Bitcoin Forum

Hey,

I was just wondering, is it possible for someone to hack an encrypted wallet.dat

Thanks

certainly, especially if it was encrypted with a weak password.
EDIT: I don't know how fast a wallet.dat bruteforcer will work, but it's defenatly doable.

If you chose a strong password (+16 characters, using lower case, upper case, numbers and symbols, nothing from a dictionary) it's almost impossible.

So, what is the best to encrypt a wallet.dat?

Just use a strong password, and keep your PC clean (if they manage to download your wallet.dat AND use a keylogger, they'll steal your coins in seconds)

I guess the encryption for the wallet.dat is SHA256 like the hashing algo, in this case it would be freaking impossible to bruteforce even with a supercomputer. I think a 12 character password would be enough to make it impossible.

Sure... I always advise 16+ characters, but 12+ will certainly get the job done.
Almost as important as chosing a long password, is chosing one that cannot be found in a dictionary, contains a combination of lowercase, uppercase, letters and symbols, and preferrably chose a different password for each application/website (you can easily use a password manager for this task)

Anything is possible, use strong password, keep your computer clean but the real SAFEST way of keeping your bitcoins secure is to use a cold storage wallet, that way you don't have to worry about these things.

Always use up to date anti virus like kaspersky they are always updated in latest virus..
I experience before that someone hacking my account via cookies monitoring tool.. i use kaspersky and detected 200+ virus trojan worms and any virus..
So i suggest to use kaspersky to prevent hackers to crawl your wallet.dat.. also make sure that you change your phasphrase every day so that you far in
automated password generator..
I hope it helps...

I'd say ,use encrypted password again.Use any of the primitive ciphers like symmetric key or ceaser cipher to encrypt your key.Keep the private key in your mind,even though its a simple one,encrypt it using any of the methods ,only you will know how to decrypt it.Brute Forcing is almost impossible in this case.

Another question: how to make it impossible for keyloggers to log the password?
Thanks!

Log the password ? Not sure what it means.Use a good Aniti Virus software or key logger remover.Take precautions while opening suspicious links and downloading random files from the internet.Store all your private keys and important files offline ,don't ever save the files on the computer you use for daily browsing. Especially the one with good number of coins.Use cold storage.

Encrypted wallet.dat are pointless because of keyloggers. If you afraid of hacking your PC, then you should not hold wallet on the pc but on different device, like computer without internet.

If you are afraid of somebody come to your home and steal your wallet and pc, this is much worse.

SHA256 is a hashing algorithm, not an encryption algorithm and cannot be used for encrypting stuff.

The Bitcoin Core wallet.dat file is encrypted using AES-256, which as of now, has no known vulnerabilities. The password itself is not used as the encryption key but is instead run through SHA256 and a couple other algorithms to stretch the key and produce something more secure.

As for brute forcing a wallet, it is possible and has been done before. Software does exist to attempt to brute force the password to a wallet.dat file but they are only effective if the password is short and simple. Brute forcing only works well if the password is weak or if the attacker knows part of your password. There is in fact a service to recover the password to your wallet if you happen to forget the password but remember parts of it or know what it could potentially be.

So to prevent brute forcing from being successful, use a strong password and to prevent people from stealing that password and your wallet.dat, make sure you have a good, up to date antivirus.

Yep, good advice, thanks! Yet, it's hard to do with the PoS coin wallets.
I mean these should be online for staking. So, even if these are encrypted, there might happen some malicious software with the wallet.dat stealer and a keylogger. That's why I'm asking how to make it impossible for keyloggers to log anything?
Perhaps there is some universal method, some anti-keylogger?

Yeah I confused terms. I think AES256 is what Julian Assange used to encrypt all of his data that cointained all the unreleased leaks just in case he got assassinated, so someone that he trusts would release the password to the world when they kill him, so it's that trusted. I wonder if we will ever get the password to see how it looked like.

As other said. The only factor here is method of encryption and strength of your password. There are method of encrypting your files with algorithms that are impossible to break at this moment.
I recently got attacked by CryptoWall virus, and this Trojan encrypted every file on my disk with SHA256 algorithm. This is impossible to brute force now. Maybe in the future.

i have read about that trojan, it sounds like some scary ransomeware!

do you know how you got infected by it , i want to know how to prevent.

Just use a good strength password and you'll be all fine... If it was this easy to hack wallet.dat, Bitcoin value would have struggled within 1 cent.

I personally know two guys that got infected by opening email attachments... A rule of thumb would be to never open attachments from people you don't know, but evidence suggests not everybody has enough basic knowledge to stay away from such emails.

Its only poosible if you have eternity to brute force it.  Bitcoin priv keys are practically impossible to brute force and so is a truly random password.

remember that if you're device is infected, by the time you type your password on that device, it does not matter how strong the password was, it's like giving it to the hacker

Good paid antivirus, antikeylogger and antimalware software should protect you.

In addition to at least 15 letters passwords, combination letters and symbols.

short of having a keylogger on your system

this website will give you a good clue as to how strong your password is.

https://howsecureismypassword.net/

use a sentence as your password

"thereoncewasnoblocklimit"

would take "7 QUADRILLION YEARS" to brute force  :D

Do Wallet-qt files have keyloggers in general?

i used 35 random letters - maybe iam too paranoid  :P ?


or buy a hardware wallet which even functions on an infected pc.



@cryptoheadd

what do you mean by that?!

There has been loads of studies done to show that paid vs free antivirus makes no differance at all, apart from the frills around the edges on the paid versions which are designed for aunt sally who uses a computer and was convinced by the 20 year old sales rep selling her the computer that she had to have it or her whole computer would blow up the minute it was turned on.....lol  ;D  cha ching $$$$$$$

Thank you all for your help.
I've installed sandboxie and will be using that for all the new coins.

The infection was not on my PC but  instead on my mom's notebook (where I keep handful of my own files and copy of some crucial projects).
And in my case it wasn't anything than came with an email. I think is was some fake update installer like flash, java or something like that.
interesting fact that laptop was protected by antivirus and ransomware wasn't detected - in the end I got rid of it by using Malwarebytes Anti-Malware.