Wallet passphrase and salt encryption

[khangmartin]

My question is as follows: When encrypting BTC Core wallet, is the format as follows: Sha512(passphrase+salt) or Sha512(salt+passphrase) before encrypting with AES256CBC for the wallet? Thanks.

[1714789360]

1714789360

[pereira4]

My question is as follows: When encrypting BTC Core wallet, is the format as follows: Sha512(passphrase+salt) or Sha512(salt+passphrase) before encrypting with AES256CBC for the wallet? Thanks.

See this:

https://github.com/bitcoin/bitcoin/blob/6b8a5ab622e5c9386c872036646bf94da983b190/doc/README

Wallet encryption uses AES-256-CBC to encrypt only the private keys
that are held in a wallet.  The keys are encrypted with a master key
which is entirely random.  This master key is then encrypted with
AES-256-CBC with a key derived from the passphrase using SHA512 and
OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by
the speed of the machine which does the initial encryption (and is
updated based on the speed of a computer which does a subsequent
passphrase change).  Although the underlying code supports multiple
encrypted copies of the same master key (and thus multiple passphrases)
the client does not yet have a method to add additional passphrases.

Summary from PWiulle:

    The passphrase is converted to a key/iv pair using EVP, with a dynamic number of rounds
    This key/iv pair is used to encrypt a randomly-generated master key, using AES-256-CBC
    The secret part of wallet keys are then encrypted using that master key, again with AES-256-CBC

[Dabs]

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too? Say I run it on some server with 64 cores per CPU and it has 4 of them, will my wallet encryption get updated to the equivalent of 256 cores at 4ghz (or whatever is the speed of the CPU)?

Can this number be manually increased instead of it being automatically determined by the wallet software? Some people might want to add a few extra rounds, or is this not necessary anymore and just impractical? (adding 1 second to open the wallet, for example.)

[pooya87]

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too?

having more cores only help with algorithms that could be run in parallel. for that, each round has to be independent of others. but here, AES is being used and the CBC mode makes it serial, meaning each block needs to use the previous encrypted block so you can't run it in parallel.

with that said AES algorithm is quite fast itself specially if the implementation uses the CPU intrinsics that exist in majority of CPUs (specially Intel) there is no need for parallelism even if it were possible.