<CENTER>![electrum.png](https://steemitimages.com/DQmZudN7GeojGNuN2h8DBkGJSzweaUr4byy6bcDJc2GSrdf/electrum.png)</CENTER>
<BR/>

First of all there is no need to panic, you are probably not affected by this bug, but I just put this out as a PSA since I have found a serious bug in the way Electrum generates it's seed but only if you generate it from the command interface. 

# You are **`NOT`** affected by this bug:
* If you have generated your Electrum wallet / Seed, from the GUI interface. So if you use Electrum's GUI version, like probably 99% of other users do, then this bug does **`NOT`** affect you at all.
* If you have generated your Electrum wallet / Seed, from the command line/terminal interface but without using the `--entropy` command

<br/>

# You **`ARE`** affected by this bug:
* If you have used the `--entropy` command in the console/terminal, and in fact it's very probable that your wallet seed has very little entropy, in fact so little that it could be dangerous to store any Bitcoins in those wallets, since the seed can be easily guessed by a computer running all day guessing private keys, [which hackers are already doing](https://www.youtube.com/watch?v=foil0hzl4Pg).

<br/>

---------------------------

<br/>

# Issue

So the problem is with the `--entropy` command which triggers the `custom_entropy` variable and part of code, which I have already found pretty strange in my code audit:
* https://steemit.com/programming/@profitgenerator/electrum-bitcoin-wallet-code-audit

So I had to contact the developer to tell him about this issue, and it turns out I am right, I found a serious bug:
* https://bitcointalk.org/index.php?topic=2012226.0

So if you just use the GUI Electrum, then this is of no concern to you, but it is of concern to people who like to add some extra entropy to their wallets, and who thought this is a safe way to do it, only to turn out that it's not.

There are 2 issues, 1 is the quality of the user generated entropy, which is more like a user related problem, since people will just enter their birthdate or their phone number there which has 0 entropy but they think it's secure. However I guess most tech savvy people who use the console are hopefully not this dumb.

But the main issue is a cryptographic issue. The part of the code in the `mnemonic.py` file:

`custom_entropy * (my_entropy + nonce)`

This code tries to imbue the custom entropy into that pre-generated random number by multiplying with it. I am not crypto expert but I have done my research and many experts agree that multiplying is a very shitty way of adding entropy.

In fact it doesn't add entropy, it can actually lower it, because multiplication can only create [smooth numbers](https://en.wikipedia.org/wiki/Smooth_number) and not primes.

So if you have a dice which has 6 outcomes and hence 2.5850 bits of entropy.

If I want to add another 2.5850 bits of entropy to it, to obtain 5.17 bits, then if you multiply the numbers it will be less than that, it will be only 3.807 bits instead of 5.17 bits. Ok so it adds some entropy, but not the full amount.

If we add a small block of entropy to a large one like a 1000 sided hypothetical dice (9.9658 bits) multiplied with a 6 sided dice (2.5850 bits), it should be 12.5508 bits, but in reality its just 11.5172 bits. So it looks like it doesn't destroy the large stack of entropy, but it certainly destroys the smaller stack.

I write a quick python code so that you can play around with this concept:

```python

import math

array=[]
x=1
y=1

for x in range (999):   # from 0 to 999 
 for y in range (5):    # from 0 to 5
  prod=(x+1)*(y+1)      # cycle through 1000 x 6 sized cycle and multiple all numbers in this range from 1 to 6000
  array.append(prod)    # add the product to the array

fin=sorted(set(array))  # remove duplicates, since we are only interested in how many unique combinations (entropy) the multiplicator operator can give; then sort it by ascending order
length=len(fin)         # length of the array 

print fin
print "length: "+str(length)
print "bits: "+str(math.log(length,2)) # log2 of the length is it's Shannon entropy value
```

<BR/>

So this proves that multiplication doesn't lower the total entropy below the higherst number, but it lowers the entropy of the lowest number significantly.

So the Electrum script creates like a 128 bit number, if it replaces like 20 bits of the RNG with your custom entropy, which it doesn't, then that 20 bits might as well just be 10 bits, even if you generated them by yourself using a dice, simply because multiplication lowers it. Of course if you put there your phone number or your birthdate, that by definition has 0 entropy.

So instead of having a 128 bit strong seed, you get something like 100 bits, which is still relatively strong, but kind of not recommended.

The only way to maintain entropy is to concatenate the strings. So if you add 2 x  6 sided dice's entropy together, you do that by concatenation, not multiplication. And then the largest value becomes 66, which is 6.04439 bits, which is higher than the 5.17 bits expected, however this is only the informational size of it, it still only contains 5.17 bits of entropy. So it may be a larger informational size (because the [base 10 number system](https://en.wikipedia.org/wiki/Decimal) is inefficient), but the entropy of it will only be maximum 5.17 bits.

<br/>

# What to do?

Well if you are not affected by it, then nothing. If you are, then you probably want to generate a new wallet, through the GUI of course or without using that `--entropy` command, and send your bitcoins there.

It's not a very urgent issue, because I doubt you used more than 20 bits of custom entropy, but if you did then it is urgent, something like a 80 bit seed can already probably can be cracked by a supercomputer, or just some nerd running ASICs at home to crack people's private keys. [Remember they are already doing this](https://www.youtube.com/watch?v=foil0hzl4Pg).

You know this is why it's good to know Python language and some basic cryptographic concepts, because just like that, problems can arise, so the smarter you are the easier you can handle them. 

I have had some math background, so it was not hard for me to understand these, but I really recommend everyone to just learn programming and some basic cryptographic knowledge, at least the concepts of entropy, make sure you understand them.

It's just basic due diligence, if you want to play in the Cryptocurrency markets safely, it can definitely be an asset to know the basic concepts.


------------------------------------------

**Sources:**
* Electrum software is the Copyright of Thomas Voegtlin licensed with [MIT license](https://opensource.org/licenses/MIT).
* https://electrum.org

-------------------------------------------


<CENTER><H1>Upvote, ReSteem & <a href="https://steemit.com/@profitgenerator" target='_blank'><img src='https://s4.postimg.org/cfz9b1mnh/bluebutton.png' border='0' alt='bluebutton'/></a></H1>
</CENTER>