Bitcoin Forum
November 09, 2024, 02:34:07 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Risk of Exporting Wallet  (Read 1463 times)
l.j2300 (OP)
Member
**
Offline Offline

Activity: 83
Merit: 10


View Profile
September 14, 2014, 11:12:38 PM
 #1

Hey all,

I just had a quick question regarding the risk of exporting my wallet to say blockchain.info. Since I do not want to wait for the blockchain to sync and do the whole USB from offline to online computer process... is exporting the wallet using privhexbe format, a risk for my other addresses in that wallet? Say I have a wallet with multiple addresses and I just wanted to move a portion of them, would I be putting them at risk by importing them in my blockchain.info's wallet? I believe I read before that once a wallet/address is imported instead of sent through the blockchain, it can somehow potentially expose other information? Would appreciate if someone can clear this up. Thanks
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
September 15, 2014, 03:36:01 AM
Last edit: September 15, 2014, 04:22:26 AM by btchris
 #2

As I assume you already know, the addresses you choose to export will be at more risk.

In particular, Blockchain is an online wallet whose software is effectively "reinstalled" each time you visit their web page (because it's reloaded from their servers during each visit). This makes it easier for someone (presumably an outside hacker) to replace the software with a Trojan which steals your privkeys.

There's also the possibility that a hacker might steal your encrypted privkeys directly from the Blockchain servers and brute-force your passwords if they're simple enough. You can guard against this by using a better password, and also by changing the iteration count from 10 (which is pointlessly weak if you ask me...) to something greater. (It's under Account Settings -> Debugging.)

Finally, there's an issue inherent in HD wallets: if someone has both your watching-only wallet and a single (non-hardened) privkey, they have access to all of the privkeys which follow the one privkey they have (all Armory privkeys are "non-hardened".) Likewise, if an adversary has your encrypted Armory wallet, even if they don't have the password, this is effectively the same as having a watching-only wallet: that plus a single unencrypted privkey would be enough to access all of the privkeys which follow.

If I were you, and I were interested in an online wallet for convenient access to a smaller amount of bitcoin, I'd open an account and transfer some bitcoin to the online wallet. If you prefer an online HD wallet to make backups easier (like Armory), you could consider GreenAddress.it or BitGo.com (I find the former a bit more secure, and the latter a bit easier to use for newbies, but that's just my personal opinion). Both of these are also multisig wallets, so they also offer additional protection against malware.
l.j2300 (OP)
Member
**
Offline Offline

Activity: 83
Merit: 10


View Profile
September 15, 2014, 04:57:23 AM
 #3

btchris,

thank you for the explanation. So basically you are not recommending to use the import option of blockchain if I do have other addresses with BTC in them under the same wallet since it is a deterministic one and if one address is compromised, all the rest would be as well? The only problem is because I need to access them ASAP and last time I waited for the blockchain to sync it took a couple days.
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
September 15, 2014, 01:04:31 PM
 #4

if one address is compromised, all the rest would be as well?

It's not quite that bad. If one address is compromised, and your encrypted wallet file is also compromised (even if the password remains unknown), then some of the rest would be as well (addresses, including invisible change addresses, that are created after the one that's compromised).

It's up to you to decide how risky you think this is...

If you have a good reason to import some addresses to an online wallet, you could also create a new Armory wallet and try to keep most of your bitcoin in the new wallet, and treat the convenience wallet as less safe.
l.j2300 (OP)
Member
**
Offline Offline

Activity: 83
Merit: 10


View Profile
September 15, 2014, 10:25:00 PM
 #5

Thanks for answering my questions, you have been very helpful.

So lets say I have a wallet with 20 addresses.

If I just want to import the last 10 addresses, I wouldn't put anything at risk at all since I took out everything in those addresses and wont plan to recreate addresses after that. Also the addresses before the last 10 wont be at risk since they were created before the addresses I exported? Sorry about the confusion, just because I want to ensure I am understanding correctly.
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 3752
Merit: 1364

Armory Developer


View Profile
September 16, 2014, 02:07:28 PM
 #6

TLDR: if you expose a private key from your wallet's chain, the wallet is fully compromised, period.

The extention code uses a modulo multiplication to get privKey N+1 from privKey N. The multiplier is pubKey N XOR chaincode.

So if:

a = privKey N
A = privKey N+1
M = pubKey N XOR chaincode
G = secp256k1's order

We have:

A = a * M (mod G)

This is also true:

A * M^-1 (mod G) = a * M * M^-1 (mod G) = a

Sure you can't get pubKey N from pubKey N+1, but that's irrelevant in our case. A single private key N and your chaincode will reveal all private keys past N. Any private key N + chaincode + all your public addresses from 0 to N-1 will reveal your entire wallet.

Since the chaincode always comes with the precomputed public keys, it is safe to assume that if an attacker can get your chaincode, he can also get your public keys. If he gets access to a single private key, you are kebab. So just don't do it. Private keys are meant to remain private.

btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
September 16, 2014, 03:40:50 PM
 #7

A * M^-1 (mod G) = a * M * M^-1 (mod G) = a
...
Since the chaincode always comes with the precomputed public keys,

So a wallet file of any type (even watching-only or encrypted) plus any single privkey from that wallet would compromise all of that wallet's privkeys... thank you for taking the time to correct me. I'll try to be more careful in the future.

l.j2300,

My sincere apologies for the misinformation, I should know better than to post "answers" if I'm not 99% certain....
l.j2300 (OP)
Member
**
Offline Offline

Activity: 83
Merit: 10


View Profile
September 16, 2014, 08:39:18 PM
 #8

TLDR: if you expose a private key from your wallet's chain, the wallet is fully compromised, period.

Thank you for clearing this up. But if my wallet address (not priv key) is known or shown as a transaction on the blockchain, one could not have access to all of my wallet addresses?


btchris,

no problem friend. Thats why this forum is here for so we can discuss 
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 3752
Merit: 1364

Armory Developer


View Profile
September 16, 2014, 11:07:18 PM
 #9

Thank you for clearing this up. But if my wallet address (not priv key) is known or shown as a transaction on the blockchain, one could not have access to all of my wallet addresses?

Your public addresses lay unencrypted on an online machine so anyone with access to that file has your entire WO. However, someone that identifies any amount of your addresses on the blockchain cannot compute any other address without the chaincode. Even if they identify 2 consecutive addresses, since the multiplier (pubKey N XOR chaincode) is hashed before the modulo multiplication, they can't retrieve your chaincode from that.

The chaincode is never used on anything that hits the blockchain, so any amount of blockchain only data cannot be used to compute any keys on your chain. The chaincode is an Armory only thing and completely alien to the Bitcoin protocol. So someone trying to reveal your public chain has to go after your wallet file.

l.j2300 (OP)
Member
**
Offline Offline

Activity: 83
Merit: 10


View Profile
September 16, 2014, 11:54:40 PM
 #10

goatpig,

ok perfect that answers my questions. So there is basically no risk if I was to use the import feature on blockchain to transfer some coins from some addresses (but not all addresses in the wallet)?
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 3752
Merit: 1364

Armory Developer


View Profile
September 17, 2014, 12:42:11 AM
 #11

goatpig,

ok perfect that answers my questions. So there is basically no risk if I was to use the import feature on blockchain to transfer some coins from some addresses (but not all addresses in the wallet)?

I think there is a confusion here. When I say the blockchain, I am NOT referring to Blockchain.info, only to the actual blockchain.

Generally, the only risk you expose yourself to by exporting public keys from Armory to an web wallet is de-anonymisation. You are trusting a 3rd party with informations about coins you may be controlling, but it isn't enough data to reproduce any other addresses on your public chain. However I'm unsure this is the scenario you are referring to and what you mean by "transferring coins".

Also I wonder if you are trying to mean more than just the ripemd(sha(sha(pubKey))) + checksum when you use the word address.

For the sake of the discussion: privKey -> pubKey -> bitcoin address. These are all distinct values with different purposes, and you can't perform any of these operations backwards.

btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
September 17, 2014, 02:10:27 AM
 #12

goatpig,

ok perfect that answers my questions. So there is basically no risk if I was to use the import feature on blockchain to transfer some coins from some addresses (but not all addresses in the wallet)?

I think there is a confusion here.
...

Originally, l.j2300 asked if it was risky to non-exported privkeys if some, but not all, privkeys were exported from Armory to a web wallet. My answer (even though I got the details all wrong and goatpig corrected me) was no, don't do that, instead just transfer some bitcoin from your Armory wallet to a new convenience web wallet.

I'm not sure, but I think l.j2300 had a reason to want payments to some pre-existing addresses to go straight to a web wallet. For this, I said the best option is to go ahead and export/import the privkeys from Armory to a web wallet, but then stop using the old wallet entirely (and then create a new Armory wallet for additional savings not stored in the web wallet).

As far as I know, these are the only two safe options. I don't see a safe option for using some existing addresses with Armory, and some with a new wallet. You should really use your existing addresses in one place or the other, and then create a brand new wallet in the other location. If you go against this advice (and use your existing Armory privkeys both inside Armory and in a web wallet), I don't think you'll be instantly compromised, but it's a bad idea...
l.j2300 (OP)
Member
**
Offline Offline

Activity: 83
Merit: 10


View Profile
September 17, 2014, 09:04:37 AM
 #13

goatpig,

yes thats what I understood, so someone cannot generate my other public addresses in the same wallet if I did choose to export unless they actually compromised my private keys. I guess I was confused by how Armory exactly generates the following addresses in one wallet. I thought it deterministic was that the public address to address 1 is the private key to address 2.

btchris,

yes thats basically what I want to do. I want to use only some of the addresses in the same wallet and export them to the webwallet but keep the rest of my btcs in that same wallet (spread out in different addresses).
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
September 17, 2014, 01:46:18 PM
 #14

btchris,

yes thats basically what I want to do. I want to use only some of the addresses in the same wallet and export them to the webwallet but keep the rest of my btcs in that same wallet (spread out in different addresses).

I'm not aware of any way to do this without some risk. If your wallet file is ever compromised, even if it's password-protected by Armory, or even if it's a watching-only wallet, then whoever has both it and one of your private keys can gain access to all of them.

It may be less convenient to use new addresses with a web wallet, but it's the safer choice.

If you're 100% sure that nobody has or will gain access to your wallet, then it should be safe, but it's hard to be 100% sure...
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!