Bitcoin Forum

Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

what?

what?

Makes no sense, Check the blockchain. If they is no coins in your address then you have lost them. Otherwise use a new system that is not infected and transfer the wallet.dat over.

In order to get the coin one needs the password right? which password? new or the old one?

Hi rhkazani1, if someone compromised the wallet.dat which was encrypted with password "123456", then that's the password for the wallet. Whether you change your password or not has no effect on the compromised wallet.dat file as it's different from your new one with the changed password.

P.S. wrong category

Anyone that has the access to the private key of a bitcoin adress that has received bitcoins has the rights to spend it.

This answers, thanks. Just realized its in wrong category.

you guys didn't understand what he asks...he need the new one if he didn't compromise the wallet but just copy-paste it to his pc

There you go, different answer now, so you mean the password is communicated on the network / Blockchain?

If that really happened and you still have your funds, get them out out that wallet into a new one ASAP !

mbs

But he copy/pasted when the password was 123456 not 98765, i changed the password after the wallet.dat was copied?

not sure, it might have happened, due diligence , he might be trying to crack the password, would it help if i change the password now?

i edited, if he didn't compromise the wallet(he don't know the pass so he can't access it, but you are still the only one that know about it) then he need the new one


if he(the hacker) can't access to the wallet then he need the new pass

Okay, lets say you have my wallet.dat and the password is 123456, but you're still trying to crack it, i now know that you have it and i still see my coins, and i figure out that you still haven't gotten the password, if i change it to 98765, do you need 123456 or 98765? When you got the wallet.dat the password was 123456?

i need 98765, but if i craked it it doesn't matter anymore what pass you set, because i can access to that wallet

Awesome, that answers, thanks so much!

No. If you want to secure the wallet, you should move its funds out into a new wallet asap. As stated earlier, locally changing the wallet's password from A to B does not secure the wallet if a stranger owns the wallet.dat file which was encrypted with password A and knows password A. If you change it to B, that has no effect on the compromised wallet.

it's a bit like an account, if someone steal an aka, but then you change the pass when he log out, he need the new one


the point is that he don't know about the password A, he just have the copy of the wallet, he can't access it

This is exactly what i thought, but you guys have spent more time on it, so wanted a clarification. Thanks.

What will the best way to move funds, rename old wallet.dat let the QT create a new one, generate a new address on the new wallet and then go back to old wallet transfer to new wallet?

he said "and knows password A", my case talk about the contrary, he don't know the password

The point is wallet password is stored locally, so if you have my point in time wallet.dat copy with password 123456, now matter if i change 10 password you have the wallet.dat with password 123456.

Yes, that would be a way. Or send it to an exchange and then to an address of your new wallet.

Got it, thanks.

it should work like an account, if someone steal my aka(and he don't change the pass) then if i change it he can't access anymore

of i forgot that we are talking about a decentralized thing..yeah it makes sense

No password is 'in effect'. Spending the Bitcoins is possible only if someone has the private key to the address. The private key is encrypted in the wallet. If an attacker now has access to the private key, it doesn't matter how you encrypt the private key, since it already has been compromised! Makes sense? Any questions?

What extra level of security / protection does "Encrypt Wallet" feature has?

Well if somebody happens to compromise your wallet, there's an additional layer of security for encrypted wallets since one would need to know its password as well in order to be able to spend its funds.

Well, if your wallet is encrypted, attackers can't get hold of your Bitcoins if they get your Wallet.dat for example. They'd still have to have your encryption password in order to get to steal the Bitcoins!

"If one compromises an encrypted wallet, you can spend its funds right away" How could you spend right away if it is encrypted?

that was a typo ;)

lol, you scared the hell out of me, I was like I need to go to school again :P Thanks mate!

Yup, perfect, thanks for the clarification.

I think he meant "If someone got hold of your wallet". Because if that happens with an unencrypted wallet, the funds can be spend right away. But if there's still the encryption, they'd need to break that first!

Correct,

Yes, except that you should set a password on the new wallet before you send the bitcoins over.

Alright, thanks, that was something new.

That actually isn't enough. If there really is malware on the computer, it could still get the unencrypted version of the wallet (which has all the keys) or intercetp the keyboard inouts via a keylogger! Every machine that's connected to the internet is at risk here.

True!

If he stole your encrypted wallet he can decrypt it with the old password. You should create a *new* wallet, with different addresses and a new password and send your entire balance to it ASAP unless you have a very strong password such as r6jv16kZLmfJG#au and are sure it hasn't been exposed. For obvious reasons don't use the password I just posted.

Yup, thanks, appreciate your response.