Does wallet.dat ever expose private keys?

[oblivi]

Is there any chance that a hacker gets to see all of your private keys? or he would need to have a RAT installed on your computer and enter the "dumpprivkey" command on every address WHILE your Core client is opened and unlocked?

And the HD wallet.dat from Core does have a seed that could be hacked? (with all of your funds on it). Im still using the good ol wallet.dat (it shows HD is not enabled) and I was wondering about that..

[1715013124]

1715013124

[1715013124]

1715013124

[1715013124]

1715013124

[1715013124]

1715013124

[1715013124]

1715013124

[ranochigo]

Is there any chance that a hacker gets to see all of your private keys? or he would need to have a RAT installed on your computer and enter the "dumpprivkey" command on every address WHILE your Core client is opened and unlocked?

In all honesty, it really isn't that hard for a hacker to copy your wallet.dat remotely and enter the password he captured. You wouldn't even know it.

If your computer has a RAT or any malware in particular, everything about you is compromised. They can get it from memory but they would only get the encrypted keys till you unlock it.

And the HD wallet.dat from Core does have a seed that could be hacked? (with all of your funds on it). Im still using the good ol wallet.dat (it shows HD is not enabled) and I was wondering about that..

If you have a HD wallet, it would have the same seed till you change/set/remove the password. If any attacker gets any of your backups unencrypted/encrypted with weak password, then you're doomed.

However, without HD wallet, they can only, at most get 1000 addresses. Lets say you use it frequently and you had a backup 2 years ago that was compromised. As long as you have had 1000 transactions, your current Bitcoins remain safe, provided that you have no coins on older addresses.

[jnano]

If you have a HD wallet, it would have the same seed till you change/set/remove the password.

On each password change it adds a new seed, keeping the old ones?

[ranochigo]

If you have a HD wallet, it would have the same seed till you change/set/remove the password.

On each password change it adds a new seed, keeping the old ones?

On each password change, the client extracts all the used addresses and store them inside the wallet file. The new seed will be used to generate all future addresses.

[jnano]

You mean, old addresses are anyway kept as is (private keys, etc.), just the HD seed is not kept?
Why does changing the password require changing the seed?

[Thirdspace]

On each password change, the client extracts all the used addresses and store them inside the wallet file. The new seed will be used to generate all future addresses.

when the new password created and new seed used, how are old addresses/privkeys being stored?
are old privkeys saved unencrypted (no longer protected) or still encrypted with old password?
how can we sign transaction related to those old addresses if current password only work for new addresses generated from new seed?

[Quickseller]

If you are not using a HD wallet, anytime you sign a transaction, your wallet.dat will be unencrypted in RAM, or more specifically, the decryption key to decrypt the wallet.dat file will be in RAM, along with the private key(s) of what you are using to sign. If an attacker has access to your RAM when you are signing a transaction, all of your money is effectively stolen.


If you are using an HD wallet, anytime you sign a transaction, the private key(s) used to sign the transaction will be stored in RAM. An attacker could use the private key along with the xpubkey (which will always be in an unencrypted state), to be able to calculate the rest of your private keys in your wallet.


Also, an attacker is likely able to monitor what you enter into your keyboard, so they can get your passphraise anyway, so an attacker could simply copy your wallet.dat and use what you typed as your passphraise.

[Xynerise]

If you are using an HD wallet, anytime you sign a transaction, the private key(s) used to sign the transaction will be stored in RAM. An attacker could use the private key along with the xpubkey (which will always be in an unencrypted state), to be able to calculate the rest of your private keys in your wallet.

So if you are using a HD wallet and the hacker has your xpubkey and just one of your private keys then he will be able to hack all your bitcoin addresses from the seed?

[Quickseller]

If you are using an HD wallet, anytime you sign a transaction, the private key(s) used to sign the transaction will be stored in RAM. An attacker could use the private key along with the xpubkey (which will always be in an unencrypted state), to be able to calculate the rest of your private keys in your wallet.

 
So if you are using a HD wallet and the hacker has your xpubkey and just one of your private keys then he will be able to hack all your bitcoin addresses from the seed?

He may be able to calculate the rest of your private keys based on this information. A hacker could also simply get your xprivkey if he is aware of what you type for your passphraise.

[cellard]

If you are not using a HD wallet, anytime you sign a transaction, your wallet.dat will be unencrypted in RAM, or more specifically, the decryption key to decrypt the wallet.dat file will be in RAM, along with the private key(s) of what you are using to sign. If an attacker has access to your RAM when you are signing a transaction, all of your money is effectively stolen.


If you are using an HD wallet, anytime you sign a transaction, the private key(s) used to sign the transaction will be stored in RAM. An attacker could use the private key along with the xpubkey (which will always be in an unencrypted state), to be able to calculate the rest of your private keys in your wallet.


Also, an attacker is likely able to monitor what you enter into your keyboard, so they can get your passphraise anyway, so an attacker could simply copy your wallet.dat and use what you typed as your passphraise.

So this sounds like the old wallet.dat format in bitcoin core is safer than the new HD wallet.dat? I think achow101 said that the new HD wallet.dat is safer or at least has no drawbacks compared to the old wallet.dat format and now im not sure anymore. I haven't still updated my old wallet.dat into HD format, because I didn't want to pay the fees to move my funds into a new wallet, but the new 0.16 version will conver the old wallet.dat format into the new HD format, and now im sure if I really want that or not...


In any case im moving a fully air gapped linux laptop as soon as possible to never expose my keys to the internet.

[jnano]

So this sounds like the old wallet.dat format in bitcoin core is safer than the new HD wallet.dat?

Also in the older wallet format it pre-generates keys ahead of their use. I think with default settings it was 100 keys, then changed to 1000 in a newer version. So even an old stolen wallet.dat would compromise a lot. Still, a good point about HD wallets.

[nc50lc]

While the wallet.dat can't be cracked itself, there are some silly methods to get your wallet password if you are an unwary Windows user.
In Windows there are more security risk to look after, example:
->The hacker might already included a KeyLogger before stealing the wallet.dat.
->Some are producing "activators" which are available all over the net (these activate paid versions if windows). There are other Computer Technicians that blindly using these to "format" PC's they are servicing, making the whole operating system compromised.

But the wallet.dat doesn't expose your pvtkeys since these are encrypted with you password. Bruteforcing works but requires more computing power (supercomputer) the longer the password.

[Quickseller]

If you are not using a HD wallet, anytime you sign a transaction, your wallet.dat will be unencrypted in RAM, or more specifically, the decryption key to decrypt the wallet.dat file will be in RAM, along with the private key(s) of what you are using to sign. If an attacker has access to your RAM when you are signing a transaction, all of your money is effectively stolen.


If you are using an HD wallet, anytime you sign a transaction, the private key(s) used to sign the transaction will be stored in RAM. An attacker could use the private key along with the xpubkey (which will always be in an unencrypted state), to be able to calculate the rest of your private keys in your wallet.


Also, an attacker is likely able to monitor what you enter into your keyboard, so they can get your passphraise anyway, so an attacker could simply copy your wallet.dat and use what you typed as your passphraise.

So this sounds like the old wallet.dat format in bitcoin core is safer than the new HD wallet.dat? [...]

I would disagree with this statement. An attacker who is able to access your RAM is almost certain to be able to determine all of your private keys in your wallet regardless of if you are using an HD wallet or not.

An HD wallet is much easier to backup and once you generate the seed (and back it up), you will have all the private keys you will ever need to spend funds from your wallet. With a 'traditional' wallet.dat wallet, you will need to backup your wallet at least once every 100 transactions, or else you will risk losing access to some of your funds, and the process of backing up your wallet is not without risks.

[jnano]

I would disagree with this statement. An attacker who is able to access your RAM is almost certain to be able to determine all of your private keys in your wallet regardless of if you are using an HD wallet or not.

The point is that with an HD wallet seed, an attacker would also know all your future keys. With non-HD he will only have the keypool.
But the difference could be academic to most people, since the default keypool is now 1000 keys.

In Windows there are more security risk to look after, example:
->The hacker might already included a KeyLogger before stealing the wallet.dat.

How is that unique to Windows?

[Quickseller]

I would disagree with this statement. An attacker who is able to access your RAM is almost certain to be able to determine all of your private keys in your wallet regardless of if you are using an HD wallet or not.

The point is that with an HD wallet seed, an attacker would also know all your future keys. With non-HD he will only have the keypool.

True, but unless you are specifically targeted as someone receiving a large amount of bitcoin in the future, this probably will not make a difference. If bitcoin disappears from your wallet unexpectedly, you absolutely should not continue using that wallet. 

[jnano]

Yes, it would surely depend both on the user and attacker. The assumption here is that an attacker will sit and wait for a big transaction, even if that means ignoring 100 or 1000 transactions before it. With non-HD there's at least a limit to how much into the future the risk exists.

I do wonder if a default keypool of 1000 (in non-HD) is a good or bad thing for most users. Or if HD is a good thing.

[Quickseller]

I do wonder if a default keypool of 1000 (in non-HD) is a good or bad thing for most users. Or if HD is a good thing.

For most users, a HD wallet will be better. They will only need to backup the wallet once verses having to back it up at least every 100 (or 1000) transactions.

[shensu]

If a wallet is not encrypted, then the private keys are visible. If it is encrypted, the attacker would need the password or powerful means to break the encryption.

[cellard]

Yes, it would surely depend both on the user and attacker. The assumption here is that an attacker will sit and wait for a big transaction, even if that means ignoring 100 or 1000 transactions before it. With non-HD there's at least a limit to how much into the future the risk exists.

I do wonder if a default keypool of 1000 (in non-HD) is a good or bad thing for most users. Or if HD is a good thing.

Good points. I've seen several people question if HD wallet is adds vulnerability or not. Looks like the very early format had a keypool of 100, then of 1000, and then finally HD.

From what I've read, "dumpwallet" will indeed dump your HD seed on the console, so if a hacker gets that.. it's over. Your wallet is compromised forever.

The solution may be to just buy a laptop, airgap it (get rid of all potential communication devices), install linux on it, and then create a brand new wallet.dat there, and use it as cold storage. Then in another laptop, use another install of Bitcoin Core for watch only addresses. This is my plan and what im learning to do. Im going to practice with testnet coins, since if you don't know exactly what you are doing with rawtransactions, you may send an huge fee for example. So I want to be sure first, and do with testnet coins with 2 computers, once I have this figured out, I will transition to airgap setup. It is the best in my opinion. It's the only way to be sure that your private keys never see the internet, and you can still continue using Bitcoin Core software. I just wish devs added GUI support for this. I think Armory got this, but I want to keep using Core, I don't want to learn some brand new software, and I don't trust anything but Core software to be honest..

[Oceat]

If a wallet is not encrypted, then the private keys are visible. If it is encrypted, the attacker would need the password or powerful means to break the encryption.

Every wallet is encrypted specially the wallet.dat, so no attacker can brute force or decrypt your wallet.dat unless if the attacker already planted some malware to your computer then you are really DOOMED. Some professional programmer can decrypt it if they were working with these application before but i guess they shouldn't do it unless they were told. They should change their OS into LINUX or MAC so that the attacker won't have an easy way to get their wallet then.