Bitcoin Forum
November 10, 2024, 05:39:08 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Is a compromised bitcoin wallet secured after changing the password?  (Read 986 times)
zero3112 (OP)
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
May 05, 2013, 03:50:25 AM
Last edit: May 05, 2013, 04:09:36 AM by zero3112
 #1

I have a question about bitcoin wallet encryption consider this scenario. A virus steals your bitcoin wallet. The password is secure enough for now but lets say one day its cracked. Does changing the password on my wallet make it secure or does the person who stole it have the copy of my wallet with the weaker password? In that case would I just consider those bitcoin addresses and keys compromised and just make a new wallet? Or would I transfer the bitcoins out of those compromised address to a new secure bitcoin address that hasn't been compromised before the password is cracked?

Or do I not want to generate a new address within the same wallet file since the the attacker has the stolen wallet?

farlack
Legendary
*
Offline Offline

Activity: 1310
Merit: 1000



View Profile
May 05, 2013, 03:53:20 AM
 #2

I think once they have the private key, they have the private key.
evilpete
Member
**
Offline Offline

Activity: 77
Merit: 10



View Profile
May 05, 2013, 03:59:44 AM
 #3

If the wallet has been stolen and not yet spent then they have your private keys and the next 100 pre-generated keys your client was planning to use.

You need to move everything to another entirely separate wallet, ASAP.  Then back up the compromised wallet and make a new one from scratch..

You should keep the old wallet in case somebody ever sends something to an old address and you want to retrieve it - before somebody else does.  Just make Damn Sure(TM) you don't reuse any of its addresses.

First they ignore you, then they laugh at you, then they fight you, then you win.
- Mahatma Gandhi
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
May 05, 2013, 04:00:27 AM
 #4

No it 100% doesn't make it secure.

If the attacker has (or you think they have) access to the wallet.dat the attacker has your complete list of private keys protected only by the encryption in place IN THEIR COPY.  You changing your copy does absolutely nothing.

If you even suspect that your wallet.dat might be compromised you should immediately send funds to a NEW ADDRESS in a NEW WALLET.  By immediately I mean immediately.  It literally is a race.  Your attacker the millisecond they break your weak password will be doing the same thing and whoever gets the funds into an address they exclusively control, "owns" those funds permanently.  Once an attacker moves your funds you are SOL.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!