Electrum Bitcoin Wallet in Whonix Development Notes

From Whonix
< Dev
Jump to navigation Jump to search


To mitigate the risk of a known exploit, Electrum versions older than v3.3 are prevented from connecting to public servers. [1] [2] This step was necessary to prevent user exposure to phishing messages. [3] If you have an Electrum version older than v3.3 installed, then it is necessary to upgrade.

At the time of writing (July 20, 2019) the Electrum website (https://electrum.orgarchive.org) was the target of a large DDoS attackarchive.org. To follow developments, refer to this Whonix forum threadarchive.org.

This prevents users from downloading the Electrum AppImage using file downloaders like scurlarchive.org and wgetarchive.org. If you are affected by this issue, the downloaded AppImage and signature will show the corresponding file to be composed of an HTML document and ASCII text. This means there are limited options for securely downloading a functional Electrum version right now.

For greater convenience and security, the Electrum AppImage was installed in Whonix by defaultarchive.org as part of the binaries-freedom package. [4]

Previous Advice Given to Users prior Creation of binaries-freedom Package[edit]

While it is usually strongly recommended [5] [6] to install software from the Debian repositories, the latest available packagearchive.org is too old and will not connect to public servers. This means Debian's official package manager (APT) cannot be used to install a working Electrum version.

The best option at present is to install Electrum from the official website, although it is currently being attacked (see the notices section). The following instructions provide steps to verify the AppImage, but keep in mind the risks involved with manual software installation, particularly if the server infrastructure is under assault.

Footnotes[edit]

  1. https://github.com/spesmilo/electrum/issues/5183archive.org
  2. https://github.com/spesmilo/electrum/issues/5190archive.org
  3. For further details, see: Github Electrum issuesarchive.org.
  4. The latter package has been added to whonix-workstation-packages-recommended-gui , see: Install Electrum by defaultarchive.org.
  5. See: Install Software: Best Practices.
  6. Installing software best practices:

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!