Bitcoin Forum
October 20, 2017, 06:11:25 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Is it safe to store encrypted wallet files all over the internet?  (Read 446 times)
mcplums
Full Member
***
Offline Offline

Activity: 147


View Profile
January 17, 2015, 12:17:31 PM
 #1

I have heard that the encryption used for electrum wallets is somewhat open to brute force attacks, which makes me think that even if I've encrypted the wallet, I should still try and keep it offline.

Thoughts?
1508523085
Hero Member
*
Offline Offline

Posts: 1508523085

View Profile Personal Message (Offline)

Ignore
1508523085
Reply with quote  #2

1508523085
Report to moderator
1508523085
Hero Member
*
Offline Offline

Posts: 1508523085

View Profile Personal Message (Offline)

Ignore
1508523085
Reply with quote  #2

1508523085
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508523085
Hero Member
*
Offline Offline

Posts: 1508523085

View Profile Personal Message (Offline)

Ignore
1508523085
Reply with quote  #2

1508523085
Report to moderator
shorena
Legendary
*
Offline Offline

Activity: 1386


ALL escrow is signed! https://keybase.io/verify


View Profile WWW
January 17, 2015, 08:20:09 PM
 #2

I have heard that the encryption used for electrum wallets is somewhat open to brute force attacks, which makes me think that even if I've encrypted the wallet, I should still try and keep it offline.

Thoughts?

Thats true for any encryption. Maybe you can explain in more detailed fashion what you heard.

PolarPoint
Hero Member
*****
Offline Offline

Activity: 672


View Profile
January 17, 2015, 09:33:00 PM
 #3

Encrypted wallets are always vulnerable to brute force attacks. It's money you are talking about. You shouldn't have a wallet file stored online.
shorena
Legendary
*
Offline Offline

Activity: 1386


ALL escrow is signed! https://keybase.io/verify


View Profile WWW
January 17, 2015, 10:07:35 PM
 #4

Encrypted wallets are always vulnerable to brute force attacks. It's money you are talking about. You shouldn't have a wallet file stored online.

Its probably fine as long as the encryption used is strong and the password good enough.

see: http://www.stealmywallet.com/

btchris
Hero Member
*****
Offline Offline

Activity: 672

a.k.a. gurnec on GitHub


View Profile WWW
January 18, 2015, 12:01:52 AM
 #5

I have heard that the encryption used for electrum wallets is somewhat open to brute force attacks, which makes me think that even if I've encrypted the wallet, I should still try and keep it offline.

Thoughts?

You do need to be more careful when it comes to storing Electrum wallets online compared to many other wallets.

As others have already noted, nearly all wallets are open to brute force attacks. However, given a strong-enough password, any wallet can be safely stored online. The big problem is in determining whether or not your password is strong enough to resist brute forcing attacks, and there's no easy way to be sure.

This javascript site is the best I know of (thanks to Newar) at estimating password strength: https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html. There's an accompanying article discussing its method's strengths and weaknesses here (spoiler: it might be very good, but it's definitely not perfect): https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/.

What's different about Electrum is that it doesn't use any key stretching, so if you don't use a very strong password, you're much more vulnerable to brute force attacks than some other wallets such as Bitcoin Core or Armory. Here's a quick overview of how many cryptographic operations must be done to check a single password for these two wallet formats:

Electrum: 2 SHA-256's (each a single block long) and 1 block of AES-256 decryption
Bitcoin Core: approximately 100,000 SHA-512's (each a single block long) and 2x blocks of AES-256 decryptions

TL;DR: use a strong-enough password, and you'll probably be safe from brute force attacks, but it's really hard to know what "strong-enough" means.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!