Changing wallet password, what happens?

[william3489]

What happens if I change my wallet password but somebody has a copy of my wallet that was made before I changed my password?  Can they still spend my bitcoins with the old password and the old wallet copy?

[OmegaStarScream]

Yes, they could use the old password as long as they have the old wallet file (If the same private keys are there of course). So, If you changed your password and you still think that someone have the old wallet file, you should move bitcoins somewhere else.

[william3489]

Yes, they could use the old password as long as they have the old wallet file (If the same private keys are there of course).

Meaning what?  If I wanted to prevent this I would have to change my password, then create a new bitcoin address and send all the bitcoins to the new address?

How does one prevent that most easily?

[OmegaStarScream]

Yes, they could use the old password as long as they have the old wallet file (If the same private keys are there of course).

Meaning what?  If I wanted to prevent this I would have to change my password, then create a new bitcoin address and send all the bitcoins to the new address?

How does one prevent that most easily?

You didn't mention the wallet used here, some of them generate different addresses and still keep the private keys in one wallet.dat file. Again, If you think that someone have access to your old wallet.dat file + he might be able to get the password you should make a new wallet file (and not a new address only) with a new password and send everything there instead of just changing the password.

Simple steps to follow (whatever wallet you are using):

1. Install Mycelium in your android.
2. Run your wallet (from PC) and send all funds to your Mycelium.
3. Remove the old wallet and create a new one
4. Send from Mycelium to your new generated wallet on PC.

[william3489]

You didn't mention the wallet used here, some of them generate different addresses and still keep the private keys in one wallet.dat file. 4C.

Bitcoin core.

I am not worried, I am just wondering in theory how it works.

Kind of sounds like it's a bit pointless to change your wallet password.

[achow101]

The wallet.dat contains your private keys. When you change your password, the private keys you have already used stay in the wallet so that you can spend your Bitcoin. However the look-ahead keypool is refreshed so that any new addresses you request after the password change are not in the old wallet with the old private keys. This means that if you don't spend your Bitcoin after you change your password, anyone with a copy of the original wallet with the old password can still steal your Bitcoin if they have the old password.

[william3489]

Yes, they could use the old password as long as they have the old wallet file (If the same private keys are there of course).

Meaning what?  If I wanted to prevent this I would have to change my password, then create a new bitcoin address and send all the bitcoins to the new address?

How does one prevent that most easily?

You didn't mention the wallet used here, some of them generate different addresses and still keep the private keys in one wallet.dat file. Again, If you think that someone have access to your old wallet.dat file + he might be able to get the password you should make a new wallet file (and not a new address only) with a new password and send everything there instead of just changing the password.

Simple steps to follow (whatever wallet you are using):

1. Install Mycelium in your android.
2. Run your wallet (from PC) and send all funds to your Mycelium.
3. Remove the old wallet and create a new one
4. Send from Mycelium to your new generated wallet on PC.

Instead of doing all that could I not...

1) Move my current wallet file out of the Bitcoin data directory.

2) Restart bitcoin creating a new wallet.

3) Create a new address and save it.

4) Back up new wallet and put old wallet back.

5) Send to new wallet.

6) Remove old wallet and replace with new wallet.

[OmegaStarScream]

Yes, your method could work also, as long as you have the current backup then there is nothing to be afraid of while testing any other method, I just thought It would be best to use Mycelium as intermediator so you don't get confused in the process.

[DannyHamilton]

Instead of doing all that could I not...

1) Move my current wallet file out of the Bitcoin data directory.

2) Restart bitcoin creating a new wallet.

3) Create a new address and save it.

4) Back up new wallet and put old wallet back.

5) Send to new wallet.

6) Remove old wallet and replace with new wallet.

Instead of doing all that, you could...

1) Change your password.

2) Request a new receiving address from Bitcoin Core.

3) Send your entire Bitcoin Core balance to the new receiving address.

[calkob]

What happens if I change my wallet password but somebody has a copy of my wallet that was made before I changed my password?  Can they still spend my bitcoins with the old password and the old wallet copy?

That is defiantly a yes, the old wallet.dat file is encrypted using the old password, think about it the old backup file knows nothing of your new password or backup.  I would suggest deleting all previous copies of your wallet.dat file.

[william3489]

Instead of doing all that could I not...

1) Move my current wallet file out of the Bitcoin data directory.

2) Restart bitcoin creating a new wallet.

3) Create a new address and save it.

4) Back up new wallet and put old wallet back.

5) Send to new wallet.

6) Remove old wallet and replace with new wallet.

Instead of doing all that, you could...

1) Change your password.

2) Request a new receiving address from Bitcoin Core.

3) Send your entire Bitcoin Core balance to the new receiving address.

What is the practical difference between creating a new wallet and just requesting a new address and sending the coins to myself?  Will the program stop you from sending coins to yourself? 

Some responders obviously think it's better/safer to have a whole new wallet.  Is there any real practical difference?

[DannyHamilton]

What is the practical difference between creating a new wallet and just requesting a new address and sending the coins to myself?

Requesting a new address is a lot easier to do. It doesn't require you to move around your wallet.dat file and risk accidentally deleting or overwriting it.

Will the program stop you from sending coins to yourself? 

No.

Some responders obviously think it's better/safer to have a whole new wallet.  Is there any real practical difference?

If you start a new wallet, you won't be tempted to re-use one of those old (possibly compromised) addresses to receive bitcoins in the future.