Bitcoin Forum
November 14, 2019, 05:26:39 PM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Wallet passphrase and salt encryption  (Read 201 times)
khangmartin
Newbie
*
Offline Offline

Activity: 11
Merit: 1


View Profile
September 21, 2019, 02:41:36 AM
 #1

My question is as follows: When encrypting BTC Core wallet, is the format as follows: Sha512(passphrase+salt) or Sha512(salt+passphrase) before encrypting with AES256CBC for the wallet? Thanks.
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573752399
Hero Member
*
Offline Offline

Posts: 1573752399

View Profile Personal Message (Offline)

Ignore
1573752399
Reply with quote  #2

1573752399
Report to moderator
pereira4
Legendary
*
Offline Offline

Activity: 1568
Merit: 1156


View Profile
September 21, 2019, 06:16:41 PM
 #2

My question is as follows: When encrypting BTC Core wallet, is the format as follows: Sha512(passphrase+salt) or Sha512(salt+passphrase) before encrypting with AES256CBC for the wallet? Thanks.

See this:

https://github.com/bitcoin/bitcoin/blob/6b8a5ab622e5c9386c872036646bf94da983b190/doc/README

Quote
Wallet encryption uses AES-256-CBC to encrypt only the private keys
that are held in a wallet.  The keys are encrypted with a master key
which is entirely random.  This master key is then encrypted with
AES-256-CBC with a key derived from the passphrase using SHA512 and
OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by
the speed of the machine which does the initial encryption (and is
updated based on the speed of a computer which does a subsequent
passphrase change).  Although the underlying code supports multiple
encrypted copies of the same master key (and thus multiple passphrases)
the client does not yet have a method to add additional passphrases.

Summary from PWiulle:

Quote
    The passphrase is converted to a key/iv pair using EVP, with a dynamic number of rounds
    This key/iv pair is used to encrypt a randomly-generated master key, using AES-256-CBC
    The secret part of wallet keys are then encrypted using that master key, again with AES-256-CBC
Dabs
Legendary
*
Offline Offline

Activity: 2506
Merit: 1324


The Concierge of Crypto


View Profile WWW
September 30, 2019, 04:52:37 PM
 #3

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too? Say I run it on some server with 64 cores per CPU and it has 4 of them, will my wallet encryption get updated to the equivalent of 256 cores at 4ghz (or whatever is the speed of the CPU)?

Can this number be manually increased instead of it being automatically determined by the wallet software? Some people might want to add a few extra rounds, or is this not necessary anymore and just impractical? (adding 1 second to open the wallet, for example.)

pooya87
Legendary
*
Offline Offline

Activity: 1820
Merit: 2048


Remember tonight for it's the beginning of forever


View Profile
October 01, 2019, 04:15:11 AM
 #4

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too?

having more cores only help with algorithms that could be run in parallel. for that, each round has to be independent of others. but here, AES is being used and the CBC mode makes it serial, meaning each block needs to use the previous encrypted block so you can't run it in parallel.

with that said AES algorithm is quite fast itself specially if the implementation uses the CPU intrinsics that exist in majority of CPUs (specially Intel) there is no need for parallelism even if it were possible. 

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1820
Merit: 2081

Use SegWit and enjoy lower fees.


View Profile WWW
October 01, 2019, 04:48:09 PM
 #5

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too? Say I run it on some server with 64 cores per CPU and it has 4 of them, will my wallet encryption get updated to the equivalent of 256 cores at 4ghz (or whatever is the speed of the CPU)?

Can this number be manually increased instead of it being automatically determined by the wallet software? Some people might want to add a few extra rounds, or is this not necessary anymore and just impractical? (adding 1 second to open the wallet, for example.)

I don't know developer's approach for cryptocurrency wallet, but generally numbers of rounds is predetermined.
Few software (such as KeePass) have option to configure number of rounds with benchmark option, so user could choose best number of rounds (for them based on their device specification and patience).

And as mentioned by pooya87, multiple core won't help at all in this case because it's sequential job (next task depends on result of previous task).

khangmartin
Newbie
*
Offline Offline

Activity: 11
Merit: 1


View Profile
October 01, 2019, 10:06:28 PM
 #6

The passphrase is converted to a key/iv pair using EVP, with a dynamic number of rounds
This key/iv pair is used to encrypt a randomly-generated master key, using AES-256-CBC
The secret part of wallet keys are then encrypted using that master key, again with AES-256-CBC

For the above, is there any key stretching involved during the private keys encryption? I am going through calculation with my own wallet and bitcoin source code and it is not adding up for AES-256-CBC. The IV used is the double sha256 for the public key and the unecrypted master key for the secret key. Thanks for all the answers.
khangmartin
Newbie
*
Offline Offline

Activity: 11
Merit: 1


View Profile
October 01, 2019, 11:44:43 PM
 #7

Disregard the above, the key is expanded automatically. I think I have computed something incorrectly.
khangmartin
Newbie
*
Offline Offline

Activity: 11
Merit: 1


View Profile
October 02, 2019, 12:03:10 AM
 #8

Im back again.

I have taken the unencrypted private key from the wallet, double sha256 the public key (IV) and taken decrypted Master Key derived in DecryptSecret function (crypter.cpp). I received an answer which is not correct and is twice as long as the encrypted private key from my wallet. Has anyone tried this before or have some idea as to what I am missing. Thanks.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!