Bitcoin Forum
December 08, 2016, 02:39:40 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Wallet.dat Private Key Security Suggestion :-)  (Read 778 times)
dbit2011
Newbie
*
Offline Offline

Activity: 6


View Profile
June 06, 2011, 05:02:07 AM
 #1

Hi Guys,

I am not sure if this has already been discussed, or slated for implementation, if so please forgive my redundant post.

I have an idea about how we can secure wallet.dat somewhat against theft (ie. copy of the file).

Why not implement AES encryption of the private keys stored in there?
(no point protecting public keys, as balance information is public anyway)

a) Everytime a new ID is generated and everytime someone wants to send a transaction, why not have the client ask for a password to encrypt/decrypt the private key as appropriate?

b) During encryption/decryption, the supplied password is hashed and then the hash is used to encrypt/decrypt.

c) This way even if the wallet is stolen, no one can spend any of your money (which is the most important thing) which should discourage wallet.dat theft.

d) Furthermore, in the software it would be a good idea to make sure that once the id generation/send transaction process completes, all traces in memory of the unencrypted private key, password and password hash are zeroed out.

What do you guys think about this?

I think such a feature will help with mass adoption, because it would say to the average user, you can copy my wallet all you want, but you can't spend anything in it.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
twmz
Hero Member
*****
Offline Offline

Activity: 737



View Profile
June 06, 2011, 05:17:58 AM
 #2

Already proposed and coded.  Just waiting on additional testing (you can help) and approval to merge into the main client:

http://forum.bitcoin.org/index.php?topic=8728.0

Was I helpful?  1TwmzX1wBxNF2qtAJRhdKmi2WyLZ5VHRs
WoT, GPG

Bitrated user: ewal.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!