Blockchain.info Database ?

[OmegaStarScream]

I know that online wallets aren't safe and they are hackable and stuff etc .. and I myself recommend people not to use them usually .
but when I created the account it says that they have no copie of our passwords and on this page : https://blockchain.info/wallet/new It says that "WARNING: Forgotten passwords are UNRECOVERABLE and will results in LOSS of ALL of your bitcoins!" then they have
"We require a password of at least 10 characters in length to ensure that even if our database is compromised your wallet will remain secure."

So I'am not sure if I'am missin something here but how come it's impossible to recover and they don't have copie of our passwords and on the same time ... their database can be compromised 

Unless they have only copie of hashed and encrypted passwords on their database ?

All those questions is because I have some 0.xx bitcoins on my Blockchain wallet and I printed them but it wouldn't make a lot of sense to make paper wallet if it's gonna get hacked online , right ?

TL;DR Basically I want to know how blockchain.info accounts can get hacked to make sure I will be safe 100% (how they are encrypted , stored etc .)

[1713522100]

1713522100

[1713522100]

1713522100

[1713522100]

1713522100

[bb2ebb]

it's right. all system is not safe  and then you are must creatively for make a system that's safe

[guitarplinker]

I think basically how it works is that they just store an encrypted wallet file on their servers. So if their database is ever hacked, then the hacker could (potentially) just run off with all the encrypted wallet files they have on their servers.

Why is it impossible to recover a wallet if you forget your password? That's how this system works - since the entire wallet is encrypted, there is no way to decrypt it without the password. So if the password is forgotten, there's no feasible way to crack into the wallet and change the passphrase it's encrypted with, since you'd be trying to crack present-day encryption. It's not like a normal website login, where if you forget your password, all that's needed to let you into your account again is a small change in the database to update your password.

As for storing your bitcoin on Blockchain.info I'd recommend against that. Take a look into a desktop wallet such as Electrum. It's small, efficient and I'd argue that it's more secure than Blockchain.info, since everything is completely under your control.

[OmegaStarScream]

I think basically how it works is that they just store an encrypted wallet file on their servers. So if their database is ever hacked, then the hacker could (potentially) just run off with all the encrypted wallet files they have on their servers.

Why is it impossible to recover a wallet if you forget your password? That's how this system works - since the entire wallet is encrypted, there is no way to decrypt it without the password. So if the password is forgotten, there's no feasible way to crack into the wallet and change the passphrase it's encrypted with, since you'd be trying to crack present-day encryption. It's not like a normal website login, where if you forget your password, all that's needed to let you into your account again is a small change in the database to update your password.

As for storing your bitcoin on Blockchain.info I'd recommend against that. Take a look into a desktop wallet such as Electrum. It's small, efficient and I'd argue that it's more secure than Blockchain.info, since everything is completely under your control.

I know about that (about using desktop wallet) , but I just wanted to know how they store to make sure that everything is ok because I put some Bitcoins little bit everywhere just to make sure I won't lose all at once in case something bad happens , I guess it's the wise thing to do .

So basically and if  iunderstood you right ... I can be safe from Online logging into my account 100% since I have 2FA (SMS on phone) however if their servers are hacked somehow then the hacker will own the wallet files and if my password is weak It will get cracked however if it's long and complicated then I'am safe 100% from anything ?

[guitarplinker]

I think basically how it works is that they just store an encrypted wallet file on their servers. So if their database is ever hacked, then the hacker could (potentially) just run off with all the encrypted wallet files they have on their servers.

Why is it impossible to recover a wallet if you forget your password? That's how this system works - since the entire wallet is encrypted, there is no way to decrypt it without the password. So if the password is forgotten, there's no feasible way to crack into the wallet and change the passphrase it's encrypted with, since you'd be trying to crack present-day encryption. It's not like a normal website login, where if you forget your password, all that's needed to let you into your account again is a small change in the database to update your password.

As for storing your bitcoin on Blockchain.info I'd recommend against that. Take a look into a desktop wallet such as Electrum. It's small, efficient and I'd argue that it's more secure than Blockchain.info, since everything is completely under your control.

I know about that (about using desktop wallet) , but I just wanted to know how they store to make sure that everything is ok because I put some Bitcoins little bit everywhere just to make sure I won't lose all at once in case something bad happens , I guess it's the wise thing to do .

So basically and if  iunderstood you right ... I can be safe from Online logging into my account 100% since I have 2FA (SMS on phone) however if their servers are hacked somehow then the hacker will own the wallet files and if my password is weak It will get cracked however if it's long and complicated then I'am safe 100% from anything ?

I wouldn't say that you'd ever be 100% secure, but by using 2FA and a secondary password you should be as secure as you can when using a BCI wallet.

But yes, if Blockchain.info was hacked and the hacker had a copy of your wallet file, there's a chance that your password could be cracked if it's weak, but even trying to crack something encrypted with 10 characters will take awhile on current hardware (as long as it isn't a dictionary word or in the list of top 100 used passwords). If you use a long and complicated password (say, 64 random characters or something like that) then there would be an extremely low chance that the hacker would ever be able to crack it.

[OmegaStarScream]

I think basically how it works is that they just store an encrypted wallet file on their servers. So if their database is ever hacked, then the hacker could (potentially) just run off with all the encrypted wallet files they have on their servers.

Why is it impossible to recover a wallet if you forget your password? That's how this system works - since the entire wallet is encrypted, there is no way to decrypt it without the password. So if the password is forgotten, there's no feasible way to crack into the wallet and change the passphrase it's encrypted with, since you'd be trying to crack present-day encryption. It's not like a normal website login, where if you forget your password, all that's needed to let you into your account again is a small change in the database to update your password.
As for storing your bitcoin on Blockchain.info I'd recommend against that. Take a look into a desktop wallet such as Electrum. It's small, efficient and I'd argue that it's more secure than Blockchain.info, since everything is completely under your control.

I know about that (about using desktop wallet) , but I just wanted to know how they store to make sure that everything is ok because I put some Bitcoins little bit everywhere just to make sure I won't lose all at once in case something bad happens , I guess it's the wise thing to do .

So basically and if  iunderstood you right ... I can be safe from Online logging into my account 100% since I have 2FA (SMS on phone) however if their servers are hacked somehow then the hacker will own the wallet files and if my password is weak It will get cracked however if it's long and complicated then I'am safe 100% from anything ?

I wouldn't say that you'd ever be 100% secure

Why not ? I mean you can't access unless you have my phone , no ? Unless there is a way to get my phone number without actually getting it or bypass it like hackers do on Gmail or some shit like that ...
Because on my country nobody use Bitcoin so no one will think on going to Blockchain.info at all .

[guitarplinker]

I wouldn't say that you'd ever be 100% secure

Why not ? I mean you can't access unless you have my phone , no ? Unless there is a way to get my phone number without actually getting it or bypass it like hackers do on Gmail or some shit like that ...
Because on my country nobody use Bitcoin so no one will think on going to Blockchain.info at all .

There would be a few ways that a hacker would be able to access your account. If you accidentally logged into a Blockchain.info phishing site for example, they'd instantly be able to log in and empty your balance even with 2FA. If you had a keylogger on your machine, that could be another potential access for hackers, but if you're smart about what you download, and that you're logging into the correct BCI and not a phishing site, you should be safe.

[Habeler876]

I wouldn't say that you'd ever be 100% secure

Why not ? I mean you can't access unless you have my phone , no ? Unless there is a way to get my phone number without actually getting it or bypass it like hackers do on Gmail or some shit like that ...
Because on my country nobody use Bitcoin so no one will think on going to Blockchain.info at all .

There would be a few ways that a hacker would be able to access your account. If you accidentally logged into a Blockchain.info phishing site for example, they'd instantly be able to log in and empty your balance even with 2FA. If you had a keylogger on your machine, that could be another potential access for hackers, but if you're smart about what you download, and that you're logging into the correct BCI and not a phishing site, you should be safe.

Both cloud and local wallets can be compromised, but i choose local one over the cloud alternative simply because it seams safer to me;
If your computer gets compromised with a trojan or similar mallware, your bitcoins are at stake regardless of the wallet you chose, but atleast with the local one
you are not expanding your circle of trust to third party service.

Hashing/encrypting wallet data on cloud wallet services doesn't ensure 100% security; bitcointalk user data was also hashed/encrypted, but still it was advised for users to change their passwords,
and there was a good reason for it.

[OmegaStarScream]

Thanks for both response guys , as I said I'am not worried about my phone number or paper wallet because no one on my country knows about bitcoin and chance that I'am going to meet one that actually do are so low so i guess im safe on that part .
for what comes to Two factor authentification you just told me what I needed to know exactly , basically if I only keep the paper wallet and I never connected to my Blockchain.info account again I should be safe aswell since keylogger will log if I type the info ty so much guys