Bitcoin Forum
October 17, 2017, 12:09:45 PM *
News: Latest stable version of Bitcoin Core:  [Torrent]. (New!)
   Home   Help Search Donate Login Register  
Pages: [1]
Author Topic: Wallet.dat Private Key Security Suggestion :-)  (Read 838 times)
Offline Offline

Activity: 6

View Profile
June 06, 2011, 05:02:07 AM

Hi Guys,

I am not sure if this has already been discussed, or slated for implementation, if so please forgive my redundant post.

I have an idea about how we can secure wallet.dat somewhat against theft (ie. copy of the file).

Why not implement AES encryption of the private keys stored in there?
(no point protecting public keys, as balance information is public anyway)

a) Everytime a new ID is generated and everytime someone wants to send a transaction, why not have the client ask for a password to encrypt/decrypt the private key as appropriate?

b) During encryption/decryption, the supplied password is hashed and then the hash is used to encrypt/decrypt.

c) This way even if the wallet is stolen, no one can spend any of your money (which is the most important thing) which should discourage wallet.dat theft.

d) Furthermore, in the software it would be a good idea to make sure that once the id generation/send transaction process completes, all traces in memory of the unencrypted private key, password and password hash are zeroed out.

What do you guys think about this?

I think such a feature will help with mass adoption, because it would say to the average user, you can copy my wallet all you want, but you can't spend anything in it.

Hero Member
Offline Offline

Posts: 1508242185

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Hero Member
Offline Offline

Activity: 737

View Profile
June 06, 2011, 05:17:58 AM

Already proposed and coded.  Just waiting on additional testing (you can help) and approval to merge into the main client:

Was I helpful?  1TwmzX1wBxNF2qtAJRhdKmi2WyLZ5VHRs

Bitrated user: ewal.
Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!