Bitcoin Forum

I've had a (one and only) wallet for a year or so now, and have backed it up numerous times to DVD, etc.

Let's say one of my earliest backups of that wallet.dat fell into the wrong hands, and in that wallet I had used a more crackable passphrase than I use now. If someone knew that password and starting running bitcoin with my wallet, what would happen? Is it safe for these wallet backups to exist?

What would happen if I had a drive die and had to restore my wallet using one of these old wallets?

I wouldn't put anything like that to DVD without TrueCrypt.

Actually, TrueCrypt containers are just about the only thing I would ever consider burning to disc these days.

Thanks for your comments, but they did not remotely answer my questions.

If anyone would get the hands on one of this backups and manages to crack it. He would have full access to all addresses you used at this point + the next 100 you used.

On the point you change you passphrase an new 100 addresses are created. So all new addresses from this point in time are save.

Unless you are 100% sure no one can touch it, No.

If for example all of your backups were contained on physical devices, external Drive, flash, even DVD. And locked away in a bank vault. Then yes

But that would encompass deleting your digital wallet(s) which I am sure you do not want to do.

Anyway, regardless might want to add a bit of security. Good luck!!

So, just to clarify: if I change my passphrase now, and make a backup, all the previous backups with the old passphrase are invalidated?

I believe that's correct, once you apply a new pass-phrase the current condition of the wallet will only be accessible with the current pass-phrase. Not sure if it will invalidate old versions of the wallet though.

Hopefully someone can chime in on that

No, you wallet always has the next 100 Keys (Addresses) you use pre generated. So all Addresses you used until that point are still valid. When you change your passphrase a new set of addresses (for future use) is generated. So only new addresses are not the same.

If you suspect your wallet is compromised just export all the private keys, add them to a Mtgox account and they will automatically sweep all incoming funds to another address on your Mtgox account as soon as they arrive.

I'm only guessing but I suspect this sweep isn't 100% foolproof. Is it done via some kind of cron job? If so, is there a window of opportunity (say, 10 minutes?) for a thief who also has your private key, before the Mt Gox cron rolls around again and does it's "automatic" sweep?

Automatic. Instant sweep.
If a hacker got your private keys he can also sweep them and probably has tools for it, but if the hacker and Mtgox sweep the funds at almost the same time it will be a race for the first one that get's the transaction in a block.