How safe is an Encrypted Bitcoin core wallet with a strong password?

[cuddaloreappu]

How safe is an Encrypted Bitcoin core wallet with a strong password?

[Justin00]

Not very if you have a key logger and hacker can some how retrieve your wallet.dat

It is safer than having an easy to guess password and obviously having no password would be like handing it on a platter.

I would do this (after you have finished with the client each time) Rename wallet.dat to something else, move it out of the normal directory (preferably off the PC). You would still be vulnerable to key logger and 1000 other scenarios, but if someone got access to your PC they might search/scan for wallet.dat and hopefully moves on when they can not find it.

[gmaxwell]

The software uses best-practices in handling, it's adaptively strengthened with a cryptographic KDF and salted (and cracks at no faster than 10 per second on the user's CPU)— but users (including myself) stink at producing passwords or if they manage to produce a good one, they can't remember it.

No amount of encryption can protect you from poor passwords, keyboard sniffers, or other local machine compromises... or from forgetting or disk corruption.  The wallet encryption helps against some things, but the rest is up to you currently.

[cuddaloreappu]

i mean encrypting wallet with a very strong password and doing this in a freshly installed windows pc.

That will take care of keyloggers right!

Now tell me how safe is such an encrypted wallet

[shorena]

i mean encrypting wallet with a very strong password and doing this in a freshly installed windows pc.

That will take care of keyloggers right!

Now tell me how safe is such an encrypted wallet

What do you want to hear?

10 guesses per second (per core I assume) if you have a password with 12 symbols, which can be any char or number you have
(2*26+10)¹²~=3.22 *10²¹ possible passwords. In order to test them all with a 120 Core CPU you need 3.22*10²¹/1200*60s*60m*24h*365d ~= 85 billion years. Bruteforce is basically out of the question unless someone has a very short list that happens to have your password in it.

A fresh Windows will most likely be not fully updated, but unless you use something old (e.g. WinXP without Service packs) you should be fine. Its also unlikely that you "just get a keylogger" as long as you are carefull. Carefull as in: dont download something from shady sources, dont download any new alt coin wallet just because, etc. pp.

[grue]

i mean encrypting wallet with a very strong password and doing this in a freshly installed windows pc.

That will take care of keyloggers right!

Now tell me how safe is such an encrypted wallet

[...]
A fresh Windows will most likely be not fully updated, but unless you use something old (e.g. WinXP without Service packs) you should be fine. Its also unlikely that you "just get a keylogger" as long as you are carefull. Carefull as in: dont download something from shady sources, dont download any new alt coin wallet just because, etc. pp.

more importantly, make sure your operating system install disk is clean. if you're downloading pirated windows, make sure you check the .iso's checksum against the ones published by microsoft.

[cuddaloreappu]

i mean encrypting wallet with a very strong password and doing this in a freshly installed windows pc.

That will take care of keyloggers right!

Now tell me how safe is such an encrypted wallet

[...]
A fresh Windows will most likely be not fully updated, but unless you use something old (e.g. WinXP without Service packs) you should be fine. Its also unlikely that you "just get a keylogger" as long as you are carefull. Carefull as in: dont download something from shady sources, dont download any new alt coin wallet just because, etc. pp.

more importantly, make sure your operating system install disk is clean. if you're downloading pirated windows, make sure you check the .iso's checksum against the ones published by microsoft.

Yeah my friend has original win 8 , we are planning to fresh install, update it, then install firefox and bitcoin core, then transfer all coins and encrypt with a very strong password.

Now is it safe?

[ranochigo]

i mean encrypting wallet with a very strong password and doing this in a freshly installed windows pc.

That will take care of keyloggers right!

Now tell me how safe is such an encrypted wallet

[...]
A fresh Windows will most likely be not fully updated, but unless you use something old (e.g. WinXP without Service packs) you should be fine. Its also unlikely that you "just get a keylogger" as long as you are carefull. Carefull as in: dont download something from shady sources, dont download any new alt coin wallet just because, etc. pp.

more importantly, make sure your operating system install disk is clean. if you're downloading pirated windows, make sure you check the .iso's checksum against the ones published by microsoft.

Yeah my friend has original win 8 , we are planning to fresh install, update it, then install firefox and bitcoin core, then transfer all coins and encrypt with a very strong password.

Now is it safe?

Not much, Windows is known to have a lot of vulnerabilities, since you are exposed to the internet, you might get a malware. Installing Linux on an offline computer would be significantly safer.

[Golph]

How safe is an Encrypted Bitcoin core wallet with a strong password?

Actually it is very very safe if you have strong password, you just have to avoid keylogger which is easy...

[grue]

Not much, Windows is known to have a lot of vulnerabilities, since you are exposed to the internet, you might get a malware. Installing Linux on an offline computer would be significantly safer.

windows does have vulnerabilities, but they're not so bad to the point that connecting a reasonably up-to-date windows machine to the internet will get you infected.

[ANTIcentralized]

i mean encrypting wallet with a very strong password and doing this in a freshly installed windows pc.

That will take care of keyloggers right!

Now tell me how safe is such an encrypted wallet

This would take care of keyloggers when  you create your password, but would not necessarily take care of keyloggers when you later need to input your password as your computer could potentially become compromised in the future.

[Bernard Lerring]

Why not install VirtualBox on the Windows PC. Then use a virtualized Ubuntu installation when you need to access your wallet?

[shorena]

Why not install VirtualBox on the Windows PC. Then use a virtualized Ubuntu installation when you need to access your wallet?

Because it gives you complexity not security. If the host system is infected any virtualisation as protection is useless. While you might be able to fool very simple malware that just searches for the wallet.dat with this, it will not help you against a keylogger. If you type in a password in the VM ware it is still piped through the host OS.

[Muhammed Zakir]

Why not install VirtualBox on the Windows PC. Then use a virtualized Ubuntu installation when you need to access your wallet?

Because it gives you complexity not security. If the host system is infected any virtualisation as protection is useless. While you might be able to fool very simple malware that just searches for the wallet.dat with this, it will not help you against a keylogger. If you type in a password in the VM ware it is still piped through the host OS.

As it is said earlier, Brute-force attack will be hard. It isn't highly secure but it is good and try to install original OS and search for a way to detect and remove keyloggers from your computer for the preferred OS.
Kindly,
      MZ

[Justin00]

I would partially disagree.
They have the password (to something) as you said, but they did not get the wallet.dat
So you have essentially protected the wallet.dat, Have you not ?

Why not install VirtualBox on the Windows PC. Then use a virtualized Ubuntu installation when you need to access your wallet?

Because it gives you complexity not security. If the host system is infected any virtualisation as protection is useless. While you might be able to fool very simple malware that just searches for the wallet.dat with this, it will not help you against a keylogger. If you type in a password in the VM ware it is still piped through the host OS.

[hibr3d]

Not very if you have a key logger and hacker can some how retrieve your wallet.dat

It is safer than having an easy to guess password and obviously having no password would be like handing it on a platter.

I would do this (after you have finished with the client each time) Rename wallet.dat to something else, move it out of the normal directory (preferably off the PC). You would still be vulnerable to key logger and 1000 other scenarios, but if someone got access to your PC they might search/scan for wallet.dat and hopefully moves on when they can not find it.

And what to do if the keylogger searches for ".wat" in the start bar?

[ranochigo]

Not very if you have a key logger and hacker can some how retrieve your wallet.dat

It is safer than having an easy to guess password and obviously having no password would be like handing it on a platter.

I would do this (after you have finished with the client each time) Rename wallet.dat to something else, move it out of the normal directory (preferably off the PC). You would still be vulnerable to key logger and 1000 other scenarios, but if someone got access to your PC they might search/scan for wallet.dat and hopefully moves on when they can not find it.

And what to do if the keylogger searches for ".wat" in the start bar?

You can easily rename the file type to something else like .wkshw and rename it back to .dat when you needs it. They most probably won't spend time to search for a file type like this.

[Muhammed Zakir]

Not very if you have a key logger and hacker can some how retrieve your wallet.dat

It is safer than having an easy to guess password and obviously having no password would be like handing it on a platter.

I would do this (after you have finished with the client each time) Rename wallet.dat to something else, move it out of the normal directory (preferably off the PC). You would still be vulnerable to key logger and 1000 other scenarios, but if someone got access to your PC they might search/scan for wallet.dat and hopefully moves on when they can not find it.

And what to do if the keylogger searches for ".wat" in the start bar?

You can easily rename the file type to something else like .wkshw and rename it back to .dat when you needs it. They most probably won't spend time to search for a file type like this.

All most all of the key loggers upload the inputs. I couldn't see any other types of key loggers.
Kindly,
        MZ

[zetaray]

If you have a keylogger, no password is strong enough. Best to use a dedicated machine for bitcoin, and install nothing but your wallet software and no altcoin wallets either.

[cuddaloreappu]

I think always using on screen keyboard will make it very safe from keyloggers