Bitcoin Forum

Why doesn't the BC client - currently 0.3.19 - ask for a password? My wallet is on my disk unencrypted, right?

I don't think that's a good idea. I think that the wallet.dat file should be encrypted with AES-256 with a salted hashed password as part of normal operating procedure.

I agree that this would be a useful feature.

It could also be argued, though, that file encryption or disk encryption are better done by separate tools rather than by adding more unnecessary code to the Bitcoin client. Good operating systems support it already.

The problem is that the Bitcoin application would have to be able to operate on an encrypted file somehow.

An absolute must.  It's only a matter of time until trojans start going for wallet.dat

If you can't code this feature, you might want to put up a bounty for it.

Oh no, again?!  >:(

If you have a trojan on your computer you've already lost.  The trojan could easily log your keystrokes and send your password along with the encrypted wallet.dat to the bad guys.

https://www.bitcoin.org/smf/index.php?topic=1852.0

and many other topics...

Actually having thought about this for a while (and the threat models in general for many many months) the answer is that no encryption or protection of wallet.dat should be provided by the bitcoin devs at all. I will provide the following reasons in the points below.

1)It will take development time away from core development items. Bitcoin.exe is very young and providing this kind of functionality is too much too soon. We have more important things that need to be done at this time.

2)There is no danger yet. One reason there are so few viruses for Macs is that they are less popular, and as a result writing a virus or trojan for them has less of an overall effect(there are other reasons, but this is one of them). Yes eventually bitcoin and wallet.dat will become a target for trojans but only after it has reached a significant level of popularity. Until it is much more generally accepted as a currency it is of no use to criminals. It will remain below criminals radar for at least 1-2 more years.

3)It will provide a false sense of security to users. Once encryption is used then trojans need only target the users password, and it is very easy for a trojan to steal a password, making all encryption useless. This is why the Pidgin IM follows this route, they believe that encrypting the users passwords (for their IM accounts) will give users a false sense of security, so they leave it un-encrypted, in a text file, and specifically tell the user this.

The actual problem is once a users system is compromised there is nothing that the bitcoin.exe can do to protect wallet.dat

The only way for users to protect themselves is to work in preventing their systems being compromised by trojans and viruses and unauthorised users. This means they must have full disk encryption, if they are using windows they must have good, up to date anti-virus and anti-spyware, keep their system and applications up to date, and be careful where they visit on the internet or what they install. For other operating systems it's a lot easier; full disk encryption and that is pretty much it.

If users want to protect their money they must take action to do so, they must take it seriously. Keep backups etc. They have locks on the doors and windows of their home, some even have alarms. If they have anything worth protecting they hide it. They same can be said for the important information on computers.

And besides, I believe a lot of the people who are here(and using bitcoin) are cypherpunks, crypto-anarchists, and Linux or Mac users, and in general wear tinfoil hats. This is one of the first places I have been where it is considered normal for users of the site to use PGP encryption. The other users are all Austrian school economists, and they will be happy to pay someone to secure their system for them.

Provide an extension architecture and let bitcoiners add their own extension on top of the bitcoin client. Of course, that mean more work for the limited developer pool.

As for me, I don't do backup often because it's not exactly a walk in the park to do them. I have the programming skill to automate my backup, but far too often are distracted by somebody else.

Playing devil's advocate for a moment:

"Security theater" is popular.  It makes people feel safer.  Bitcoin-the-program will probably be more popular if it asks for a password before sending and there is a bullet-point on the feature list:  "State of the art AES-256 encryption."

I believe TrueCrypt is open source; maybe it would be easy to use their password handling / encryption code in bitcoin.  Anybody here looked at their code?

http://bitcointalk.org/index.php?topic=2528.msg34263#msg34263

Lastpass  :)

Their code are too bad whan bitcoin code, info 100% :)

We in Russia have an official program-purse for WebMoney named "Keeper". This program has taken the way of the security theater. As a result it became very difficult to use and yet it is blocked whenever the user changes the hardware. :) This is one of the reasons for the rapid loss of market.

See, what I want is to have the wallet.dat file encrypted, start the BC client, have it ask for my password, read and decrypt the wallet.dat file and keep it in ram, never write a clear version to the disk.

When I create a new key pair, it writes it in encrypted form to the disk. No need to encrypt it when saving as it is never on the disk in clear.

Keeping things in RAM doesn't make anything safer, at all, understood that the day i downloaded my first Diablo trainer.

If we really want to give the average user a good chance of protecting his wallet, it would be more effective to allow the split of a wallet by just "pressing a button". A new wallet file, encrypted with a given password, would be created, and the corresponding coins would not be on the main file anymore. Then the program recommends the user to keep multiple backups of this piece of wallet on safe, disconnected devices.
I know all this can be done manually or with scripting, but I just don't see my parents doing so. :D

This is the best approach in terms of security. But Gavin has a really good point when he says that a built-in encryption gives the feeling of security, and may increase bitcoin adoption. And, well, such protection can be effective against not-so-expert attacks, for instance somebody that happens to have access to your computer while you're not there (a "friend" that you shouldn't have trusted, that new nanny you just hired etc...). Of course, such kind of risk will only be something to worry about when bitcoin reaches mainstream, and by then we'll probably have multiple clients doing built-in encryption...

This is the best solution. Bitcoin doesn't even need to do the encryption (though it would be nice) -- it just needs to split the wallet. Then users can secure their "savings account file" appropriately.

+1

Encrypting your "current account" wallet.dat on the HD is no protection against trojans or hackers because sooner or later it must be decrypted again (at the latest when you want to send a transaction).

So the first priority should be protecting your system against infiltration.  Use a firewall, don't install too much crap, and only connect via Tor (that way you are not advertising to the whole world - hey eveybody, there is a wallet.dat located at this IP address!).

Also, keep your coins in more than one wallet.

This is silly.  Imagine the nightmare if every single application was using a password to protect its files.

The operating system is in charge of the file system security.  Not the application.

All files are equal. Some are more equal than others.

Therefore it make sense to take care of some file more than others. Whether that is done through the application itself or the operating system is irrelevant.

No, because even the ability to create files in your directory is way to the theft of these "more important" files