removed

[THeZoiD]

removed

[Abdussamad]

  * Asymmetric wallet file encryption: A keypair is derived from the
    wallet password. Once the wallet is decrypted, only the public key
is retained in memory, in order to write the encrypted file.

What is the advantage of this over the earlier symmetric encryption?

[mocacinno]

Seems like a malicious url!!!

URL REMOVED SO IT CAN'T BE PICKED UP BY CRAWLERS != https://github.com/spesmilo/electrum

The real git repo is https://github.com/spesmilo/electrum
If in doubt, visit https://electrum.org/#home and click the github icon at the top right corner!!!

[Abdussamad]

Seems like a malicious url!!!

good catch. i used a bookmark so i didn't notice that. you should remove the fake url from your quote. we don't want it to show up in google results now do we?

the release notes are correct though:

https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

So I'm still left wondering what benefit using public key crypto to encrypt the wallet seed has over the old aes way?

[shorena]

-snip-
So I'm still left wondering what benefit using public key crypto to encrypt the wallet seed has over the old aes way?

No private key in memory needed to add more data.

[Abdussamad]

-snip-
So I'm still left wondering what benefit using public key crypto to encrypt the wallet seed has over the old aes way?

No private key in memory needed to add more data.

But you are not writing encrypted data most of the time. The only thing encrypted with the password is the seed and any imported private keys. The  seed is generated once at wallet creation, encrypted and stored. Same goes for private keys at the time of import. You only need the password for signing transactions and you will still need that even if you use public key crypto.

[shorena]

-snip-
So I'm still left wondering what benefit using public key crypto to encrypt the wallet seed has over the old aes way?

No private key in memory needed to add more data.

But you are not writing encrypted data most of the time. The only thing encrypted with the password is the seed and any imported private keys. The  seed is generated once at wallet creation, encrypted and stored. Same goes for private keys at the time of import. You only need the password for signing transactions and you will still need that even if you use public key crypto.

Just did a quick check searching for keywords in the repo, but it looks like this changed or will so in the future.

Look at the wording of this dialog -> https://github.com/spesmilo/electrum/blob/fcc92c1ebdee77a4a414384f23f85d37152fbe7b/gui/qt/password_dialog.py#L175

[Abdussamad]

-snip-
So I'm still left wondering what benefit using public key crypto to encrypt the wallet seed has over the old aes way?

No private key in memory needed to add more data.

But you are not writing encrypted data most of the time. The only thing encrypted with the password is the seed and any imported private keys. The  seed is generated once at wallet creation, encrypted and stored. Same goes for private keys at the time of import. You only need the password for signing transactions and you will still need that even if you use public key crypto.

Just did a quick check searching for keywords in the repo, but it looks like this changed or will so in the future.

Look at the wording of this dialog -> https://github.com/spesmilo/electrum/blob/fcc92c1ebdee77a4a414384f23f85d37152fbe7b/gui/qt/password_dialog.py#L175

Maybe now electrum will hide the wallets contents until you enter a password. I can see a few instances where this might be a good idea:

- There were some users who complained that anyone with access to the wallet file could see the balance and transactions. The advice for such users has always been to use the multiuser functionality of their OS if they don't want other people seeing their files. Now they have another option.

- Then there were those users who received money to their wallets but when they went to spend it they found that they didn't know the password and neither did they have the seed. A few of them have complained here that they shouldn't be allowed to receive money into a wallet when they can't spend it. If the whole wallet is encrypted then they can't see their receiving addresses and so can't lose their money!

[kolloh]

- Then there were those users who received money to their wallets but when they went to spend it they found that they didn't know the password and neither did they have the seed. A few of them have complained here that they shouldn't be allowed to receive money into a wallet when they can't spend it. If the whole wallet is encrypted then they can't see their receiving addresses and so can't lose their money!

Yeah, that would certainly help as I've seen quite a number of users receive coins to a wallet that they can't send from. Encrypting the entire wallet would certainly help in this regard.

[Abdussamad]

- Then there were those users who received money to their wallets but when they went to spend it they found that they didn't know the password and neither did they have the seed. A few of them have complained here that they shouldn't be allowed to receive money into a wallet when they can't spend it. If the whole wallet is encrypted then they can't see their receiving addresses and so can't lose their money!

Yeah, that would certainly help as I've seen quite a number of users receive coins to a wallet that they can't send from. Encrypting the entire wallet would certainly help in this regard.

looks like it is as i suspected. 2.8.0 has been released and if you set a password for your wallet then the wallet cannot be viewed until the password is provided.

[kolloh]

- Then there were those users who received money to their wallets but when they went to spend it they found that they didn't know the password and neither did they have the seed. A few of them have complained here that they shouldn't be allowed to receive money into a wallet when they can't spend it. If the whole wallet is encrypted then they can't see their receiving addresses and so can't lose their money!

Yeah, that would certainly help as I've seen quite a number of users receive coins to a wallet that they can't send from. Encrypting the entire wallet would certainly help in this regard.

looks like it is as i suspected. 2.8.0 has been released and if you set a password for your wallet then the wallet cannot be viewed until the password is provided.

Oh that is good news. I haven't had a chance to try out the new version yet. Does it only apply to new wallets with a password or to existing wallets with a password as well?

[Abdussamad]

- Then there were those users who received money to their wallets but when they went to spend it they found that they didn't know the password and neither did they have the seed. A few of them have complained here that they shouldn't be allowed to receive money into a wallet when they can't spend it. If the whole wallet is encrypted then they can't see their receiving addresses and so can't lose their money!

Yeah, that would certainly help as I've seen quite a number of users receive coins to a wallet that they can't send from. Encrypting the entire wallet would certainly help in this regard.

looks like it is as i suspected. 2.8.0 has been released and if you set a password for your wallet then the wallet cannot be viewed until the password is provided.

Oh that is good news. I haven't had a chance to try out the new version yet. Does it only apply to new wallets with a password or to existing wallets with a password as well?

If you have an existing wallet with a password set then only the seed is encrypted and the wallet contents can be viewed. In order to encrypt the whole file you have to go to wallet menu > password. This is actually the password change window but it can be used to encrypt the wallet file too. Enter your old password 3 times (old, new, confirm new) and make sure that "encrypt wallet" file is checked. Click on OK and it'll encrypt the whole wallet.