Bitcoin Forum
June 21, 2024, 11:57:26 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Trying to understand more about wallet security  (Read 222 times)
Outhue (OP)
Sr. Member
****
Offline Offline

Activity: 868
Merit: 453


Instant cryptocurrency exchange with own reserves!


View Profile WWW
February 14, 2022, 06:26:14 AM
Merited by Vvang (4), DdmrDdmr (3), Hyphen(-) (3), JoyMarsha (2), Welsh (1)
 #1

Are every single wallets passwords useless once someone have access to the private key or recovery seed? Are there no projects or chains that implements password inside the private key so that even if you import the private key in a another fresh wallet you will still be asked for the password.

▄▄███████
▄███████████████▄
▄███████████████████▄
▄██████████▄██████████▄
▄██████████▄████████████▄
█████████████████████████
████████▄████████████████
█████████████████████████
▀███████████████████████▀
▀████████▐████████████▀
▀██████▐████████████▀
▀██████████████▀
███████▀▀
█▀▀











█▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 
INSTANT
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
██████████████████████▀▀
████████▀░░░░▀████████
██████▀░▄█▀▀█▄░▀██████
██████░▄▀░░░░▀▄░██████
██████░█░░░░░░█░██████
██████▄░▀▄▄▄▄▀░▄██████
████▀░░░░░░░░░░░░▀████
███░░▄▄▄▄▄▄▄▄▄▄▄▄░░███
██▌░▐█░░░░░░░░░░█▌░▐██
██░░░█░░░░▄▄░░░░█░░░██
███▄░█▌░░▀██▀░░▐█░▄███
██████▌░░░░░░░░▐██████
██████████████████████▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 
 NO KYC 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
█▀▀











█▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 
    OWN LIQUIDITY RESERVES    
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
BTC
 
ETH
 
LTC
DOGE
 
TRX
 
BNB
TRC20
 
ERC20
 
BEP20
█████
██
██
██
██
██
██
██
██
██
██
██
█████
█████████████████████████████████████████████████
 
 SWAP NOW 
 
█████████████████████████████████████████████████
█████
██
██
██
██
██
██
██
██
██
██
██
█████
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
February 14, 2022, 06:31:18 AM
Merited by DdmrDdmr (3), ABCbits (1)
 #2

There was bip38 which encrypted private keys with a password (I think they then begin with a 'U').

The bip39 protocols for making the mnemonic phrase also allow you to extend your mnemonic with a passphrase (by adding words to the end of the mnemonic but it's not supported by non-standard types like electrum).
pooya87
Legendary
*
Offline Offline

Activity: 3486
Merit: 10666



View Profile
February 14, 2022, 06:46:16 AM
Merited by Welsh (2)
 #3

No there isn't because at the end of the line there has to be something that doesn't need encrypting anymore and you can still leak that last step and compromise your keys. The only solution is not leak the password used for encryption in first place.

You can also use some other features that bitcoin offers such as multi-signature wallets, where spending coins requires signature from multiple keys. Then you can store these keys separately. For example one key  in your cold storage PC (air gap with Linux) and another in your hardware wallet in a 2of2 setup.

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
witcher_sense
Legendary
*
Offline Offline

Activity: 2380
Merit: 4372


🔐BitcoinMessage.Tools🔑


View Profile WWW
February 14, 2022, 07:24:55 AM
 #4

even if you import the private key in a another fresh wallet you will still be asked for the password.
Such a mechanism already exists: whenever your import your seed words into a fresh wallet, it will ask you if you have an additional passphrase with which you extended your initial seed to make it more protected from accidental loss or hacking. If you answer positively, you enter your passphrase and get access to your funds. Without the passphrase, there will be a completely different wallet because every single passphrase or no passphrase when combined with your seed will result in different private keys, public keys, and therefore different addresses. If a hacker steals your seed words but not your passphrase, he will find nothing but an empty wallet. Like I said, each passphrase results in its own set of keys, which also means there is no such thing as a correct or incorrect passphrase: in order to get access to your funds, you should enter exactly the same passphrase you generated private keys from.

More info:

https://www.blockplate.com/blogs/blockplate/what-is-a-bip39-passphrase


█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
mk4
Legendary
*
Offline Offline

Activity: 2800
Merit: 3853


Paldo.io 🤖


View Profile
February 14, 2022, 09:05:55 AM
 #5

Passphrases: they can't steal your funds if they only have the recovery seed; they're going to need the passphrase as well.

Passwords(or pins): this layer of protection is solely there to prevent unintended access to your wallet; like when someone stole your phone or something — the password/pin is there just so they can't access the wallet app. But if the thief gained access to your recovery seed, the password(or pin) is useless.

^Assuming we're talking about non-custodial wallets here. https://cryptosec.info/wallets

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
NeuroticFish
Legendary
*
Offline Offline

Activity: 3710
Merit: 6427


Looking for campaign manager? Contact icopress!


View Profile
February 14, 2022, 09:47:38 AM
Merited by hosseinimr93 (1)
 #6

Are every single wallets passwords useless once someone have access to the private key or recovery seed? Are there no projects or chains that implements password inside the private key so that even if you import the private key in a another fresh wallet you will still be asked for the password.

I will talk here about non-custodial wallets, since custodial ones are simply accounts on a platform, not proper wallets.

You should start with understanding that the coins are not in the wallet, they're on the blockchain. Anybody who can sign a transaction he can send away the coins, that all that's needed.
You should also understand that usually you have a wallet software and a wallet file. The wallet file contains some information that allows the wallet software obtain the private keys necessary to sign transactions.

Now, if you protect by any means (password) your wallet, it's basically only that file you protect.
One can make from seed/private key a new wallet file and sign transaction. One can use the private key with a script and sign transaction (i.e. spend those coins).

So if you have password for your wallet, but you don't protect the seed/private key properly, it's like you put a steel grid over your window, but keep all the doors wide open.

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
dbc23
Sr. Member
****
Offline Offline

Activity: 1036
Merit: 311


View Profile
February 14, 2022, 12:11:00 PM
 #7

Are every single wallets passwords useless once someone have access to the private key or recovery seed? Are there no projects or chains that implements password inside the private key so that even if you import the private key in a another fresh wallet you will still be asked for the password.
From what I understand from your post you are asking about wallet password and not encryption password if it's wallet password then the password is only useful on the device where your wallet exist once your private key is compromised then your wallet password is useless. Because entering your private key on a new device wouldn't demand for your wallet password. Always remember" not yours keys not your coin"
dkbit98
Legendary
*
Offline Offline

Activity: 2268
Merit: 7255



View Profile WWW
February 14, 2022, 06:54:51 PM
 #8

Are every single wallets passwords useless once someone have access to the private key or recovery seed?
Yes they are, for most wallets.
Passwords and PIN codes are mostly connected with local device and they are not so hard to crack if they are weak.
From all software wallets I know only Wasabi is password in combination with seed words, so you need that password for recovering your funds in addition with seed words.
Wallets like exodus use regular passwords that are only used as superficial protection.

Are there no projects or chains that implements password inside the private key so that even if you import the private key in a another fresh wallet you will still be asked for the password.
There is no need for using other chains, just using different passphrases with BIP39 seed phrase can serve this purpose.
There is a big difference between regular password and passphrase that is used as a soil added to 12 or 24 seed words.
Note that losing a passprhase means losing your coins, so proper backup must be done for that.

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
Rikimaruu
Jr. Member
*
Offline Offline

Activity: 45
Merit: 1


View Profile
February 15, 2022, 04:43:43 AM
 #9

Every crypto private key is like a security factory reset once someone has access to the key, all the security settings will be gone, 2FA, fingerprint or pin code only works on your present device if the private key is safe.

https://qenetex.com
🔵 Qenetex: non-custodial storage
✅ Find best exchange rates with Exchange Engine, up to 100 providers 🖥
Welsh
Staff
Legendary
*
Offline Offline

Activity: 3276
Merit: 4111


View Profile
February 15, 2022, 12:26:22 PM
 #10

This is why it's recommended to never store your private key digitally, and if you're storing it physically, make sure it's concealed, and safe from most threats. You can''t 100% protect it from threats, that's just unrealistic to assume. However, you can make a pretty good job of it so that most attacks are somewhat mitigated.

By the way, you probably shouldn't be storing your password digitally or anywhere that can be found easily, since the same principles apply. Although, a private key can completely bypass that password, whereas the password is only useful if they've the wallet file too.
The Cryptovator
Legendary
*
Offline Offline

Activity: 2282
Merit: 2196

Signature Space For Rent


View Profile WWW
February 15, 2022, 01:05:42 PM
 #11

As others users said you may implement some additional security to keep safe your funds. But I am wondering how you are gonna protect your additional passwords if you can't protect your seeds or private keys. I have seen some cases where users used additional passwords to generate and encrypt private keys for paper wallets. So in the end, they had written the private keys and didn't write the passwords. Eventually when they tried to access their funds forget the password which has used to encrypt private keys. So if you need to write your passwords as well then it's going to same writing your private keys and both would be stolen or lost. So better use a hardware wallet and keep secure your seeds in a secret place, so even lost the device can't access without a password and you can always recover your fund through the seed phrase.

SIGNATURE SPACE FOR RENT
tbct_mt2
Hero Member
*****
Offline Offline

Activity: 2352
Merit: 837



View Profile WWW
February 19, 2022, 03:49:18 PM
 #12

There are single signature or multi-signature wallets. Multi-signature wallets require a number of signatures to sign transaction and unlock fund in your wallet. You can use it to co-sign a transaction by a wallet in which you store fund, and some other empty wallets without fund but play as co-signers for your transactions.

Indeed, you should secure all of those wallets but multi-signature wallet help you in case one of your wallets are compromised. If the number of compromised wallets is not enough, transaction can not be processed.

Protect your keys is most important, no matter single-signature or multi-signature wallet you are using.
nakamura12
Hero Member
*****
Offline Offline

Activity: 2310
Merit: 671


View Profile
February 19, 2022, 08:13:37 PM
 #13

Every crypto private key is like a security factory reset once someone has access to the key, all the security settings will be gone, 2FA, fingerprint or pin code only works on your present device if the private key is safe.
If you don't know how to have a multi signature wallet or a more secured wallet but it is compromised then you better abandon it and use a new wallet if that's the case then transfer the funds if you have funds remaining from the previous wallet if the one who knows the wallet important haven't beat you to take the funds first then that person failed to steal your funds but if a thief knows your private ket for example then that person would transfer it right away.

Nakamura12 Sig Space and Avatar 4 Rent
Trojane
Member
**
Offline Offline

Activity: 294
Merit: 28


View Profile
February 19, 2022, 11:01:21 PM
 #14

The security of your wallet doesn't primarily depends on how good you're in hiding your priv keys or making long passphrase and whatsoever; what if through some blockchain spamming or phishing, your wallet becomes a victim?
Secondarily, we could advice everyone to keep their priv keys within thier valuables; this has nothing to do with creating long pin and passwords...and I keep asking myself' is there not a better way of still not making the priv keys the final solution to getting people's account shrinked? Is there not a way that maybe a four digit code is made to optimize and guard the priv keys so that if it's not imputed, funds cannot be accessed? Just thinking aloud: priv keys are long and clumsy and cannot be crammed but a four digit PIN just like that of our ATM cards can easily be crammed and stored within our memories. ...

████████████████            1 x B i t . c o m         |         THE WORLD CUP ADVENTURE            ████████████████
[  7 BTC WELCOME BONUS  ] [      1 BTC PRIZE FUND      ]
████████████████            ██                           P L A Y   N O W                           ██            ████████████████
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!