keeping old wallet files dangerous ?

[petermeuris]

Hello all,

I was just wondering. I upgraded my client to 0.4, and encrypted my wallet.
Should I keep the older wallet files ? Like a month old, or is it dangerous ?
I mean can somebody get the BTC out, starting from an older  wallet file ?

Thanks for explaining,

Peter

[1714021579]

1714021579

[kokjo]

yes! its danrouruse in that sense. BUT i think its more dangerouse to not have a secure plaintext copy...

the keys in the old wallet is the same keys that is in the encrypted wallet.

[kokjo]

no it is not.

yes it is, the private keys are still unencrypted in the old wallet.
anyone who can get their hands on his keys, is able to spend his btc.

[Stephen Gornick]

I was asking for suggestions here:
 - http://bitcoin.stackexchange.com/questions/1243/can-i-force-my-wallet-to-only-have-news-keys-post-encryption


I suspect the best way to be fully protected will be to create a new wallet and send all the coins to the new wallet.

[fireball500]

I like that 0.4 has encryption but I've been hesitant to update because it seems like it would be a pita to use

[memvola]

Should I keep the older wallet files ? Like a month old, or is it dangerous ?
I mean can somebody get the BTC out, starting from an older  wallet file ?

Not only the keys are the same, there is also a pool of 100 "future" keys that are kept in your old wallet, so the next 100 keys you generate using your encrypted wallet are already contained in the old one.

I don't like deleting backups. Anything can happen, the new encryption feature can fail, you can forget your password, etc. Just create an encrypted backup of your old wallet.dat instead of deleting it (preferably using a different passphrase). I use gpg, just because it's very handy. Keeping cleartext backups of your wallet is not a very good idea anyway.

[Maged]

I remember seeing somewhere that a new keypool is created after you encrypt your wallet, but I can't find it anymore. I also can't find anything like that in the code, but it's quite possible that I'm looking in the wrong place.

[memvola]

I remember seeing somewhere that a new keypool is created after you encrypt your wallet, but I can't find it anymore. I also can't find anything like that in the code, but it's quite possible that I'm looking in the wrong place.

I just tested it, doesn't seem to be the case. I created a new wallet, backed it up, encrypted it and reloaded bitcoin. I then generated a new address using the new encrypted wallet and then the unencrypted backup wallet. They both generated the same address.

I think this behaviour is expected, otherwise old backups would be invalid after encryption (EDIT: of course "invalid" is the wrong word here, they would just cease to be future proof). There are a lot of people who don't take snapshots that often and rely on the keypool.

[petermeuris]

However, once the old backups are not distributed anywhere, I can safely remove them and start backing-up the encrypted wallet file, right ?