Bitcoin Forum
September 23, 2018, 05:52:20 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: What does the new BitPay wallet vulnerability mean?  (Read 47 times)
Nubitcoinerr
Sr. Member
****
Offline Offline

Activity: 345
Merit: 254



View Profile
February 01, 2018, 08:40:53 AM
Merited by DannyHamilton (2), achow101 (2)
 #1

https://blog.bitpay.com/wallet-spending-password-vulnerability/

Is it just making a big deal out of nothing?

From my understanding, it's saying that there is a slight period of time which a private key is "unencrypted" on one's device. So what is the big deal? That's assuming one's device has a malware that is specifically looking for bitpay's private keys right? And once you encrypt it than any malware attempts would be useless. Correct?


Make a difference with your Ether.
Donate Ether for the greater good.
SPRING.WETRUST.IO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537681940
Hero Member
*
Offline Offline

Posts: 1537681940

View Profile Personal Message (Offline)

Ignore
1537681940
Reply with quote  #2

1537681940
Report to moderator
1537681940
Hero Member
*
Offline Offline

Posts: 1537681940

View Profile Personal Message (Offline)

Ignore
1537681940
Reply with quote  #2

1537681940
Report to moderator
codewench
Member
**
Offline Offline

Activity: 93
Merit: 29


View Profile
February 01, 2018, 09:48:27 AM
Merited by Foxpup (2), DannyHamilton (2), achow101 (2)
 #2

https://blog.bitpay.com/wallet-spending-password-vulnerability/

Is it just making a big deal out of nothing?

It sounds like the old software performed these steps when creating a new wallet: Generated keys/address/etc. and wrote this data to a new wallet file. Read the file back in, applied the encryption password, and wrote the data back into the same file.

This means that for a brief instant, the file contained unencrypted data stored on your drive. Additionally, there are two long term vulnerabilities:

1. Depending on the OS and file system, the second write might go to a new logical allocation block on the drive. Thus the data in the old block remains - waiting for a file recovery program to sleuth it out.

2. If you are using an SSD, then by their nature, the second write goes to a new sector. The old sector gets added to the queue of sectors waiting to get bulk erased to ready them for another write. Once again it may be possible to read every physical sector looking for keys.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!