Bitcoin Forum

After all the drama's with on-line wallet services, I finally decided to have my own wallet, Only problem there is so many topics about wallet stealing trojans. Hence the start of this simple but useful project that will help protect your wallet while your not using it. It total scrambles your wallet.dat in a single or combination of Encryption algorithms and a option to compress the encrypted wallet. It uses a pass word pharse to Decrypt the wallet and restore it back to its original state. Nothing real special but handy never the less. Full source code will available after releasing the first version(I need to setup a git account).

SnapShot:
http://i54.tinypic.com/jadlpw.png

Current Features:
* RC4
* MD5
* SHA
* Vigenere (my own custom implementation for encrypting the pass word pharse)
* Compression

Up coming Features:
* Append Encrypted wallet to EOF of WalletCrypt.exe (This will provide portable encryption, where ever the program goes so does your wallet)
* Auto Detect wallet location
* Decrypt and place in original wallet location
* Detect closure of bitcoin client then Encrypt automatically after closed(optional).

Info:
I have basic knowledge of reverse engineering(6 years) dealing with reversing encryption algorithms(a.k.s keygenning), I dont claim this will be 100% protection for your wallet due to it being decrypted to its original state when in use. But my small amount of time/knowledge I have in this field should assure you that the encrypted wallet will not be broken if using pass pharse with 12+ characters, Ontop of that is multiple encryption algo's which are basic but when combined in it should be just about impossible to decrpyt unless the attacker knows what algo and uses a brute forcer which would then be pointless due to the password length.

If you have suggestions or ideas this is the topic to submit them, I use this personally for my own bitcoin wallet and thought it might be useful to other windows users. Its coded in Delphi and source will be available once the project is released to public.


   

Looks cool. But how exactly do you decrypt md5?

+1, md5 isn't a form of encryption, it's hashing. Same with SHA btw.

That's the point somebody-else-in-another-thread is making. Since MD5 and SHA are both one-way hash, encrypting the wallet using them would make it irrecoverable. Which implies WalletCrypt might not be doing what it claims to be doing aka wallet theft alert.

+2
This makes me suspicious


Fix'd

Well I guess if he releases the code then people can at least compile it themselves and compare it to what he is providing as a binary. The hashes part seem odd. Perhaps he's hashing the password then encrypting? It may be better to overwrite then delete. Although deleting wallets always makes me nervous...

The use of hash functions seems off to me, too. Maybe they are for key derivation? If so, then what algorithm do you use for the actual encryption?

Also, a custom crypto algorithm? This is a well known bad idea (http://diovo.com/2009/02/wrote-your-own-encryption-algorithm-duh/). Based on the name I assume it uses a Vigenère cipher (http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher) which is not secure.

Post Sauce of I'm considering this a dropper :D

He hasn't posted the binaries either. So I guess we wait for him to provide both as he promised. Then we will analyze it.

A screenshot of the GUI isn't enough to say if it's legit or not.

This is pretty obviously a joke to anyone with even basic knowledge of crypto. However, most non-technical people won't be able to evaluate it properly and reach this conclusion.