Pages:
Author

Topic: Can someone hack an encrypted wallet.dat? (Read 2003 times)

legendary
Activity: 1862
Merit: 1004
March 25, 2016, 10:47:16 AM
#27
Hey,

I was just wondering, is it possible for someone to hack an encrypted wallet.dat

Thanks
As other said. The only factor here is method of encryption and strength of your password. There are method of encrypting your files with algorithms that are impossible to break at this moment.
I recently got attacked by CryptoWall virus, and this Trojan encrypted every file on my disk with SHA256 algorithm. This is impossible to brute force now. Maybe in the future.


i have read about that trojan, it sounds like some scary ransomeware!

do you know how you got infected by it , i want to know how to prevent.

I personally know two guys that got infected by opening email attachments... A rule of thumb would be to never open attachments from people you don't know, but evidence suggests not everybody has enough basic knowledge to stay away from such emails.
The infection was not on my PC but  instead on my mom's notebook (where I keep handful of my own files and copy of some crucial projects).
And in my case it wasn't anything than came with an email. I think is was some fake update installer like flash, java or something like that.
interesting fact that laptop was protected by antivirus and ransomware wasn't detected - in the end I got rid of it by using Malwarebytes Anti-Malware.
hero member
Activity: 1036
Merit: 501
Thank you all for your help.
I've installed sandboxie and will be using that for all the new coins.
hero member
Activity: 1106
Merit: 521
Good paid antivirus, antikeylogger and antimalware software should protect you.

In addition to at least 15 letters passwords, combination letters and symbols.

There has been loads of studies done to show that paid vs free antivirus makes no differance at all, apart from the frills around the edges on the paid versions which are designed for aunt sally who uses a computer and was convinced by the 20 year old sales rep selling her the computer that she had to have it or her whole computer would blow up the minute it was turned on.....lol  Grin  cha ching $$$$$$$
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
i used 35 random letters - maybe iam too paranoid  Tongue ?


or buy a hardware wallet which even functions on an infected pc.



@cryptoheadd

what do you mean by that?!
hero member
Activity: 1036
Merit: 501
Do Wallet-qt files have keyloggers in general?
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
short of having a keylogger on your system

this website will give you a good clue as to how strong your password is.

https://howsecureismypassword.net/

use a sentence as your password

"thereoncewasnoblocklimit"

would take "7 QUADRILLION YEARS" to brute force  Cheesy
legendary
Activity: 1652
Merit: 1007
DMD Diamond Making Money 4+ years! Join us!
Good paid antivirus, antikeylogger and antimalware software should protect you.

In addition to at least 15 letters passwords, combination letters and symbols.
legendary
Activity: 3248
Merit: 1070
remember that if you're device is infected, by the time you type your password on that device, it does not matter how strong the password was, it's like giving it to the hacker
hero member
Activity: 1106
Merit: 521
Anything is possible,
Its only poosible if you have eternity to brute force it.  Bitcoin priv keys are practically impossible to brute force and so is a truly random password.
hero member
Activity: 840
Merit: 1000
Hey,

I was just wondering, is it possible for someone to hack an encrypted wallet.dat

Thanks
As other said. The only factor here is method of encryption and strength of your password. There are method of encrypting your files with algorithms that are impossible to break at this moment.
I recently got attacked by CryptoWall virus, and this Trojan encrypted every file on my disk with SHA256 algorithm. This is impossible to brute force now. Maybe in the future.


i have read about that trojan, it sounds like some scary ransomeware!

do you know how you got infected by it , i want to know how to prevent.

I personally know two guys that got infected by opening email attachments... A rule of thumb would be to never open attachments from people you don't know, but evidence suggests not everybody has enough basic knowledge to stay away from such emails.
legendary
Activity: 1134
Merit: 1010
BTC to the moon is inevitable...
Hey,

I was just wondering, is it possible for someone to hack an encrypted wallet.dat

Thanks
As other said. The only factor here is method of encryption and strength of your password. There are method of encrypting your files with algorithms that are impossible to break at this moment.
I recently got attacked by CryptoWall virus, and this Trojan encrypted every file on my disk with SHA256 algorithm. This is impossible to brute force now. Maybe in the future.


i have read about that trojan, it sounds like some scary ransomeware!

do you know how you got infected by it , i want to know how to prevent.
legendary
Activity: 1862
Merit: 1004
Hey,

I was just wondering, is it possible for someone to hack an encrypted wallet.dat

Thanks
As other said. The only factor here is method of encryption and strength of your password. There are method of encrypting your files with algorithms that are impossible to break at this moment.
I recently got attacked by CryptoWall virus, and this Trojan encrypted every file on my disk with SHA256 algorithm. This is impossible to brute force now. Maybe in the future.
legendary
Activity: 1610
Merit: 1183
I guess the encryption for the wallet.dat is SHA256 like the hashing algo, in this case it would be freaking impossible to bruteforce even with a supercomputer. I think a 12 character password would be enough to make it impossible.
SHA256 is a hashing algorithm, not an encryption algorithm and cannot be used for encrypting stuff.

The Bitcoin Core wallet.dat file is encrypted using AES-256, which as of now, has no known vulnerabilities. The password itself is not used as the encryption key but is instead run through SHA256 and a couple other algorithms to stretch the key and produce something more secure.

As for brute forcing a wallet, it is possible and has been done before. Software does exist to attempt to brute force the password to a wallet.dat file but they are only effective if the password is short and simple. Brute forcing only works well if the password is weak or if the attacker knows part of your password. There is in fact a service to recover the password to your wallet if you happen to forget the password but remember parts of it or know what it could potentially be.

So to prevent brute forcing from being successful, use a strong password and to prevent people from stealing that password and your wallet.dat, make sure you have a good, up to date antivirus.
Yeah I confused terms. I think AES256 is what Julian Assange used to encrypt all of his data that cointained all the unreleased leaks just in case he got assassinated, so someone that he trusts would release the password to the world when they kill him, so it's that trusted. I wonder if we will ever get the password to see how it looked like.
member
Activity: 71
Merit: 10
Another question: how to make it impossible for keyloggers to log the password?
Thanks!
Log the password ? Not sure what it means.Use a good Aniti Virus software or key logger remover.Take precautions while opening suspicious links and downloading random files from the internet.Store all your private keys and important files offline ,don't ever save the files on the computer you use for daily browsing. Especially the one with good number of coins.Use cold storage.

Yep, good advice, thanks! Yet, it's hard to do with the PoS coin wallets.
I mean these should be online for staking. So, even if these are encrypted, there might happen some malicious software with the wallet.dat stealer and a keylogger. That's why I'm asking how to make it impossible for keyloggers to log anything?
Perhaps there is some universal method, some anti-keylogger?
staff
Activity: 3458
Merit: 6793
Just writing some code
I guess the encryption for the wallet.dat is SHA256 like the hashing algo, in this case it would be freaking impossible to bruteforce even with a supercomputer. I think a 12 character password would be enough to make it impossible.
SHA256 is a hashing algorithm, not an encryption algorithm and cannot be used for encrypting stuff.

The Bitcoin Core wallet.dat file is encrypted using AES-256, which as of now, has no known vulnerabilities. The password itself is not used as the encryption key but is instead run through SHA256 and a couple other algorithms to stretch the key and produce something more secure.

As for brute forcing a wallet, it is possible and has been done before. Software does exist to attempt to brute force the password to a wallet.dat file but they are only effective if the password is short and simple. Brute forcing only works well if the password is weak or if the attacker knows part of your password. There is in fact a service to recover the password to your wallet if you happen to forget the password but remember parts of it or know what it could potentially be.

So to prevent brute forcing from being successful, use a strong password and to prevent people from stealing that password and your wallet.dat, make sure you have a good, up to date antivirus.
sr. member
Activity: 689
Merit: 269
Hey,
I was just wondering, is it possible for someone to hack an encrypted wallet.dat
Thanks

Encrypted wallet.dat are pointless because of keyloggers. If you afraid of hacking your PC, then you should not hold wallet on the pc but on different device, like computer without internet.

If you are afraid of somebody come to your home and steal your wallet and pc, this is much worse.
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
Another question: how to make it impossible for keyloggers to log the password?
Thanks!
Log the password ? Not sure what it means.Use a good Aniti Virus software or key logger remover.Take precautions while opening suspicious links and downloading random files from the internet.Store all your private keys and important files offline ,don't ever save the files on the computer you use for daily browsing. Especially the one with good number of coins.Use cold storage.
member
Activity: 71
Merit: 10
Another question: how to make it impossible for keyloggers to log the password?
Thanks!
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
I'd say ,use encrypted password again.Use any of the primitive ciphers like symmetric key or ceaser cipher to encrypt your key.Keep the private key in your mind,even though its a simple one,encrypt it using any of the methods ,only you will know how to decrypt it.Brute Forcing is almost impossible in this case.
sr. member
Activity: 266
Merit: 250
Always use up to date anti virus like kaspersky they are always updated in latest virus..
I experience before that someone hacking my account via cookies monitoring tool.. i use kaspersky and detected 200+ virus trojan worms and any virus..
So i suggest to use kaspersky to prevent hackers to crawl your wallet.dat.. also make sure that you change your phasphrase every day so that you far in
automated password generator..
I hope it helps...
Pages:
Jump to: