Bitcoin Forum
March 28, 2024, 07:42:54 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Wallet encryption "only" protects against spending?  (Read 1376 times)
capsqrl (OP)
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250



View Profile
July 16, 2012, 08:08:28 PM
 #1

I just encrypted my wallet (reference client), and I would have expected it to ask me for the password as soon as it loaded the wallet on startup, but it didn't. Instead, it only asks when I try to send btc. This seems to mean that if someone gets ahold of my wallet, they will be able to "read" it and see what it's worth. Then if it holds enough value, they can start brute forcing (however futile that may be, but whatever).

Am I misunderstanding something here? Do I have to put it into a truecrypt/encfs container to get the kind of protection I expected?

Norsk Bitcoin-bruker? Kom til /r/BitcoinNO på reddit!
1711654974
Hero Member
*
Offline Offline

Posts: 1711654974

View Profile Personal Message (Offline)

Ignore
1711654974
Reply with quote  #2

1711654974
Report to moderator
1711654974
Hero Member
*
Offline Offline

Posts: 1711654974

View Profile Personal Message (Offline)

Ignore
1711654974
Reply with quote  #2

1711654974
Report to moderator
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711654974
Hero Member
*
Offline Offline

Posts: 1711654974

View Profile Personal Message (Offline)

Ignore
1711654974
Reply with quote  #2

1711654974
Report to moderator
1711654974
Hero Member
*
Offline Offline

Posts: 1711654974

View Profile Personal Message (Offline)

Ignore
1711654974
Reply with quote  #2

1711654974
Report to moderator
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652
Merit: 2164


Chief Scientist


View Profile WWW
July 16, 2012, 08:19:11 PM
 #2

Do I have to put it into a truecrypt/encfs container to get the kind of protection I expected?
Yes.

How often do you get the chance to work on a potentially world-changing project?
Foxpup
Legendary
*
Offline Offline

Activity: 4312
Merit: 3037


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
July 16, 2012, 08:28:02 PM
 #3

Note that Bitcoin addresses and transactions are inherently public, and the only thing that's private (and the only thing which needs protecting with encryption) are the private keys used to sign transactions. Anyone who knows your addresses can see how many bitcoins you have, where they came from, and where they're going. Privacy is only achieved by the difficulty of associating Bitcoin addresses with real-life identities. You can encrypt your entire wallet using Truecrypt or EncFS if you really want to, but be aware that this might not provide as much protection as you think.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
capsqrl (OP)
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250



View Profile
July 16, 2012, 08:54:29 PM
 #4

Note that Bitcoin addresses and transactions are inherently public, and the only thing that's private (and the only thing which needs protecting with encryption) are the private keys used to sign transactions. Anyone who knows your addresses can see how many bitcoins you have, where they came from, and where they're going. Privacy is only achieved by the difficulty of associating Bitcoin addresses with real-life identities. You can encrypt your entire wallet using Truecrypt or EncFS if you really want to, but be aware that this might not provide as much protection as you think.

Just because some punk found a wallet.dat on my machine doesn't mean he needs to know what my private keys are, and thus how much the wallet is worth. He won't be able to touch them, but he was able to breach my privacy by snooping on my personal finance. If I had considerable funds, that may motivate him to install a keylogger on my machine or something.

I was planning on using just the standard wallet encryption before backing up my wallet.dat to "the cloud", but having learned this, I'll wrap it in an additional layer. Thanks for the clarification, guys (and your great work, Gavin).

Norsk Bitcoin-bruker? Kom til /r/BitcoinNO på reddit!
BlackBison
Sr. Member
****
Offline Offline

Activity: 250
Merit: 250



View Profile
July 16, 2012, 09:05:45 PM
 #5

You can encrypt your entire wallet using Truecrypt or EncFS if you really want to, but be aware that this might not provide as much protection as you think.

What is this supposed to mean? I thought truecrypt was impossible to break if you have a long enough pass?

Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
July 16, 2012, 09:08:01 PM
 #6

You can encrypt your entire wallet using Truecrypt or EncFS if you really want to, but be aware that this might not provide as much protection as you think.

What is this supposed to mean? I thought truecrypt was impossible to break if you have a long enough pass?

If your system is compromised (e.g., malware that does keylogging), it is compromised -- truecrypt or not.

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


BlackBison
Sr. Member
****
Offline Offline

Activity: 250
Merit: 250



View Profile
July 16, 2012, 09:10:25 PM
 #7

oh ok cool. all my containers are created on an offline laptop with FDE. just checking, you guys had me in a panic for a second- ive had a breach before and im now super paranoid  Undecided

Foxpup
Legendary
*
Offline Offline

Activity: 4312
Merit: 3037


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
July 17, 2012, 07:46:12 AM
 #8

Note that Bitcoin addresses and transactions are inherently public, and the only thing that's private (and the only thing which needs protecting with encryption) are the private keys used to sign transactions. Anyone who knows your addresses can see how many bitcoins you have, where they came from, and where they're going. Privacy is only achieved by the difficulty of associating Bitcoin addresses with real-life identities. You can encrypt your entire wallet using Truecrypt or EncFS if you really want to, but be aware that this might not provide as much protection as you think.

Just because some punk found a wallet.dat on my machine doesn't mean he needs to know what my private keys are, and thus how much the wallet is worth. He won't be able to touch them, but he was able to breach my privacy by snooping on my personal finance. If I had considerable funds, that may motivate him to install a keylogger on my machine or something.
The standard wallet encryption encrypts your private keys, and only your private keys. Your private keys are not necessary to tell how many bitcoins you have, since all transactions are public. There is no financial privacy (in the traditional sense of the term) when using Bitcoin. This is the price you have to pay for a zero-trust payment system. Since there is no bank or other trusted third party to verify transactions and account balances while keeping them secret, everyone needs to be able to see everyone else's transactions to prevent people from fraudulantly spending money they don't have. To protect your privacy, you need to ensure that your identity cannot be linked to your bitcoin addresses.

It is most unlikely that you will specifically be targetted by hackers if you have a considerable amount of bitcoins. You more likely to be targetted just for having Bitcoin installed at all, in order to get whatever little money you have. However, the chances of this happening are very low. In fact, I don't think anyone has ever had bitcoins stolen as a result of a keylogger being used to get the passphrase to a stolen wallet.dat file using the standard wallet encryption (though it's not impossible, and additional encryption is useless againsts a keylogger).

I was planning on using just the standard wallet encryption before backing up my wallet.dat to "the cloud", but having learned this, I'll wrap it in an additional layer. Thanks for the clarification, guys (and your great work, Gavin).
A good idea, just remember that encrypting your wallet isn't the whole story if you're worried about your privacy rather than just having your money stolen.

You can encrypt your entire wallet using Truecrypt or EncFS if you really want to, but be aware that this might not provide as much protection as you think.

What is this supposed to mean? I thought truecrypt was impossible to break if you have a long enough pass?
Correct. However, the OP's question indicates that he is concerned about keeping has balance secret, which is something that encryption won't help with if his identity can be linked to his addresses some way other than his wallet file.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
July 17, 2012, 08:50:00 AM
 #9

ive had a breach before and im now super paranoid  Undecided
Just out of curiosity (and being rather paranoid myself as well Smiley) - what kind of breach?

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
July 17, 2012, 09:00:02 AM
 #10

I just encrypted my wallet (reference client), and I would have expected it to ask me for the password as soon as it loaded the wallet on startup, but it didn't. Instead, it only asks when I try to send btc.
Note that this is a good thing. Now you can manage your wallet (see how much there is on your balance, get the addresses to transfer money to it from other sources, etc) without exposing your private key whatsoever.

The private key is ONLY necessary to make actual payments from that address. So it's good that it doesn't decrypt that key, until you actually make a payment.


And, again, the following is really NO concern whatsoever:
Quote
Then if it holds enough value, they can start brute forcing (however futile that may be, but whatever).
Don't worry, people would rather ignore your wallet and instead brute force some of the richest addresses out there (such as this one).

As it has been discussed in earlier topics: brute forcing is really, truly, positively, absolutely, definitely, one hunderd percent completely futile (with there not being enough energy and time in the universe and all...)



In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
July 17, 2012, 09:04:45 AM
Last edit: July 17, 2012, 11:35:36 AM by DeathAndTaxes
 #11

Worry about real attack vectors not fake ones.

No thief goes around reading wallets and then brute forcing the big ones.  If you have a strong passwords and you system isn't compromised in some other way brute force is pointless.  I don't mean pointless like man this is going to be hard pointless I mean the attacker will die of old age even if using an entire botnet for the next 5 decades pointless.  If your system is compromised (malware, or weak password) then a theif is going to steal your wallet even if it only has a couple bitcoins.

If you lose funds it almost certainly due to:
a) weak password.  Even w/ key hardening a weak passwords can be defeated by brute force or dictionary attack.  (If your password isn't on any password dictionary and is more than 8 characters containing a mix of symbols you likely are safe).
b) keylogger on your system (if you give the attacker your password it doesn't really matter how you protect the wallet)
c) bitcoin specific malware (such as the one that changes copied addresses to the attacker's address).
d) not maintaining recent backup (coins lost not stolen).

truecrypt isn't going to protect you from any of those attack vectors.  So if you want spent time and energy "protecting" yourself from imaginary attack vectors well go ahead.  As an alternative you can learn about real attack vectors and spend your time and energy making yourself better protected against them.
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
July 17, 2012, 10:55:22 AM
 #12

truecrypt isn't going to protect you from any of those attack vectors.  So if you want spent time and energy "protecting" yourself from imaginary attack vectors well go ahead.  As an alternative you can learn about real attack vectors and spend your time and energy making yourself better protected against them.
Wise words.

TrueCrypt is a very good security measurement, in case your laptop gets lost or stolen or whatever. But there's really no point in adding extra heavy locks on your front door, when your kitchen window is wide open.

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
capsqrl (OP)
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250



View Profile
July 17, 2012, 11:49:08 AM
 #13

The standard wallet encryption encrypts your private keys, and only your private keys. Your private keys are not necessary to tell how many bitcoins you have, since all transactions are public.

Yes, I stupidly meant public keys, not private keys. It seems to me that if the public keys were also encrypted, then someone who copied my wallet would not be able to tell what it's worth, at least not from the wallet alone. Granted, all the transactions are public on the blockchain, but they're not grouped together and linked to me like my wallet is to someone who stole it from me (yes yes, unless I publish my addresses because I want payments, and recycle it for all payments, but I don't do that).

You're all probably right that the attack I imagined is not very realistic, and there are other attacks in my threat model that I should be much more worried about. I'll keep that in mind. And it's certainly very handy to be able to browse the wallet with no password. But I'll still encrypt the whole wallet.dat with an external tool before backing it up to shared storage.

Norsk Bitcoin-bruker? Kom til /r/BitcoinNO på reddit!
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
July 17, 2012, 12:26:29 PM
 #14

It also provides for a more useful platform for automation.  For example via RPC a merchant can get a unique payment address for a customer.  No password is necessary thus no password is at risk.  The website can run all day processing hundreds of orders and checking for funds and confirmations.  The password is only necessary to remove funds from the wallet.

This "warm wallet" approach presents a much smaller attack surface than either having a decrypted hot wallet or a wallet where the password is on the web server.
capsqrl (OP)
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250



View Profile
July 17, 2012, 12:57:56 PM
 #15

DeathAndTaxes, that makes the encryption design a whole lot more understandable. I understand now :-)

Norsk Bitcoin-bruker? Kom til /r/BitcoinNO på reddit!
stepkrav
Full Member
***
Offline Offline

Activity: 188
Merit: 100



View Profile
July 17, 2012, 04:30:20 PM
 #16

what's an RPC ?
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
July 18, 2012, 03:41:06 AM
 #17

what's an RPC ?

Remote Procedure Call

https://en.bitcoin.it/wiki/Original_Bitcoin_client/API_Calls_list
Dr. Glamorian
Newbie
*
Offline Offline

Activity: 14
Merit: 0



View Profile
July 18, 2012, 05:16:13 AM
 #18

I would use the default Linux encryption program; not Trucrypt.
capsqrl (OP)
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250



View Profile
July 18, 2012, 09:21:25 AM
 #19

I would use the default Linux encryption program; not Trucrypt.
Yes, I don't use Truecrypt myself, ended up using aescrypt for this. openssl is also an option as it supports aes password encryption of single files.

Norsk Bitcoin-bruker? Kom til /r/BitcoinNO på reddit!
dave3
Sr. Member
****
Offline Offline

Activity: 344
Merit: 250


View Profile
July 18, 2012, 10:00:06 AM
 #20

Is there a way to specify different directories for the wallet.dat and the block chain database, so you could store the wallet.dat on a truecrypt volume and the block chain unencrypted?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!