Bitcoin Forum
October 15, 2019, 08:01:31 AM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Wallet passphrase and salt encryption  (Read 195 times)
khangmartin
Newbie
*
Offline Offline

Activity: 11
Merit: 1


View Profile
September 21, 2019, 02:41:36 AM
 #1

My question is as follows: When encrypting BTC Core wallet, is the format as follows: Sha512(passphrase+salt) or Sha512(salt+passphrase) before encrypting with AES256CBC for the wallet? Thanks.
1571126491
Hero Member
*
Offline Offline

Posts: 1571126491

View Profile Personal Message (Offline)

Ignore
1571126491
Reply with quote  #2

1571126491
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
pereira4
Legendary
*
Offline Offline

Activity: 1554
Merit: 1150


View Profile
September 21, 2019, 06:16:41 PM
 #2

My question is as follows: When encrypting BTC Core wallet, is the format as follows: Sha512(passphrase+salt) or Sha512(salt+passphrase) before encrypting with AES256CBC for the wallet? Thanks.

See this:

https://github.com/bitcoin/bitcoin/blob/6b8a5ab622e5c9386c872036646bf94da983b190/doc/README

Quote
Wallet encryption uses AES-256-CBC to encrypt only the private keys
that are held in a wallet.  The keys are encrypted with a master key
which is entirely random.  This master key is then encrypted with
AES-256-CBC with a key derived from the passphrase using SHA512 and
OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by
the speed of the machine which does the initial encryption (and is
updated based on the speed of a computer which does a subsequent
passphrase change).  Although the underlying code supports multiple
encrypted copies of the same master key (and thus multiple passphrases)
the client does not yet have a method to add additional passphrases.

Summary from PWiulle:

Quote
    The passphrase is converted to a key/iv pair using EVP, with a dynamic number of rounds
    This key/iv pair is used to encrypt a randomly-generated master key, using AES-256-CBC
    The secret part of wallet keys are then encrypted using that master key, again with AES-256-CBC
Dabs
Staff
Legendary
*
Offline Offline

Activity: 2478
Merit: 1287


The Concierge of Crypto


View Profile
September 30, 2019, 04:52:37 PM
 #3

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too? Say I run it on some server with 64 cores per CPU and it has 4 of them, will my wallet encryption get updated to the equivalent of 256 cores at 4ghz (or whatever is the speed of the CPU)?

Can this number be manually increased instead of it being automatically determined by the wallet software? Some people might want to add a few extra rounds, or is this not necessary anymore and just impractical? (adding 1 second to open the wallet, for example.)

pooya87
Legendary
*
Offline Offline

Activity: 1792
Merit: 1968


Remember tonight for it's the beginning of forever


View Profile
October 01, 2019, 04:15:11 AM
 #4

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too?

having more cores only help with algorithms that could be run in parallel. for that, each round has to be independent of others. but here, AES is being used and the CBC mode makes it serial, meaning each block needs to use the previous encrypted block so you can't run it in parallel.

with that said AES algorithm is quite fast itself specially if the implementation uses the CPU intrinsics that exist in majority of CPUs (specially Intel) there is no need for parallelism even if it were possible. 

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2051

Use SegWit and enjoy lower fees.


View Profile WWW
October 01, 2019, 04:48:09 PM
 #5

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too? Say I run it on some server with 64 cores per CPU and it has 4 of them, will my wallet encryption get updated to the equivalent of 256 cores at 4ghz (or whatever is the speed of the CPU)?

Can this number be manually increased instead of it being automatically determined by the wallet software? Some people might want to add a few extra rounds, or is this not necessary anymore and just impractical? (adding 1 second to open the wallet, for example.)

I don't know developer's approach for cryptocurrency wallet, but generally numbers of rounds is predetermined.
Few software (such as KeePass) have option to configure number of rounds with benchmark option, so user could choose best number of rounds (for them based on their device specification and patience).

And as mentioned by pooya87, multiple core won't help at all in this case because it's sequential job (next task depends on result of previous task).

khangmartin
Newbie
*
Offline Offline

Activity: 11
Merit: 1


View Profile
October 01, 2019, 10:06:28 PM
 #6

The passphrase is converted to a key/iv pair using EVP, with a dynamic number of rounds
This key/iv pair is used to encrypt a randomly-generated master key, using AES-256-CBC
The secret part of wallet keys are then encrypted using that master key, again with AES-256-CBC

For the above, is there any key stretching involved during the private keys encryption? I am going through calculation with my own wallet and bitcoin source code and it is not adding up for AES-256-CBC. The IV used is the double sha256 for the public key and the unecrypted master key for the secret key. Thanks for all the answers.
khangmartin
Newbie
*
Offline Offline

Activity: 11
Merit: 1


View Profile
October 01, 2019, 11:44:43 PM
 #7

Disregard the above, the key is expanded automatically. I think I have computed something incorrectly.
khangmartin
Newbie
*
Offline Offline

Activity: 11
Merit: 1


View Profile
October 02, 2019, 12:03:10 AM
 #8

Im back again.

I have taken the unencrypted private key from the wallet, double sha256 the public key (IV) and taken decrypted Master Key derived in DecryptSecret function (crypter.cpp). I received an answer which is not correct and is twice as long as the encrypted private key from my wallet. Has anyone tried this before or have some idea as to what I am missing. Thanks.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!