|
Title: Encrypt Wallet Post by: MountainTop on July 26, 2014, 08:26:56 AM What do encrypt wallet actually do in the Bitcoin code?
More specifically, I am curious what it encrypts, what algorithm it use and the outcome of the encryption (maybe just a unreadable file?). Title: Re: Encrypt Wallet Post by: shorena on July 26, 2014, 09:34:21 AM I assume you are talking about the wallet.dat bitcoin core uses, other clients might work differently.
The wallet.dat contains (among other data) your private keys, thus it is essential for the security of yours coin that they are protected. The algorithm used is AES256 IIRC. This will indeed make the file unreadable while encrypted. Title: Re: Encrypt Wallet Post by: btchris on July 26, 2014, 06:17:19 PM It's complicated ;)
The wallet.dat file itself is a set of key/value pairs in Berkeley DB BTREE v9 format. Most of it is not encrypted, except for certain values including the private keys themselves and the master key. More specifically: A 32-byte random master key or "mkey" is generated using OpenSSL's RAND_bytes(). This PRNG is seeded by /dev/urandom on Linux or by CryptGenRandom() on Windows. Additionally on Windows, Bitcoin adds additional entropy from a screen shot and from Windows perfmon counters (possibly because OpenSSL didn't use CryptGenRandom() in early versions?). The mkey is used as an encryption key to encrypt each individual Bitcoin private key using AES-256 in CBC mode with PKCS7 padding and an initialization vector of SHA-256(SHA-256(the respective public key)). Your password, plus an 8-byte salt which is initially generated using RAND_bytes() and stored in wallet.dat, is fed into PBKDF1-SHA-512 (normal PBKDF1 doesn't use SHA-512) with a certain number of iterations (stored in wallet.dat) to generate 512 bits of derived key data. The iteration count is initially set such that it will take about 1/10th of a second to run the iterations on whichever CPU the password is added (or modified). This derived data is divided into three parts. The first 256 bits are used as an encryption key, the next 128 bits are used as in initialization vector, and the remaining bits are discarded. This encryption key and initialization vector are then used to encrypt the mkey (again using using AES-256 in CBC mode with PKCS7 padding), and the encrypted mkey is stored in wallet.dat. Upon a password change, only the encrypted mkey needs to be recomputed and written back to wallet.dat, while it's unencrypted value and all of the Bitcoin private keys which it encrypts remain unchanged. Title: Re: Encrypt Wallet Post by: diabanhxeo on July 27, 2014, 12:52:11 AM What do encrypt wallet actually do in the Bitcoin code? More specifically, I am curious what it encrypts, what algorithm it use and the outcome of the encryption (maybe just a unreadable file?). We have backed up the wallet Why should we encrypt the wallet? Thanks ! Title: Re: Encrypt Wallet Post by: rarkenin on July 27, 2014, 01:00:48 AM We have backed up the wallet Why should we encrypt the wallet? Thanks ! Back up the wallet to avoid being locked out. Encrypt it to avoid having your coins stolen. Title: Re: Encrypt Wallet Post by: btchris on July 27, 2014, 01:54:29 PM We have backed up the wallet Why should we encrypt the wallet? Thanks ! Back up the wallet to avoid being locked out. Encrypt it to avoid having your coins stolen. Malware (viruses) has become very clever (it's big business these days). If malware does manage to find its way onto your computer, it can easily steal your wallet if you don't encrypt it. Even if you do encrypt it, more sophisticated malware can still steal your wallet (read up on "keyloggers" for more details). If this concerns you, and it should if you have a lot of Bitcoin stored in your wallet that you can't afford to lose, read up on how to use cold storage. Title: Re: Encrypt Wallet Post by: MountainTop on July 27, 2014, 03:41:38 PM It's complicated ;) The wallet.dat file itself is a set of key/value pairs in Berkeley DB BTREE v9 format. Most of it is not encrypted, except for certain values including the private keys themselves and the master key. More specifically: A 32-byte random master key or "mkey" is generated using OpenSSL's RAND_bytes(). This PRNG is seeded by /dev/urandom on Linux or by CryptGenRandom() on Windows. Additionally on Windows, Bitcoin adds additional entropy from a screen shot and from Windows perfmon counters (possibly because OpenSSL didn't use CryptGenRandom() in early versions?). The mkey is used as an encryption key to encrypt each individual Bitcoin private key using AES-256 in CBC mode with PKCS7 padding and an initialization vector of SHA-256(SHA-256(the respective public key)). Your password, plus an 8-byte salt which is initially generated using RAND_bytes() and stored in wallet.dat, is fed into PBKDF1-SHA-512 (normal PBKDF1 doesn't use SHA-512) with a certain number of iterations (stored in wallet.dat) to generate 512 bits of derived key data. The iteration count is initially set such that it will take about 1/10th of a second to run the iterations on whichever CPU the password is added (or modified). This derived data is divided into three parts. The first 256 bits are used as an encryption key, the next 128 bits are used as in initialization vector, and the remaining bits are discarded. This encryption key and initialization vector are then used to encrypt the mkey (again using using AES-256 in CBC mode with PKCS7 padding), and the encrypted mkey is stored in wallet.dat. Upon a password change, only the encrypted mkey needs to be recomputed and written back to wallet.dat, while it's unencrypted value and all of the Bitcoin private keys which it encrypts remain unchanged. This is exactly what I want to know. It is very helpful and thanks a lot! But then I came up with a question (probably very silly), what if this wallet.dat file is manually being deleted, is there any backup itself ? Title: Re: Encrypt Wallet Post by: MountainTop on July 27, 2014, 03:52:17 PM I assume you are talking about the wallet.dat bitcoin core uses, other clients might work differently. The wallet.dat contains (among other data) your private keys, thus it is essential for the security of yours coin that they are protected. The algorithm used is AES256 IIRC. This will indeed make the file unreadable while encrypted. Thanks a lot! But what is IIRC? Title: Re: Encrypt Wallet Post by: rarkenin on July 27, 2014, 03:52:56 PM Thanks a lot! But what is IIRC? "If I remember correctly". It's not actually a crypto term that applies to the algo. Title: Re: Encrypt Wallet Post by: btchris on July 27, 2014, 05:08:36 PM This is exactly what I want to know. It is very helpful and thanks a lot! But then I came up with a question (probably very silly), what if this wallet.dat file is manually being deleted, is there any backup itself ? Bitcoin Core does not make any automated backups. You need to either backup the wallet.dat file yourself (but only when Bitcoin isn't running), or use the Backup Wallet option in the menu. Backups should be created at least once for every 100 new receiving addresses created. Some clients do perform automated backups (of course, backups to the same hard drive aren't all that useful...):
|