Why Bitcoin Core doesn't tell you to encrypt your wallet by default?

[manselr]

I was wondering.. why Bitcoin Core doesn't prompt you with a windows to enter a passphrase the first time you boot it? I don't like the idea of a wallet that can be open for anyone to enter and modify. As a newbie they may not realize they have to put a password on it.
Of course the possibility of the password you entered being forgotten is also tragic.
How to solve this? maybe having people to enter the password 10 times, or print it or something. I don't know, im just not sure about a non-encrypted wallet by default.

[1714241456]

1714241456

[1714241456]

1714241456

[1714241456]

1714241456

[1714241456]

1714241456

[gmaxwell]

The protection provided by an encrypted wallet is pretty thin: If a theif person has access to your computer they can add a key logger or the like and then the encryption will not protect you.

Many people forget their keys; especially when they set them before they have any coins at all-- and thus nothing to protect.

Though its hard to collect data, from what I've seen I believe that already passphrase loss events are much more common than wallet thefts prevented by (or preventable by) encryption. Further optimizing for key loss over theft doesn't seem wise to me.

There is, in fact, an argument that as a whole wallet encryption is an anti-feature: that it causes much more loss than it prevents.  The destinction is that loss from forgetting keys (though it's well established that this happens constantly with users) leaves the user feeling like it's their fault and that they were in control; while wallet theft leaves most users (who've not yet really taken responsibility for their system security) feeling like the software is at fault; and so it's socially useful because it leaves people worrying about something they feel like they can control.   I don't know that I buy the argument, ultimately as software authors we're responsible to provide software the best looks out for the users interest. In this case there is a real tradeoff and no magic answer.

Electrum makes the user write down a randomly generated recovery code and re-enter it; and it does a fair amount of work in the UI to prevent the user from just copy/pasting it. It's a good approach, though it's hard to tell how effective it is because one element of failure modes where the user feels they are at fault is that they tend to not report them.

[jonas.schnelli]

Some additional thoughts/informations:

1) recovery phrase like the electrum does as greg mentioned (~bip39) in case you have lost your wallet (encrypted or unencrypted) requires a bip32 hd wallet: at the moment not supported by bitcoin core.

2) Current bitcoin-core always creates a unencrypted wallet at first start. If one decides to encrypt the wallet, all used private keys (`getnewaddress`, change addresses) where exposed plaintext over the wallet.dat file during the time between creation and encryption.

3) An encrypted wallet is basically not an encrypted wallet. Only private keys are encrypted. Public keys, wallet transactions, labels & comments are plaintext stored in wallet.dat.

[gmaxwell]

Some additional thoughts/informations:
1) recovery phrase like the electrum does as greg mentioned (~bip39) in case you have lost your wallet (encrypted or unencrypted) requires a bip32 hd wallet: at the moment not supported by bitcoin core.

As an aside, BIP39 is a poor design which was explicitly disowned by one of its original authors. It should not be used as a reference for useful behavior.

If one decides to encrypt the wallet, all used private keys (`getnewaddress`, change addresses) where exposed plaintext over the wallet.dat file during the time between creation and encryption.

This is potentially misleading, as may sound to some like you're saying keys resulting from getnewaddress after encryption were also exposed but this isnt the case. Only keys from before the encryption were previously exposed, for the obvious reason.

[dev_guru]

I believe that for a casual user, who doesn't stores many Bitcoins neither has advanced knowledge, the encryption is useless. And the people who need encryption know how to do it manually, therefore no pop-up is needed.

[jonas.schnelli]

Some additional thoughts/informations:
1) recovery phrase like the electrum does as greg mentioned (**~**bip39) in case you have lost your wallet (encrypted or unencrypted) requires a bip32 hd wallet: at the moment not supported by bitcoin core.

As an aside, BIP39 is a poor design which was explicitly disowned by one of its original authors. It should not be used as a reference for useful behavior.

Totally agree.

If one decides to encrypt the wallet, all used private keys (`getnewaddress`, change addresses) where exposed plaintext over the wallet.dat file during the time between creation and encryption.

This is potentially misleading, as may sound to some like you're saying keys resulting from getnewaddress after encryption were also exposed but this isnt the case. Only keys from before the encryption were previously exposed, for the obvious reason.

Thanks for precision.
Right, every address (including change addresses) generated "after" the encryption happened, was never exposed in a unencrypted wallet.

[SebastianJu]

I would add the question, why does the encryption not encrypt the whole wallet? The way it is now says "It is ok for everyone to see all the transactions and addresses, but he is not allowed to send." Why is that? Every bank account encrypts all. And you dont let someone look into your fiat wallet normally too.

So why is it ok with bitcoin wallets.

A side effect would be that you don't have to enter the password each time you want to send a transaction. Though a timer should be implemented in case you let the wallet open and leave the computer.

[achow101]

I would add the question, why does the encryption not encrypt the whole wallet? The way it is now says "It is ok for everyone to see all the transactions and addresses, but he is not allowed to send." Why is that? Every bank account encrypts all. And you dont let someone look into your fiat wallet normally too.

So why is it ok with bitcoin wallets.

A side effect would be that you don't have to enter the password each time you want to send a transaction. Though a timer should be implemented in case you let the wallet open and leave the computer.

It lets Bitcoin Core scan the blockchain for the transactions related to the addresses in the wallet since transactions aren't stored in the wallet. If it encrypted the addresses, then you would have to decrypt it in order to see how much Bitcoin you have. Besides, transactions and addresses are already public, so it doesn't hurt to leave them decrypted.

[shorena]

I would add the question, why does the encryption not encrypt the whole wallet? The way it is now says "It is ok for everyone to see all the transactions and addresses, but he is not allowed to send." Why is that? Every bank account encrypts all. And you dont let someone look into your fiat wallet normally too.

So why is it ok with bitcoin wallets.

A side effect would be that you don't have to enter the password each time you want to send a transaction. Though a timer should be implemented in case you let the wallet open and leave the computer.

The explanation for this I read in the past was that it would lead to less secure passwords. Consider you would have to enter your (e.g. 24+ symbol) password every time you start bitcoin core. Some of the devs believe that it would lead to people using less secure passwords in order to avoid the hassle. Without a second password it would also unlock the privat keys when they are not needed. I often open the wallet after I booted the machine and only close it when I shut it down, I would not want the private keys to be unencrypted durring that time unless I actually need them to be.

You can probably implement something like this if you put the wallet file into an encrypted container. That way you first have to open the container (outer password) or the bitcoin core would start with a newly created (or fake) wallet file and still have to use a second (inner) password when you sign / spend.

[gmaxwell]

I would add the question, why does the encryption not encrypt the whole wallet? The way it is now says "It is ok for everyone to see all the transactions and addresses, but he is not allowed to send." Why is that? Every bank account encrypts all. And you dont let someone look into your fiat wallet normally too.

So why is it ok with bitcoin wallets.

A side effect would be that you don't have to enter the password each time you want to send a transaction. Though a timer should be implemented in case you let the wallet open and leave the computer.

This would be a massive pratical loss of security for most users.

With the current configuration, entry of the password is authorization to send funds. You can't send funds accidentally. No misclicks or fooling around, or someone telling you to press something over the internet can result in you sending funds without realizing it.  If someone grabs your computer out of your hands or uses it while you've stepped away they will not have access to your funds.

The keys (or their equivilents) are not kept in memory; so if your wallet is encrypted and your system compromised while you're aware of it, you can rescue things by copying off the wallet and NOT entering the key after the compromise. (I've spoken to two people who mentioned being rescued by this, in fact.)

You are not forced to enter the keys at every startup (further exposing them to key loggers or people seeing you typing them). And you are not discouraged from entering in a strong password because you must type it frequently.

Meanwhile, there are two costs:  One has basically no marginal cost:  someone who compromises your computer (or steals it-- if you're not using disk encryption--) can tell what addresses are yours; but they can already tell this from your debug.log, swap file, browser cache, and 1001 other small places that data about your activities on your computer are left around.

The second is that backups aren't private and probably should be encrypted or stored on an encrypted disk.  This could be addressed by seperately completely encrypting backups. ::shrugs::

The comparison to a back isn't really a good parallel. Any computer in the world can connect to your bank website.  Access to your wallet metadata is gated by physical possession of the wallet file, which one normally can't get without access to your computer or your backups and if someone has access to that you've already substantially lost your privacy.

[SebastianJu]

I would add the question, why does the encryption not encrypt the whole wallet? The way it is now says "It is ok for everyone to see all the transactions and addresses, but he is not allowed to send." Why is that? Every bank account encrypts all. And you dont let someone look into your fiat wallet normally too.

So why is it ok with bitcoin wallets.

A side effect would be that you don't have to enter the password each time you want to send a transaction. Though a timer should be implemented in case you let the wallet open and leave the computer.

This would be a massive pratical loss of security for most users.

With the current configuration, entry of the password is authorization to send funds. You can't send funds accidentally. No misclicks or fooling around, or someone telling you to press something over the internet can result in you sending funds without realizing it.  If someone grabs your computer out of your hands or uses it while you've stepped away they will not have access to your funds.

The keys (or their equivilents) are not kept in memory; so if your wallet is encrypted and your system compromised while you're aware of it, you can rescue things by copying off the wallet and NOT entering the key after the compromise. (I've spoken to two people who mentioned being rescued by this, in fact.)

You are not forced to enter the keys at every startup (further exposing them to key loggers or people seeing you typing them). And you are not discouraged from entering in a strong password because you must type it frequently.

Meanwhile, there are two costs:  One has basically no marginal cost:  someone who compromises your computer (or steals it-- if you're not using disk encryption--) can tell what addresses are yours; but they can already tell this from your debug.log, swap file, browser cache, and 1001 other small places that data about your activities on your computer are left around.

The second is that backups aren't private and probably should be encrypted or stored on an encrypted disk.  This could be addressed by seperately completely encrypting backups. ::shrugs::

The comparison to a back isn't really a good parallel. Any computer in the world can connect to your bank website.  Access to your wallet metadata is gated by physical possession of the wallet file, which one normally can't get without access to your computer or your backups and if someone has access to that you've already substantially lost your privacy.

Thank you for your answer. It makes sense. Guess you cant have everything. I only imagine that it would be better that no one can see your riches that gets to your computer and opens your wallet. I mean how many bitcoiners have an encrypted OS? And if someone knows you have bitcoins and knows what a wallet is then he can simply check and maybe find out that someone is rich. Depending on the type of person that might lead to risks.

Maybe it was not the best idea to have a wallet and a node put together they way it is. Maybe the wallet feature should stay elsewhere and the node can support the network.

Guess im too tired to think clearly now.