what is the "scratch"? it's FUD or truth?

[HorseRider]

http://www.itweb.co.za/office/securitysummit2012/PressRelease.php?StoryID=228225


Scratches on the Surface of SHA256
A closer look at the cryptography in use for digital currency Bitcoin shows new vulnerabilities in SHA256, says Absa information security researcher Frans Lategan.

Issued by: ITP Communications   
[Johannesburg, 26 March 2012] -

Frans Lategan – Absa information security researcher and speaker at the ITWeb Security Summit.

Frans Lategan, who will be one of the expert speakers at the annual ITWeb Security Summit, in May, says he will reveal for the first time at the Summit newly-discovered weaknesses in the gold standard cryptography.
Describing the vulnerabilities as “scratches in the paintwork, rather than a train smash”, Lategan says his findings nevertheless indicate that vulnerabilities can exist even in trusted algorithms in use to protect currency as valuable and widespread as Bitcoin.

Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.

“The downside of virtual currency such as Bitcoin is that there is no recourse if it is hacked or stolen,” he says.

Which is why any vulnerability in the security around it is of interest.

ITWeb Security Summit
The ITWeb Security Summit and Awards takes place from 15 to 17 May 2012. For more information and to reserve your seat, please click here.

Lategan points out that SHA256, in use for over a decade, will be replaced by the SHA3 hash family in the foreseeable future.
The annual ITWeb Security Summit will take place from 15 - 17 May 2012 at the Sandton Convention Centre. For more information and to book your seat, go to www.securitysummit.co.za.

 
EDITORIAL CONTACTS
ITP Communications
Leigh Angelo
(011) 869 9153
leigh@tradeprojects.co.za

[1715550918]

1715550918

[1715550918]

1715550918

[1715550918]

1715550918

[1715550918]

1715550918

[1715550918]

1715550918

[bulanula]

Probably FUD.

Sell all the BTC !

[julz]

see also the brief bio:

Frans Lategan is a security consultant with Absa Bank. His presentation, titled SHA256 vulnerabilities exposed by Bitcoin, will contextualise Bitcoin, discuss the technical workings of Bitcoin and SHA256, and look at divergences between expected and actual findings for SHA256.

(from http://www.itweb.co.za/index.php?option=com_content&view=article&id=50468)

So it seems the original title was 'SHA256 vulnerabilites exposed by Bitcoin'.

Ahh..  who would have thought bitcoin would be so useful to the banking industry as to help expose cryptographic weaknesses!? 

[BurtW]

Someone was paid by the banking industry to discredit Bitcoin?

(sarcasm attempt fail)

[Koekiemonster]

Someone was paid by the banking industry to discredit Bitcoin?

How does this discredit Bitcoin? 

[julz]

Someone was paid by the banking industry to discredit Bitcoin?

Doesn't seem that way to me.
Assuming he's correct... The bitcoin system has proved useful in revealing a minor issue with SHA256 ... which the banks (and military) also use.

Note that many US military systems are still in the process of migrating *to* SHA256.

It's highly unlikely that these surface scratches indicate a massive reduction in the security and utility of SHA256.
It's more a case of 'orderly migration' to something stronger - rather than 'panic exit'.

[Gabi]

FUD

Lol, bitcoin, wich has a market cap of less than 50 millions of $ discover a weakness that no one in all the world governments and banks and whatelse and trillions of $ discovered? Yeeeah sure. And what about Area 51? I've heard they have aliens there!!!

[Hawkix]

Bitcoin with its current hashrate may be the most powerfull SHA256 testing tool that has been running so far ...

[molecular]

Someone was paid by the banking industry to discredit Bitcoin?

Doesn't seem that way to me.
Assuming he's correct... The bitcoin system has proved useful in revealing a minor issue with SHA256 ... which the banks (and military) also use.

what minor issue?

[triplehelix]

any vulnerability can and will be verified.  why are so many so quick to write this off?  just because he works for a bank?

[DeathAndTaxes]

Frans Lategan, who will be one of the expert speakers at the annual ITWeb Security Summit, in May, says he will reveal for the first time at the Summit newly-discovered weaknesses in the gold standard cryptography.  Describing the vulnerabilities as “scratches in the paintwork, rather than a train smash”, Lategan says his findings nevertheless indicate that vulnerabilities can exist even in trusted algorithms in use to protect currency as valuable and widespread as Bitcoin.

Ok so it is only academic.  Obviosuly one wouldn't wait 2+ months to release findings on a flaw unless it is minor ...

Also I love the " protect currency as valuable and widespread as Bitcoin."  

Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.

How exactly does he know Bitcoin has been a victim?  Unless he is talking about things like DDOS and thefts which have nothing to do with the vulnerability?

Hmm... Either he is full of shit trying to pump up his presentation ahead of the conference or his is the single most unethical cryptographer on the planet.

"I know of a vulnerability which is costing other money and undermining public trust in cryptography so I will wait for two months before telling anyone about it ... er I will tell me about it, just not what it is."

[Etlase2]

Also I love the " protect currency as valuable and widespread as Bitcoin."  

..

How exactly does he know Bitcoin has been a victim?  Unless he is talking about things like DDOS and thefts which have nothing to do with the vulnerability?

Hmm... Either he is full of shit trying to pump up his presentation ahead of the conference or his is the single most unethical cryptographer on the planet.

I love how on one hand you love what he said, then one sentence later you turn into a raving, rabid bitcoiner.

Obviously he was referring to other attacks. Does he really need to spell this out?

[ribuck]

why are so many so quick to write this off?  just because he works for a bank?

We are writing off this "news", because there isn't any news. At this point he's just pimping his conference presentation.

If he announces anything substantial, we can consider it on its merits.

[finway]

WangXiaoYun(王小云) uses 10 years to find the vulnerability of MD5 and SHA-1

This guy cracks SHA256, HE must be another WangXiaoYun!

[finway]

I guess the "vulnerability" of SHA256 may refers to BIP30 -- the same tx hash.


A Big Finding.

[triplehelix]

the guy himself said its just a scratch in the paint, not a deep rooted issue.

[Gabi]

Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.

Lol i missed that before.

Bitcoin has been the victim? Didn't know linode=bitcoin.  And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make

[triplehelix]

Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.

Lol i missed that before.

Bitcoin has been the victim? Didn't know linode=bitcoin.  And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make

you could argue that the worm stealing wallets was a direct attack on bitcoin.

[rjk]

Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.

Lol i missed that before.

Bitcoin has been the victim? Didn't know linode=bitcoin.  And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make

you could argue that the worm stealing wallets was a direct attack on bitcoin.

They didn't break the protocol.

[triplehelix]

Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.

Lol i missed that before.

Bitcoin has been the victim? Didn't know linode=bitcoin.  And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make

you could argue that the worm stealing wallets was a direct attack on bitcoin.

They didn't break the protocol.

no, but they exposed a weakness in the default client which is provided by the core dev team.

[Gabi]

Copying a file on a computer is not Bitcoin weakness. It's user fault for having an infected computer.

If my computer is infected everything is weak, i type a password and the virus read it for example.

[triplehelix]

Copying a file on a computer is not Bitcoin weakness. It's user fault for having an infected computer.

If my computer is infected everything is weak, i type a password and the virus read it for example.

the fact that the official bitcoin client stores the wallet in a vulnerable manner by default is indeed a weakness.

[rjk]

Copying a file on a computer is not Bitcoin weakness. It's user fault for having an infected computer.

If my computer is infected everything is weak, i type a password and the virus read it for example.

the fact that the official bitcoin client stores the wallet in a vulnerable manner by default is indeed a weakness.

So since the password for an encrypted wallet can be grabbed by a keylogger, that is a vulnerability caused by the core dev team in the official client? Honestly, you bore me.

[triplehelix]

Copying a file on a computer is not Bitcoin weakness. It's user fault for having an infected computer.

If my computer is infected everything is weak, i type a password and the virus read it for example.

the fact that the official bitcoin client stores the wallet in a vulnerable manner by default is indeed a weakness.

So since the password for an encrypted wallet can be grabbed by a keylogger, that is a vulnerability caused by the core dev team in the official client? Honestly, you bore me.

i'm sure you can see the difference between offering no protection, and offering the best protection you can reasonably be expected to offer.

inorder for the keylogger to be effective, it would have to remain undetected on the infected system until the person used their private key.  the fact that not everyone inputs their private key often, would allow time for detection and sanitation.  i'm sure many of the wallets that were stolen would have been saved if encryption was in place by default.

i'm sorry if expecting the most security possibly from a piece of financial software is a bore to you.

[rjk]

i'm sorry if expecting the most security possibly from a piece of financial software is a bore to you.

Actually, it is already available - run it in Linux, where viruses are statistically less prevalent, and you are automagically protected against several attack vectors. If you can't detect the keylogger until it grabs your password, it is already too late.

[triplehelix]

i'm sorry if expecting the most security possibly from a piece of financial software is a bore to you.

Actually, it is already available - run it in Linux, where viruses are statistically less prevalent, and you are automagically protected against several attack vectors. If you can't detect the keylogger until it grabs your password, it is already too late.

maybe you can explain the justification for not encrypting the wallet by default?

and while i understand what your saying, the worm was identified and antivirus definitions updated to deal with it.  if you hadn't input your password between infection and identification/update, then you wouldn't have lost any coins.

[Gavin Andresen]

maybe you can explain the justification for not encrypting the wallet by default?

Here's the thinking:

Joe Random User finds out about bitcoin, and decides "what the heck, I'll check it out."

They run it.  First thing it does is ask him for a passphrase, with tons of "DO NOT FORGET YOUR PASSPHRASE" and/or "CHOOSE A LONG PASSPHRASE" warnings.  What does he do?  Many users will either:

1. Type "passphrase".

or

2. Bang on the keyboard to create a long, random passphrase: "b;lkaj425[09234kjvfda,nvfd;nkj34toht4"

He gets a little coin from the Faucet, writes me an email asking when they will arrive (because he hasn't yet downloaded the entire blockchain and didn't bother to read the information about that on the Faucet's "Sent!" page), and then shuts down the client.

Time passes.  Eventually the Faucet coins show up.

He decides Bitcoin really doesn't suck as much as he first thought, so he decides to buy some Bitcoin on Mt. Gox.

Time passes while Dwolla verifies his bank account and stuff.

Then he buys Bitcoin, and manages to send them and see them show up in his running Bitcoin.

Yay!

Time passes.  He decides he wants to spend the Bitcoin, and now he has to enter the passphrase that he set a week or three ago.  But back then, wallet security wasn't at all important to him.  He didn't have an Bitcoins to keep secure.

So either he forgot that his passphrase is "passphrase" or he remembers that he typed a bunch or random letters just so he could get past that annoying "enter passphrase" dialog box so he could just try the damn thing.

In short: wallet encryption is not the default because the right time to enter a passphrase to encrypt the wallet is when you KNOW that the wallet is valuable, and will take the steps necessary to protect it.

[triplehelix]

thank your for the thorough response.

when confronted with a classic conflict in programming, between security and user convenience, you chose convenience.

there are merits to both choices.  users are very used to entering passwords, and somehow manage to stay on top of them.  if they choose a crappy one and it gets cracked, or if they choose a crazy one and forget it, thats on the user, not on bitcoin.  my only comment is that bitcoin is not offering the most secure implementation it can.  the fact that its a conscious decision doesn't change that.

[Gavin Andresen]

my only comment is that bitcoin is not offering the most secure implementation it can.  the fact that its a conscious decision doesn't change that.

Ummm...

You know when you choose "About Bitcoin-Qt" and it says "Version 0.something BETA" ?

When we've got an implementation that is safe and secure (both from hackers and from accidental loss) out of the box that will change to say "Bitcoin Version 1.something".

Unfortunately, I don't know how to launch Bitcoin in an alternate universe where it will be attacked by highly motivated black-hats and then bring back the battle-tested source code to this universe to be launched as a perfectly secure Version One.

So, to repeat myself:  Bitcoin is experimental software. Do not invest time or money in it that you cannot afford to lose.

[triplehelix]

so in your opinion, no merchants should be using it until it reaches 1.something?

you seem to be getting a bit agitated, or at least that's how i'm reading the sarcastic part of your response about alternate universes, and i'm not sure why.  aren't these the type of conversations that happen in open source projects, within the community, that strengthen the project?  i make no qualms about the fact that i'm still new to bitcoin and learning.  maybe this doesn't have the same dynamic as many of the more successful open source projects?

you put a lot of time and effort into bitcoin.  i understand and appreciate that, but bitcoin belongs to  the community.  some individuals, like yourself, are more important to bitcoin then others, like myself, but without community support and involvement, its just a bunch of fancy math.

[rjk]

you put a lot of time and effort into bitcoin.  i understand and appreciate that, but bitcoin belongs to  the community.  some individuals, like yourself, are more important to bitcoin then others, like myself, but without community support and involvement, its just a bunch of fancy math.

No, it really belongs to the people that bother to put time and effort into it. If you cared, you would put a lot more of your time and effort into it.

No code, no UI, no API is perfect from the beginning, and will never be perfect, ever. If you have specific enhancements available or ideas on how to implement a better way, I am certain that the dev team, or indeed everyone, would love to hear about them. I have yet to hear you utter a workable solution to the problems that we have been discussing.

What Gavin meant by alternate worlds was that the BETA project can only be tested on the open, in production, because there is no collection of users and hackers available privately to make it "perfect" before public launch. If you don't like this, you aren't required to use it, and are welcome to throw all your time and skill into improving it. Improvements are always a good thing, whether to the UI and usability, or whether to security and interoperability.

As is commonly stated in open-source projects, "Pull requests are welcome".

[triplehelix]

wow.  so its your opinion that bitcoin belongs to a select few?  i must have really really misunderstood what bitcoin is all about. 

and your familiar with my efforts?  are furthering the adoption and developing business around bitcoin a valuable contribution?  is there a chart i can refer to or is an individuals non technical contribution evaluated by the select few on a case by case basis?

i understand nothing is perfect...ever.  the specific enhancement i suggested was to have the wallet encrypted from the get go.  gavin explained he thought the average user couldn't handle remembering the password they set it up with, so the decision was made to make it easier, but less secure.

i disagree with that decision.

i am still left confused by the hostility in the responses to a suggestion to increase security.

[rjk]

By time and effort, I didn't necessarily mean coding, although that helps.

Since you didn't come up with an answer, I just thought it up for you. Here is my proposal:

1. On wallet creation, it is unencrypted as it is currently.
2. Encryption will be suggested to the user once:
  a. The blockchain has fully downloaded and
  b. The wallet balance exceeds 0
3. If encryption was enabled prior to blockchain download completion, or prior to the balance exceeding 0, no popup/prompt will occur.
4. The popup/prompt will have an option to disable future notices:
  a. When checked, no further notices will be created, although
    1. A reminder will be written to the log
  b. If left unchecked, the reminder will be shown any time the wallet's balance is incremented or decremented.
5. There will be an easily accessible help link within the notification.

How does this sound? What needs added to this proposal is the following:

a. The suggested format of the notification:
  1. Tray notification
  2. Modal popup (application specific, not system modal)
  3. Text notification in the same format as remote system messages
b. The suggested text of the notification
 1. Including the text of the help link
c. A decision on whether the help link is local or whether it goes to the wiki

This will increase security, although it still does not address the keylogger issue. (On-screen keyboard anyone? Yeah I thought not.)

[julz]

i understand nothing is perfect...ever.  the specific enhancement i suggested was to have the wallet encrypted from the get go.  gavin explained he thought the average user couldn't handle remembering the password they set it up with, so the decision was made to make it easier, but less secure.

The broader picture of security includes user behaviour. Coins lost through mistakes made jumping security hurdles are just as lost as stolen coins.
I'd argue that the chosen path as explained by Gavin is superior from this perspective, and it would be better to pursue improvements along the lines of striking visual cues that the wallet remains unencrypted.

[triplehelix]

see rjk, now the conversation is taking a more productive direction, which is, you know, more productive then taking things personal and/or being condescending.  i wasn't making any personal attacks, and am still genuinely confused why i got such a negative response.

i used to be a project manager for an iphone dev company.  i don't have the technical skills to give specific procedural suggestions, but i worked hand in hand with the designers to the programers.  there was a flow of ideas, and while it was down to the more technically capable members of the team to implement, everyone's thoughts and ideas were valued.  different perspectives from people with different skill sets lead to a stronger finished product.  best job i ever had btw.

as for the keylogger, as i said, i was referring to bitcoin doing all it could do to be secure.  obviously a user has responsibilities.  there is only so much that can be done to secure software installed on end user machines.  i just think its best practices to do some simple things like having the wallet encrypted (by whichever procedures and at whatever specific time in the installation/update process is deemed appropriate by those more technically inclined) to increase security.

julz, i can see some kind of nag screen pushing a user to encrypt the wallet being a better compromise between the two.  i just don't think a screen telling someone to enter a password and make sure they remember it, or having a password to begin with is such a show stopper.  i think the general population is very much used to entering passwords and remembering them for their bank account, their utility providers, email, netflix, facebook, etc.  i also don't think entering a password is more difficult or off putting than waiting for the blockchain to download.

[rjk]

see rjk, now the conversation is taking a more productive direction, which is, you know, more productive then taking things personal and/or being condescending.  i wasn't making any personal attacks, and am still genuinely confused why i got such a negative response.

i used to be a project manager for an iphone dev company.  i don't have the technical skills to give specific procedural suggestions, but i worked hand in hand with the designers to the programers.  there was a flow of ideas, and while it was down to the more technically capable members of the team to implement, everyone's thoughts and ideas were valued.  different perspectives from people with different skill sets lead to a stronger finished product.  best job i ever had btw.

as for the keylogger, as i said, i was referring to bitcoin doing all it could do to be secure.  obviously a user has responsibilities.  there is only so much that can be done to secure software installed on end user machines.  i just think its best practices to do some simple things like having the wallet encrypted (by whichever procedures and at whatever specific time in the installation/update process is deemed appropriate by those more technically inclined) to increase security.

julz, i can see some kind of nag screen pushing a user to encrypt the wallet being a better compromise between the two.  i just don't think a screen telling someone to enter a password and make sure they remember it, or having a password to begin with is such a show stopper.  i think the general population is very much used to entering passwords and remembering them for their bank account, their utility providers, email, netflix, facebook, etc.  i also don't think entering a password is more difficult or off putting than waiting for the blockchain to download.

I think we got fired up by your comment of vulnerability where there really wasn't one. As someone that developed applications for iFail devices, I am sure you have had your share of thick/stupid/newb/etc users, and figure you would appreciate the reasoning that Gavin put forth.

A virus doesn't get blocked by AV vendors unless something bad happens to someone and they report it. So it is inevitable that someone would lose their wallet(s) to a keylogger, even if they only enter their password once a week, since someone has to figure out that something is wrong to start with. Nevermind that the virus was probably acquired by visiting some shady site on the net, users will be users and there isn't much you can do about that.

Unfortunately, my experience with users has been very similar to the situation that Gavin laid out - if they are prompted to enter their passphrase, it is pretty much a guarantee that they would enter a lame dictionary word of 6 characters or less, and then promptly forget it as if they were being paid to forget things. Damn users.

[triplehelix]

yeah, i have stories from users that still wake me up in the middle of the night.

generally though, the ones that curl your hair are a smaller percentage of the user base (from my experience anyway), and i personally believe in designing for the majority, and i think the majority of people would remember their password.  i don't think its that hard to include a passphrase strength indicator.  if someone wants to be a dipstick and use 123456, and the bitcoin client tells them its a near worthless password, then bitcoin has done all it can reasonably be expected to do, and nobody is to blame but the user who is lazy.

i don't think i have the most correct answer.  i just think that security isn't as hardened as it could be, and there is at least one area where it could be relatively easily strengthened, and an open discussion would probably be beneficial.

[Raoul Duke]

Well... I've told this to every person who I introduced to Bitcoin:

Would you leave your wallet unattended in a table on the middle of a shopping mall? With Bitcoin you also have to be careful, just like with your pocket wallet. They seem to get it...

[istar]

maybe you can explain the justification for not encrypting the wallet by default?

Here's the thinking:

Joe Random User finds out about bitcoin, and decides "what the heck, I'll check it out."

They run it.  First thing it does is ask him for a passphrase, with tons of "DO NOT FORGET YOUR PASSPHRASE" and/or "CHOOSE A LONG PASSPHRASE" warnings.  What does he do?  Many users will either:

1. Type "passphrase".

or

2. Bang on the keyboard to create a long, random passphrase: "b;lkaj425[09234kjvfda,nvfd;nkj34toht4"

He gets a little coin from the Faucet, writes me an email asking when they will arrive (because he hasn't yet downloaded the entire blockchain and didn't bother to read the information about that on the Faucet's "Sent!" page), and then shuts down the client.

Time passes.  Eventually the Faucet coins show up.

He decides Bitcoin really doesn't suck as much as he first thought, so he decides to buy some Bitcoin on Mt. Gox.

Time passes while Dwolla verifies his bank account and stuff.

Then he buys Bitcoin, and manages to send them and see them show up in his running Bitcoin.

Yay!

Time passes.  He decides he wants to spend the Bitcoin, and now he has to enter the passphrase that he set a week or three ago.  But back then, wallet security wasn't at all important to him.  He didn't have an Bitcoins to keep secure.

So either he forgot that his passphrase is "passphrase" or he remembers that he typed a bunch or random letters just so he could get past that annoying "enter passphrase" dialog box so he could just try the damn thing.

In short: wallet encryption is not the default because the right time to enter a passphrase to encrypt the wallet is when you KNOW that the wallet is valuable, and will take the steps necessary to protect it.

Brainstorm:

If the user have zero in his wallet, do not warn that it doesnt have password.

If the user have X amount advice the user to chose a long password they will never forget.
And some advice on how to chose such a password.

If the user have Huge amount of Bitcoins give warnings to encrypt right away?

Question is, what is considered huge and for one user 5 Btc can be much, for another 500 is much.

[Gavin Andresen]

i don't think i have the most correct answer.  i just think that security isn't as hardened as it could be, and there is at least one area where it could be relatively easily strengthened, and an open discussion would probably be beneficial.

You mean like:

https://bitcointalk.org/index.php?topic=34562.0
  or
https://bitcointalk.org/index.php?topic=19080.80
  or
http://gavinthink.blogspot.com/2011/06/why-arent-bitcoin-wallets-encrypted.html
  or
https://bitcointalk.org/index.php?topic=2574.0

It has been a while since I wrote a "State of Bitcoin Development" update (too busy...), but wallet security was my second priority, behind network stability, the last time I did one. It is still right at the top of my priority list.

[rjk]

Brainstorm:

If the user have zero in his wallet, do not warn that it doesnt have password.

If the user have X amount advice the user to chose a long password they will never forget.
And some advice on how to chose such a password.

If the user have Huge amount of Bitcoins give warnings to encrypt right away?

Question is, what is considered huge and for one user 5 Btc can be much, for another 500 is much.

That's pretty much what I proposed in post 33 up above. ^^

Although I didn't mention the advice on choosing a good password. A strength meter and a reminder to REMEMBER THE DAMN PASSWORD would be appropriate.

[triplehelix]

i don't think i have the most correct answer.  i just think that security isn't as hardened as it could be, and there is at least one area where it could be relatively easily strengthened, and an open discussion would probably be beneficial.

You mean like:

https://bitcointalk.org/index.php?topic=34562.0
  or
https://bitcointalk.org/index.php?topic=19080.80
  or
http://gavinthink.blogspot.com/2011/06/why-arent-bitcoin-wallets-encrypted.html
  or
https://bitcointalk.org/index.php?topic=2574.0

It has been a while since I wrote a "State of Bitcoin Development" update (too busy...), but wallet security was my second priority, behind network stability, the last time I did one. It is still right at the top of my priority list.

would have been really cool if your first post told me the discussion is ongoing, and gave me those links.  your a spokesman for bitcoin.  i know how easy it is to get frustrated and take things personal, but nobody benefits from that kind of reaction.

[Syke]

i think the general population is very much used to entering passwords and remembering them for their bank account, their utility providers, email, netflix, facebook, etc.  i also don't think entering a password is more difficult or off putting than waiting for the blockchain to download.

Because for every one of those examples a password recovery option is available. People use password recoveries all the time. There is no password recovery for an encrypted wallet. Encrypted wallets by default would be a disaster.

[DeathAndTaxes]

Because for every one of those examples a password recovery option is available. People use password recoveries all the time. There is no password recovery for an encrypted wallet. Encrypted wallets by default would be a disaster.

Worse many "casual" users may be confused by the very concept of irrecoverable password.  Since almost no services exist that have irrecoverable passwords casual users likely need an education.  

I would imagine enabling encryption on the 1.0 client would need to be pretty comprehensive.   Something more like a wizard explaining that losing password means a complete and irrecoverable loss of funds and that there is no "forgot password" option.  

It would also be good to:
* compare the user's password against a known password list ("your attempted password is already known to attackers please try another one")
* give the user a password strength meter with practical strengths ("your password can be guessed in less than 4 days by an attacker with a single computer"
* providing a "print out page" for safe keeping (with warnings like store this in a safe, all your funds can be stolen is this document is lost)

It would also be a good idea to provide "popup" warnings with frequency and intrusiveness directly related to the balance.

Gavin is absolutely correct in pointing out Bitcoin is 0.x.  It is 0.x for a reason. 

[Dusty]

Since almost no services exist that have irrecoverable passwords casual users likely need an education.

Nothing educates better than losing a bunch of money 

[MaxSan]

Since almost no services exist that have irrecoverable passwords casual users likely need an education.

Nothing educates better than losing a bunch of money 

Never herd more true words, but sadly any new regulars to bitcoin would be considerably disheartened if they lost a whack of funds, even if it was through their own stupidity.

[cbeast]

I would like to see a physical Bitcoin only option available someday. A client that only works via scanning a barcode or OCR that manages the physical wallets would eliminate the fear of electrons vaporizing due to forgetting a pw.