Bitcoin Forum
March 19, 2024, 02:21:39 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Different hashes when creating encrypted backup twice (Bump. Nobody?)  (Read 730 times)
pf (OP)
Full Member
***
Offline Offline

Activity: 176
Merit: 105


View Profile
July 20, 2015, 04:28:07 PM
Last edit: July 23, 2015, 04:56:23 PM by pf
 #1

I did this:

  • Yesterday, I saved an encrypted digital backup of my wallet to my hard drive. Its SHA-256 hash was fb032...
  • Today, I wanted to try again, just in case. So I saved again. This time the file's hash was different: 432a0...
  • But then when trying again for the 2nd time (today) and 3rd, 4th, 5th time, I always got my yesterday's hash fb032...

What could possibly explain the fact that I got a different hash once? Can the encrypted backup file really change like that sometimes?
1710814899
Hero Member
*
Offline Offline

Posts: 1710814899

View Profile Personal Message (Offline)

Ignore
1710814899
Reply with quote  #2

1710814899
Report to moderator
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
pf (OP)
Full Member
***
Offline Offline

Activity: 176
Merit: 105


View Profile
July 23, 2015, 04:57:25 PM
 #2

Bump (hope bumping is okay).
It's just that I found that very strange. Something malicious could be going on. Unless there is a good explanation for this?
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 3640
Merit: 1345

Armory Developer


View Profile
July 23, 2015, 07:30:24 PM
 #3

Tons of different operations will change the binary content of a wallet. From adding/modifying/removing comments, to generating new addresses, to spending coins, and so on.

A wallet should not change in between runs: if you turn off Armory, hash your wallet, don't run Armory for a couple days and hash the wallet again, you should expect the same hash. If you ran Armory in between, all bets are off.

pf (OP)
Full Member
***
Offline Offline

Activity: 176
Merit: 105


View Profile
July 24, 2015, 04:57:12 AM
 #4

If you ran Armory in between, all bets are off.

Do you know what could have happened to change my wallet's binary for a short while, even if I didn't modify the wallet file explicitly within Armory? Maybe the Armory did something to it temporarily.

Again, like I said, the hash changed, but after exporting right afterwards the hash went "back to normal" again. I wonder what Armory could have done to it there in between.

Do you guys, who are familiar with the Armory code, have any ideas?
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 3640
Merit: 1345

Armory Developer


View Profile
July 24, 2015, 11:18:15 AM
 #5

Did you hash the wallet, the backup, or both?

pf (OP)
Full Member
***
Offline Offline

Activity: 176
Merit: 105


View Profile
July 24, 2015, 01:08:26 PM
 #6

Did you hash the wallet, the backup, or both?
These are the steps I performed:

  • I created an encrypted backup of my wallet. I hashed it.
  • The day after, I created an encrypted backup of my wallet in just the same way. I hashed it, and got a different hash. Yet I had not modified the wallet in any way within Armory (or anywhere else).
  • A few moments later, again without modifying the wallet in any way within Armory (or anywhere else), I created an encrypted backup of my wallet in just the same way. I hashed it. Now I got the same hash as I did the day before! This was further proof to me that I had, indeed, not modified the wallet in any way myself.
  • All subsequent repeats (create encrypted backup and hash) have consistently resulted in the same hash in the days that followed.

This is a mystery to me. Is there anything Armory can do sometimes that causes a wallet's encrypted backup to change like that? I wonder what could possibly have happened that one time in between.
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 3640
Merit: 1345

Armory Developer


View Profile
July 24, 2015, 02:27:34 PM
 #7

Used a different password the second time around?

pf (OP)
Full Member
***
Offline Offline

Activity: 176
Merit: 105


View Profile
July 24, 2015, 04:46:37 PM
 #8

Used a different password the second time around?
Armory doesn't ask me for a password when creating an encrypted backup. That makes sense to me, since the wallet is already protected with a password. So I presume it just uses that same password to protect the encrypted backup?
pf (OP)
Full Member
***
Offline Offline

Activity: 176
Merit: 105


View Profile
July 24, 2015, 05:18:48 PM
 #9

Used a different password the second time around?
Armory doesn't ask me for a password when creating an encrypted backup. That makes sense to me, since the wallet is already protected with a password. So I presume it just uses that same password to protect the encrypted backup?
One thought that came to my mind at first was: does it put some timestamp into the wallet? But the subsequent consistent hashes disproved that theory. Is there any other info it could be changing on a fleeting basis? Hmmm. What a conundrum.
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 3640
Merit: 1345

Armory Developer


View Profile
July 24, 2015, 09:04:45 PM
 #10

The data in the wallet can change for a lot of different reasons, but I don't expect anything short of user action can modify data then roll it back. Maybe your log file could yield some information of what happened, but at this point I'm not so sure Armory is the culprit anymore. Did you change permissions on the file maybe? You should try to reproduce the faulty hash again.

pf (OP)
Full Member
***
Offline Offline

Activity: 176
Merit: 105


View Profile
July 25, 2015, 01:31:34 PM
 #11

The data in the wallet can change for a lot of different reasons, but I don't expect anything short of user action can modify data then roll it back. Maybe your log file could yield some information of what happened, but at this point I'm not so sure Armory is the culprit anymore. Did you change permissions on the file maybe? You should try to reproduce the faulty hash again.
I was able to produce a behavior that may give us some clues. This is what I did just now:

  • Turned on my offline computer (Ubuntu 14.04)
  • Launched Armory Offline
  • Opened my wallet in the list
  • Exported an encrypted digital backup. Wrote down the hash. Let's call it hash AAA. It was the same hash I've been getting lately.
  • Chose "Make Paper Backup" and typed in the wallet password when Armory asked for it.
  • Closed the paper backup window.
  • Exported an encrypted digital backup again. Wrote down the hash. It was different than the one earlier! Let's call this hash BBB.

Then I did this:

  • I shut down my computer, restarted, and repeated the above process.
  • This time, in all cases (both before typing in a password to get to the paper backup window and after having done so), I got out the hash BBB for my encrypted digital backup.

What could explain this? Some Armory developer must have some ideas.

The only thing that comes to my mind right now is something like this: If I type in a password to get to the paper backup window, my wallet changes somehow but only under certain conditions. Maybe it has something to do with the current date/time. I don't know.

Anyone?

This is mysterious indeed.
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 3640
Merit: 1345

Armory Developer


View Profile
July 25, 2015, 03:00:09 PM
 #12

You unlocked the wallet so it used this opportunity to compute missing private keys. Armory wallets derive the public key chain without the need to compute the relevant private keys beforehand. This is how watching only wallets function. Specific to our format, when you unlock a wallet (i.e. make the private keys temporarily "visible" to Armory), the missing private keys are computed and saved to disk along the relevant public keys.

As I said a wealth of different operations can modify a wallet file, but that does NOT explain your issue. Your issue is that your wallet went from hash1 to hash2 (nothing out of the ordinary), yet it went back to hash1 later on. Certain operations in Armory could result in that but the steps you describe does not include any of these.

Quote
What could explain this? Some Armory developer must have some ideas.

etotheipi developed the wallet format and I did the recovery tool. We are the only 2 at Armory with lots of experience on this wallet format, and I don't expect he has a different angle on this. You should start looking at the state of your environment as well.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!