suggestion for client: random/custom wallet.dat filename

[quattro]

An added layer of security would be the ability to create custom and random wallet.dat filenames.

If someone was able to compromise a machine running the bitcoin client, it wouldn't be as easy as searching for the standard filename.

And while we're at it ... how about some encryption. 

[jackjack]

Next release will include wallet encryption
But I don't believe it will include custom filenames

[BookLover]

This seems so simple that I would immediately think it's a horrible idea, but I can't think of a way to easily get around it and it would stop a lot of old trojans. Awesome idea quattro! (I can't wait to see what someone who knows what he's doing says)

[Raoul Duke]

An added layer of security would be the ability to create custom and random wallet.dat filenames.

If someone was able to compromise a machine running the bitcoin client, it wouldn't be as easy as searching for the standard filename.

And while we're at it ... how about some encryption. 

Would it randomize file extension(.dat) also? And what about a custom folder/path  instead of %appdata%\Bitcoin\, wouldn't that be needed as well?

[ffuentes]

Does anybody else seen this (project of) client? http://bitco.tumblr.com/

[jackjack]

An added layer of security would be the ability to create custom and random wallet.dat filenames.

If someone was able to compromise a machine running the bitcoin client, it wouldn't be as easy as searching for the standard filename.

And while we're at it ... how about some encryption.  

Would it randomize file extension(.dat) also? And what about a custom folder/path  instead of %appdata%\Bitcoin\, wouldn't that be needed as well?

I made a fork of bitcoin which only difference with it is taking a -wallet flag as the filename of your wallet, so if you absolutely need to use a file other than 'wallet.dat', you may want to try it (github)
For example, ./bitcoin -wallet wal.bc will use the file wal.bc instead of wallet.dat as its wallet

To use another directory, just use the official client's -datadir flag

[quattro]

An added layer of security would be the ability to create custom and random wallet.dat filenames.

If someone was able to compromise a machine running the bitcoin client, it wouldn't be as easy as searching for the standard filename.

And while we're at it ... how about some encryption. 

Would it randomize file extension(.dat) also? And what about a custom folder/path  instead of %appdata%\Bitcoin\, wouldn't that be needed as well?

Ummm ... you should have already installed it a directory other than the default.   

I don't think it needs to randomize the file extension ... .dat is common enough.

Again, this isn't meant to be foolproof.  You'd be surprised how a lot of simple things can thwart even the most sophisticated attacks.

[quattro]

This seems so simple that I would immediately think it's a horrible idea, but I can't think of a way to easily get around it and it would stop a lot of old trojans. Awesome idea quattro! (I can't wait to see what someone who knows what he's doing says)

Hi BookLover,

It's just one layer of an extensive approach to securing bitcoins.  My suggestion merely makes it a bit harder for low level attacks to be successful.

[RaTTuS]

security by obscurity is no security at all

[wumpus]

Firefox also does this; they use a random directory name for the profile directory, to prevent automated stealing attacks that have hardcoded paths.

[quattro]

security by obscurity is no security at all

This is true only if obscurity is the only means of security.

[Johnny-Gear]

This idea definitely has value and could work with some attacks.

I would categorise Bitcoin enthusiasts and anyone coming after their loot as having a higher than average level of technical sophistication though, and if it were me coming after a wallet file, I would probably be looking for flags like -wallet as well as default file locations.

In short, I think wallet encryption should be the highest priority security measure for any wallet.

Just my 2 cents.

JG

[BTC_Junkie]

Next release will include wallet encryption
But I don't believe it will include custom filenames

Anyone know the eta on this? I feel like I've been hearing about It for a while.

[SgtSpike]

security by obscurity is no security at all

Not true.  I don't know why people keep throwing this quote around, but it's simply not true.

It is easier to steal a file of known filename and location, than it is to steal a file of unknown filename and unknown location.

I wouldn't rely solely on security by obscurity, but it is certainly better than "no security at all."  It DOES help.

OP, great idea.  I like it. 

[Gavin Andresen]

-wallet=foo.dat  command-line param would be easy (unless you allow an absolute path, in which case the code that detects whether two instances of bitcoind are trying to write to the same wallet would have to be changed).

But if you pass it on the command-line, then wallet-stealers can just adapt and look in the process list to figure out where the wallet is.  If you put it in the bitcoin.conf then the wallet-stealers can also look in the bitcoin.conf to figure out where it is.

I like the 'deterministic wallet' idea that's been floating around (enter a password passphrase at startup, and keys are magically derived from that password passphrase and never touch the disk at all).

Seems like there would be a clever way of combining that with white-box cryptography to make the private keys extremely trojan-resistant.

In which case the wallet-stealers will just rewrite the bitcoin address/amount after you press the "send coins" button...
Edited to replace 'password' with 'passphrase'

[aq]

I like the 'deterministic wallet' idea that's been floating around (enter a password at startup, and keys are magically derived from that password and never touch the disk at all).

Bitcoins would essentially become a race between people running dictionary attacks. The funny part would be that even the thief would not know whos bitcoins he just got.

[SgtSpike]

-wallet=foo.dat  command-line param would be easy (unless you allow an absolute path, in which case the code that detects whether two instances of bitcoind are trying to write to the same wallet would have to be changed).

But if you pass it on the command-line, then wallet-stealers can just adapt and look in the process list to figure out where the wallet is.  If you put it in the bitcoin.conf then the wallet-stealers can also look in the bitcoin.conf to figure out where it is.

I like the 'deterministic wallet' idea that's been floating around (enter a password passphrase at startup, and keys are magically derived from that password passphrase and never touch the disk at all).

Seems like there would be a clever way of combining that with white-box cryptography to make the private keys extremely trojan-resistant.

In which case the wallet-stealers will just rewrite the bitcoin address/amount after you press the "send coins" button...
Edited to replace 'password' with 'passphrase'

I completely agree, BUT it would eliminate the trojans that simply look for a file named wallet.dat.  One extra step is one extra step.  Maybe that means one less trojan would be written, because the trojan writer is noob enough to not know how to look at params in the process list.

Interesting thoughts regarding the deterministic wallet idea.  I don't quite understand how that would work, but it does sound like it would be loads more secure than the current solutions.  Well, as long as people used extremely secure passphrases, or people could brute-force their way into finding bitcoin wallets, as aq pointed out.