Bitcoin wallet Electrum

Electrum is a deterministic wallet where all bitcoin private keys are derived from a single seed. That means that you only have to backup the seed once and it’s good for life. It also means that should the seed be compromised all your bitcoins can be stolen. So let’s look at how electrum seeds are created and secured.

Seed Generation

Electrum generates a random seed for a new wallet when you first run it. The seed is a 128 bit random number that is generated by using an “operating system specific randomness source”. Under Linux and Unix like operating systems including Mac OS X that is /dev/urandom and under Windows it is CryptGenRandom.

Key Stretching

Electrum employs what is called “key stretching” to increase the security of your wallet seed. Key stretching is a computationally intensive process that is used for two main reasons:

- To make it harder for anyone to try and crack your seed. For a legitimate user the time it takes to do key stretching is negligible but for an attacker that is trying to brute force keys it can be prohibitive.

- To make low entropy seeds safer. Human beings are not a good source of randomness which is why the Electrum seed is computer generated. However, Electrum allows you to enter your own human generated seed if you want to. Key stretching is used to make such seeds harder to attack.

Current versions of electrum run the seed through SHA256 a 100, 000 times:

From Electrum 2.0 it will be using a specialized Key Derivation function: