If you use electrum's command-line then BEWARE using electrum restore command to restore your wallet from seed! I just noticed a significant security issue with this process. Since the seed is entered on the command-line as an argument upon invocation, it is not only visible to other users on the system by looking at the process list, but is now likely saved in your shell's history file in plaintext as well! For most users this is the hidden .bash_history file in your home directory.
I verified this issue was present in version 2.7.15 and still present in the latest code from GitHub. So if you've ever used electrum restore, do yourself and favor a double-check your history file. This applies to command-line restore only, on Linux/OSX/BSD systems.
This issue has now been reported to the Electrum developers on GitHub as issue #2638: https://github.com/spesmilo/electrum/issues/2638
-shawn
Of additional concern: any software you install as this non-privileged user has access to your shell history file. This is a pretty serious malware vector for Electrum command-line users.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Until there is a fix to the default mode, use
electrum restore ?to restore from seed. The question-mark at the end forces Electrum to prompt for the seed text instead, which is much safer. As currently written, average users may not be aware of the security risk. Electrum developers are aware of this issue and will hopefully have a fix soon.Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Pretty normal I would say, like when you enable your wallets for staking!
Just use history -c, done :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit