|
Title: Steal coins from unencrypted wallet after encryption Post by: CYPER on January 08, 2014, 05:08:02 PM Imagine the following scenario: a thief had managed to steal an unencrypted wallet long time ago, which I now decide to encrypt and use.
If he doesn't know the encryption password, but has the same wallet from before encrypting it, can he spend any coins that I put in the wallet after encrypting it? Thank you. Title: Re: Steal coins from unencrypted wallet after encryption Post by: Colin Miner on January 08, 2014, 07:40:36 PM Yes.
This is why its important to shred unencrypted wallet backups after they have been replaced with the encrypted version. Coins are not stored in the wallet, only private keys with their corresponding public key. If the private key that is linked to coins is compromised, the coins can be spent. Title: Re: Steal coins from unencrypted wallet after encryption Post by: CYPER on January 08, 2014, 08:00:16 PM Yes. This is why its important to shred unencrypted wallet backups after they have been replaced with the encrypted version. Coins are not stored in the wallet, only private keys with their corresponding public key. If the private key that is linked to coins is compromised, the coins can be spent. I am aware of what the wallet contains, but when you encrypt your wallet you get a message that the old wallet will no longer work. After some brief research I found that it prunes the entire pool of private keys and create a new one after encrypting, which is confusing to me. Title: Re: Steal coins from unencrypted wallet after encryption Post by: BookLover on January 08, 2014, 08:40:55 PM It is true that it prunes the "keypool", but this is simply a bunch of pre-generated keys which bitcoin-qt uses whenever it needs a new key. There's a lot more to this question than meets the eye but the simple answer is:
All coins in the addressess created before the encryption will be accessible to the thief. This includes coins sent to these addresses before and after the encryption. Title: Re: Steal coins from unencrypted wallet after encryption Post by: Colin Miner on January 08, 2014, 09:30:36 PM Quote When wallet passphrase enrcyption becomes enabled, any unused keys from the keypool are flushed (marked as used) and new keys protected with encyption are added. from https://en.bitcoin.it/wiki/Wallet_encryption (https://en.bitcoin.it/wiki/Wallet_encryption) could be source of the confusion.Which is cleared up by BookLover; It is true that it prunes the "keypool", but this is simply a bunch of pre-generated keys which bitcoin-qt uses whenever it needs a new key. There's a lot more to this question than meets the eye but the simple answer is: All coins in the addressess created before the encryption will be accessible to the thief. This includes coins sent to these addresses before and after the encryption. And you can prove this to yourself very easily. Just do what you are suggesting. I have done this on my test rig, but you can follow this demo and see for yourself. From the command console of bitcoin-qt: 21:07:10 dumpprivkey 12JCRJTxKjwbucjdP12hZwa9TeqLjsmAP8 <-- this dumps the private key for the specified address 21:07:10 L25HtjefAu1RAhVTFQToBqMJ8sedpBYXtuwuYBUkCsG6MBmsWMeQ <-- this is the unencrypted private key of the address (no coins associated!) encrypt wallet (test) <-- I used the gui to encrypt the wallet with the pass phrase of 'test' 21:14:02 walletpassphrase test 6000 <-- this unlocks the wallet using the encryption key of 'test' for 6000 /units of time/ 21:14:29 dumpprivkey 12JCRJTxKjwbucjdP12hZwa9TeqLjsmAP8 <-- with the wallet unlocked dump the private key again 21:14:29 L25HtjefAu1RAhVTFQToBqMJ8sedpBYXtuwuYBUkCsG6MBmsWMeQ <-- and compare with the previous version L25HtjefAu1RAhVTFQToBqMJ8sedpBYXtuwuYBUkCsG6MBmsWMeQ - the same! ;) Title: Re: Steal coins from unencrypted wallet after encryption Post by: CYPER on January 08, 2014, 10:05:23 PM Thank you guys.
I have an old NMC wallet from 2011, which is probably safe, but one cannot be 100% sure. So instead of testing out if a thief have a copy I will just create a new one and transfer the NMC there. Title: Re: Steal coins from unencrypted wallet after encryption Post by: Colin Miner on January 08, 2014, 10:08:21 PM So instead of testing out if a thief have a copy I will just create a new one and transfer the NMC there. Yes, this has to be the safest way, move the coins to a new wallet that is properly secured :)Title: Re: Steal coins from unencrypted wallet after encryption Post by: CYPER on January 08, 2014, 10:10:33 PM So instead of testing out if a thief have a copy I will just create a new one and transfer the NMC there. Yes, this has to be the safest way, move the coins to a new wallet that is properly secured :)The coins are still at the pool and my dilema was to either use the old wallet (nostalgia seeing all these transactions from 2011) or a new one. I am so paranoid sometimes, which in the Bitcoin world is a good thing ;D |