Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: Shiver on June 28, 2011, 06:06:23 AM



Title: Newbie Wallet security question
Post by: Shiver on June 28, 2011, 06:06:23 AM
Hope this isn't a stupid question, but I've got to get my head around this wallet.dat thing, which seems like a huge weakness to me, and one of the biggies that's going to give Bitcoin bad press when it starts to get mainstream usage:

If I have a copy of my wallet.dat on my phone or laptop or whatever, the wallet file isn't sitting there wide open, but is encrypted with a fairly competent password, and I've backed it up elsewhere...

Let's assume that by this time Bitcoin is fairly popular, and the thief realises there's a wallet there and immediately sets about trying to brute force crack it, If I get another copy of the wallet and immediately do a small transaction of some kind, would that update the block chain in a way to make the stolen wallet invalid?

Any enlightening comments much appreciated.


Title: Re: Newbie Wallet security question
Post by: error on June 28, 2011, 06:09:48 AM
If you discover your wallet.dat is lost or stolen, but your bitcoins haven't been removed yet, you must send them to a new address you control which is not part of the same wallet. For instance, you could send it to mtgox, or to a bitcoin client on another computer.

At this point your wallet.dat is not safe to use anymore, so after moving your coins temporarily to somewhere else, you would delete it, clean your computer, and then restart bitcoin which will generate a new wallet. At that point, you can send your BTC back to yourself from mtgox or wherever you sent it.


Title: Re: Newbie Wallet security question
Post by: Shiver on June 28, 2011, 06:17:02 AM
That's great help, thanks for the explanation.

Reason I'm asking is I have a developer friend who is also very interested in Bitcoin, and would like to create a mobile app to deskill the use of Bitcoin, but at this stage it's just back of an envelope thing trying to grapple with the concept.

Thanks again.


Title: Re: Newbie Wallet security question
Post by: error on June 28, 2011, 06:18:57 AM
That's great help, thanks for the explanation.

Reason I'm asking is I have a developer friend who is also very interested in Bitcoin, and would like to create a mobile app to deskill the use of Bitcoin, but at this stage it's just back of an envelope thing trying to grapple with the concept.

Thanks again.

One more thing, if you have any services which are sending you recurring payments, such as mining pools, then you must change your receiving addresses with those services.


Title: Re: Newbie Wallet security question
Post by: MoonShadow on June 28, 2011, 06:23:51 AM
Whichever copy of the private address key inside of the wallet that spends the coins first is the valid copy, and all others become invalid.  However, advance keys are generated inside the wallet.  So if you suspect that an encrypted copy of your wallet has been taken, then the best course of action is to transfer out all of your coins from that wallet, and then completely destroy that wallet.dat file.