People are asking all the time for encryption of their wallets and using TrueCrypt etc. And they think that it protects against certain attacks like Trojans, which it doesn't. This discussion shall result in a summary that explains noobs what encryption can do and what it can't.What is encryption?
Encryption is a tool to protect data. With an encryption scheme you can encrypt a file with a key. The desired result is that nobody is able to read that file without the key.Misconceptions that make encryption worthless
If you want to protect data via encryption, you have to make sure that this data does not exist anywhere outside the encrypted file. This is the hardest task of all and the error most people don't seem to see.
Cases associated with bitcoin where this is the case:
- If you encrypt an existing wallet, your old version may still be on disk. The only way to avoid that is wiping out the whole disk, or creating a new wallet inside the cryptographic container that never hits a disk unencrypted in its lifetime.
- Even if you avoided the first case: As long as your encrypted device or file is mounted, the data is not protected by encryption. The only protection is now policy enforcement (e.g. operating system prohibiting other users to access your files). There is no way around that, you have to decrypt the wallet to work with it. The only solution is a seperate wallet that is decrypted less often. There are many ways to enforce policies like installing a isolated machine or creating a seperate user account that does not run untrusted software. You can do it as secure as you want by investing the effort of using it. (Note: VM guests don't work at all, because VMs were never meant to protect guests against hosts, only the other direction makes sense.)
- Always assume: Malware can do anything you can do. The only thing that protects you is your decryption secret, but only as long as you don't decrypt the file. If you can use the wallet, why should a trojan not be able? In fact it always is. That's the problem the policy enforcement aims at: It makes sure that a trojan in your working space cannot access a wallet that is in an isolated space. There can still be flaws that could open a door for attackers around those policies, that's why there are those different methods proposed.
If you really want security, you have to accept the following principle:Always assume that it does not protect you unless you can really argue with certainty and in detail why it does prevent certain attacks.