there with some additional ideas.