I have some questions about the electrum tool plugin "label sync".
How does it work?
I had a look into in the QA's here how electrum server/client do work, the random server setup sounds quite resilent.
Do the electrum server save IP information by default?
How and where are the labels stored?
Does the plugin direct to a central server or is the information some how stored on all the server nodes?
Is the transmission of the labels encrypted?
thanks in advance
You can view the source of the Electrum label sync plugin on github.
How and where are the labels stored?
They appear to be stored on sync.bytesized-hosting.com:9090.
Is the transmission of the labels encrypted?
The labels are encrypted with AES using using a truncated SHA1 of the wallets Master Public Key, this should be reasonably safe. IV appears to be static, this is fairly weak but not disastrous. For most people the server should not be able to decrypt any of the information stores within the label sync service.
self.encode_password = hashlib.sha1(mpk).digest().encode('hex')[:32]
self.iv = hashlib.sha256(self.encode_password).digest()[:16]
self.wallet_id = hashlib.sha256(mpk).digest().encode('hex')
Do the electrum server save IP information by default?
The source of the sync server is available on github, however you should ideally assume that all traffic to it is logged. This would include the hash of your master public key, your IP address, and the times you were using the wallet which can be correlated with transactions. This is probably never going to be an issue for most people but it is something to be aware of.
