Increasing the number of keys in key pool

[runeks]

Make it simple:

Warning: After encryption, make a backup of your new wallet and discard all previous backups. See *insert*webpage* for detailed explanation.

You have 17.29382 bitcoins from your previous unencrypted wallet, would you like to send them to a new address in your new encrypted wallet? (click yes / no / maybe / i'm not sure.)

My current level of Satoshi client patching is "MODYFYING STRINGS", so while this is definitely a good idea (and should probably be done by default), I can't implement that with my current knowledge.

[1715474124]

1715474124

[1715474124]

1715474124

[1715474124]

1715474124

[BC12345]

1. +1 to this whole backup/encrypt wallet issue. I think this is really important, especially to people who are new with bitcoins (but apparently not only for them)

2. I do not think that flushing the key pool when the wallet is encrypted is a good idea. I understand why it's done, but when a program gives you the option to encrypt something I expect it to do right that: encrypt. I don't expect it to somehow modify/change my data.

The keys existed on your disk in an unencrypted state.  They are not safe, they should not be used.  Marking them and generating new ones is the right thing to do.  Key encryption has been around for something like a year, and we are just now noticing that a few people have lost keys in strange situations.

It seems like no one is sharing my opinion here, still I would like to explain why I think it would be better to simply encrypt the wallet without changing anything else:

- the argument is that all keys that existed unencrypted are considered "not safe", but the keys for addresses that have allready received coins still exist in the encrypted wallet. So your security situation has not improved until you send coins from the encrypted wallet and even then only the change from the transaction is "safer" than before.

- the procedure as it is now complicates things. For example, I can make backups from an unencrypted wallet and encrypt this backups later and everything will be fine (because the old key pool still exists in the encrypted wallets but is marked "unsafe"). But if I make my backups and then encrypt my "main" wallet", I risk losing coins should I ever need my backups. (By the way, this is what I would like to have: encrypted main wallet and unencrypted backups)
Of course a message after the encryption will improve the situation but my concern is that people will either ignore this message or they might mistake it in a way that they assume that their wallet is automatically safer now and they don't have to take care of old unencrypted backups (and delete them).

[runeks]

[...] Of course a message after the encryption will improve the situation but my concern is that people will either ignore this message or they might misstake it in a way that they assume that their wallet is automatically safer now and they don't have to take care of old unencrypted backups (and delete them).

I think it's a valid concern that users might read the part of the message that says "[...] previous backups of the unencrypted wallet file will become useless as soon as you start using the new, encrypted wallet." as meaning that the unencrypted backup is now of no use for a hacker if one were to get hold of it, instead of meaning that the backup cannot be relied upon as a replacement for the encrypted wallet.

The thing is, we need to convey both the following facts, without confusing the user too much:

1. The user cannot rely on the old, unencrypted backups as a replacement for the new, encrypted wallet file
2. At the same time, the old, unencrypted backup can still contain keys that are in use with the encrypted wallet

I think the best solution, as has been mentioned, is simply to move over all coins, that are associated with the keys from the unencrypted backup, to a new key from the encrypted wallet. Would there be any problems in doing this (besides finding someone to implement it)?

How about changing the message to the following as step in the right direction for now?:

IMPORTANT: Any previous backups you have made of your wallet file should be replaced with the newly generated, encrypted wallet file. Backups made from the old, unencrypted wallet file cannot be relied upon as a replacement for the new, encrypted wallet. However, any backups of the old, unencrypted wallet file might contain sensitive information about addresses that are still in use, so it is important that they are removed from any unsafe storage locations. If you have not manually made backups of your wallet file before encrypting it, you can safely ignore this message.

[Dabs]

Since we are talking mostly about new users, they will not have any wallet yet at all.

How about giving them the option to start with an encrypted wallet? From the start? New User!

Or, without any other data, on a freshly installed computer, allow the client the option to NOT create a wallet or NOT to use a wallet at all. New users will not be generating coins. New users just need to download the block chain, and you don't need a wallet for this. Besides, new users will probably not have any coins to begin with.

And old users (or experienced users) may want to start like new. New computer, new OS, new bitcoin client, new wallet that is already encrypted. So there would never be an unencrypted wallet at all.

[janos666]

I just hacked together a quick patch in this pull request: https://github.com/bitcoin/bitcoin/pull/1890
Here's what the dialog looks like now:

If the devs wish they can make the text red.

And this is very misleading because if somebody copies your wallet.dat before you encrypt is, he will still be able to spend the coins you have on your addresses which are not empty and thus not purge during the encryption process (otherwise, you would obviously loose your coins...).

I think this is actually worse than having no further notes after finishing the encryption.

This text should be reviewed!

[CIYAM]

IMO instructions should be something like:

1. Keep backup of wallet prior to encryption in case anything goes wrong.

2. Encrypt wallet (and *verify* that you know your pass phrase).

3. Backup encrypted wallet (don't throw away the old backup when doing this and make more than one such new backup).

4. Verify that the new backup works and that you still "know your pass phrase".

5. Once satisfied your new backups are find and that *know* your pass phrase then for better security send your entire balance to a "new addresses" (after this point the "old backup" will be useless).

[Dabs]

Wow, necro! hehehehe..

What I plan to do now is maybe make a new wallet once a year. With the just released 0.9.0 core client, you can use a brand new wallet by using the -wallet switch. If you're like me, you might want to put either zero keypool, or keep it at 100.

I just simply archive my old wallets, keeping them safe, just in case coins get sent there. What I will probably do is create a plain-text backup of all the private keys so I can import them any time, and use blockchain or an app to check on address balances every now and then.