Can someone hack an encrypted wallet.dat?

Slark

legendary

Activity: 1862

Merit: 1004

Quote from: Shibashi Dogemoto on March 24, 2016, 09:16:02 AM

Quote from: BTCLovingDude on March 24, 2016, 08:58:43 AM

Quote from: Slark on March 24, 2016, 08:53:13 AM

Quote from: cryptoheadd on March 24, 2016, 07:40:13 AM

Hey,

I was just wondering, is it possible for someone to hack an encrypted wallet.dat

Thanks

As other said. The only factor here is method of encryption and strength of your password. There are method of encrypting your files with algorithms that are impossible to break at this moment.
I recently got attacked by CryptoWall virus, and this Trojan encrypted every file on my disk with SHA256 algorithm. This is impossible to brute force now. Maybe in the future.

i have read about that trojan, it sounds like some scary ransomeware!

do you know how you got infected by it , i want to know how to prevent.

I personally know two guys that got infected by opening email attachments... A rule of thumb would be to never open attachments from people you don't know, but evidence suggests not everybody has enough basic knowledge to stay away from such emails.

The infection was not on my PC but instead on my mom's notebook (where I keep handful of my own files and copy of some crucial projects).
And in my case it wasn't anything than came with an email. I think is was some fake update installer like flash, java or something like that.
interesting fact that laptop was protected by antivirus and ransomware wasn't detected - in the end I got rid of it by using Malwarebytes Anti-Malware.

cryptoheadd

hero member

Activity: 1036

Merit: 501

Thank you all for your help.
I've installed sandboxie and will be using that for all the new coins.

calkob

hero member

Activity: 1106

Merit: 521

Quote from: crazyivan on March 24, 2016, 12:22:14 PM

Good paid antivirus, antikeylogger and antimalware software should protect you.

In addition to at least 15 letters passwords, combination letters and symbols.

There has been loads of studies done to show that paid vs free antivirus makes no differance at all, apart from the frills around the edges on the paid versions which are designed for aunt sally who uses a computer and was convinced by the 20 year old sales rep selling her the computer that she had to have it or her whole computer would blow up the minute it was turned on.....lol Grin

cha ching $$$$$$$

LiteCoinGuy

legendary

Activity: 1148

Merit: 1014

In Satoshi I Trust

i used 35 random letters - maybe iam too paranoid Tongue

?

or buy a hardware wallet which even functions on an infected pc.

@cryptoheadd

what do you mean by that?!

cryptoheadd

hero member

Activity: 1036

Merit: 501

Do Wallet-qt files have keyloggers in general?

adamstgBit

legendary

Activity: 1904

Merit: 1037

Trusted Bitcoiner

short of having a keylogger on your system

this website will give you a good clue as to how strong your password is.

https://howsecureismypassword.net/

use a sentence as your password

"thereoncewasnoblocklimit"

would take "7 QUADRILLION YEARS" to brute force Cheesy

crazyivan

legendary

Activity: 1652

Merit: 1007

DMD Diamond Making Money 4+ years! Join us!

Good paid antivirus, antikeylogger and antimalware software should protect you.

In addition to at least 15 letters passwords, combination letters and symbols.

Amph

legendary

Activity: 3248

Merit: 1070

remember that if you're device is infected, by the time you type your password on that device, it does not matter how strong the password was, it's like giving it to the hacker

calkob

hero member

Activity: 1106

Merit: 521

Quote from: twister on March 24, 2016, 07:57:44 AM

Anything is possible,

Its only poosible if you have eternity to brute force it. Bitcoin priv keys are practically impossible to brute force and so is a truly random password.

Shibashi Dogemoto

hero member

Activity: 840

Merit: 1000

Quote from: BTCLovingDude on March 24, 2016, 08:58:43 AM

Quote from: Slark on March 24, 2016, 08:53:13 AM

Quote from: cryptoheadd on March 24, 2016, 07:40:13 AM

Hey,

I was just wondering, is it possible for someone to hack an encrypted wallet.dat

Thanks

As other said. The only factor here is method of encryption and strength of your password. There are method of encrypting your files with algorithms that are impossible to break at this moment.
I recently got attacked by CryptoWall virus, and this Trojan encrypted every file on my disk with SHA256 algorithm. This is impossible to brute force now. Maybe in the future.

i have read about that trojan, it sounds like some scary ransomeware!

do you know how you got infected by it , i want to know how to prevent.

I personally know two guys that got infected by opening email attachments... A rule of thumb would be to never open attachments from people you don't know, but evidence suggests not everybody has enough basic knowledge to stay away from such emails.

Raja_MBZ

legendary

Activity: 1862

Merit: 1505

Just use a good strength password and you'll be all fine... If it was this easy to hack wallet.dat, Bitcoin value would have struggled within 1 cent.

BTCLovingDude

legendary

Activity: 1134

Merit: 1010

BTC to the moon is inevitable...

Quote from: Slark on March 24, 2016, 08:53:13 AM

Quote from: cryptoheadd on March 24, 2016, 07:40:13 AM

Hey,

I was just wondering, is it possible for someone to hack an encrypted wallet.dat

Thanks

As other said. The only factor here is method of encryption and strength of your password. There are method of encrypting your files with algorithms that are impossible to break at this moment.
I recently got attacked by CryptoWall virus, and this Trojan encrypted every file on my disk with SHA256 algorithm. This is impossible to brute force now. Maybe in the future.

i have read about that trojan, it sounds like some scary ransomeware!

do you know how you got infected by it , i want to know how to prevent.

Slark

legendary

Activity: 1862

Merit: 1004

Quote from: cryptoheadd on March 24, 2016, 07:40:13 AM

Hey,

I was just wondering, is it possible for someone to hack an encrypted wallet.dat

Thanks

As other said. The only factor here is method of encryption and strength of your password. There are method of encrypting your files with algorithms that are impossible to break at this moment.
I recently got attacked by CryptoWall virus, and this Trojan encrypted every file on my disk with SHA256 algorithm. This is impossible to brute force now. Maybe in the future.

pereira4

legendary

Activity: 1610

Merit: 1183

Quote from: achow101 on March 24, 2016, 08:33:14 AM

Quote from: pereira4 on March 24, 2016, 07:47:09 AM

I guess the encryption for the wallet.dat is SHA256 like the hashing algo, in this case it would be freaking impossible to bruteforce even with a supercomputer. I think a 12 character password would be enough to make it impossible.

SHA256 is a hashing algorithm, not an encryption algorithm and cannot be used for encrypting stuff.

The Bitcoin Core wallet.dat file is encrypted using AES-256, which as of now, has no known vulnerabilities. The password itself is not used as the encryption key but is instead run through SHA256 and a couple other algorithms to stretch the key and produce something more secure.

As for brute forcing a wallet, it is possible and has been done before. Software does exist to attempt to brute force the password to a wallet.dat file but they are only effective if the password is short and simple. Brute forcing only works well if the password is weak or if the attacker knows part of your password. There is in fact a service to recover the password to your wallet if you happen to forget the password but remember parts of it or know what it could potentially be.

So to prevent brute forcing from being successful, use a strong password and to prevent people from stealing that password and your wallet.dat, make sure you have a good, up to date antivirus.

Yeah I confused terms. I think AES256 is what Julian Assange used to encrypt all of his data that cointained all the unreleased leaks just in case he got assassinated, so someone that he trusts would release the password to the world when they kill him, so it's that trusted. I wonder if we will ever get the password to see how it looked like.

Niemands

member

Activity: 71

Merit: 10

Quote from: Patatas on March 24, 2016, 08:10:52 AM

Quote from: Niemands on March 24, 2016, 08:06:56 AM

Another question: how to make it impossible for keyloggers to log the password?
Thanks!

Log the password ? Not sure what it means.Use a good Aniti Virus software or key logger remover.Take precautions while opening suspicious links and downloading random files from the internet.Store all your private keys and important files offline ,don't ever save the files on the computer you use for daily browsing. Especially the one with good number of coins.Use cold storage.

Yep, good advice, thanks! Yet, it's hard to do with the PoS coin wallets.
I mean these should be online for staking. So, even if these are encrypted, there might happen some malicious software with the wallet.dat stealer and a keylogger. That's why I'm asking how to make it impossible for keyloggers to log anything?
Perhaps there is some universal method, some anti-keylogger?

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

Quote from: pereira4 on March 24, 2016, 07:47:09 AM

I guess the encryption for the wallet.dat is SHA256 like the hashing algo, in this case it would be freaking impossible to bruteforce even with a supercomputer. I think a 12 character password would be enough to make it impossible.

SHA256 is a hashing algorithm, not an encryption algorithm and cannot be used for encrypting stuff.

The Bitcoin Core wallet.dat file is encrypted using AES-256, which as of now, has no known vulnerabilities. The password itself is not used as the encryption key but is instead run through SHA256 and a couple other algorithms to stretch the key and produce something more secure.

As for brute forcing a wallet, it is possible and has been done before. Software does exist to attempt to brute force the password to a wallet.dat file but they are only effective if the password is short and simple. Brute forcing only works well if the password is weak or if the attacker knows part of your password. There is in fact a service to recover the password to your wallet if you happen to forget the password but remember parts of it or know what it could potentially be.

So to prevent brute forcing from being successful, use a strong password and to prevent people from stealing that password and your wallet.dat, make sure you have a good, up to date antivirus.

watashi-kokoto

sr. member

Activity: 687

Merit: 269

Quote from: cryptoheadd on March 24, 2016, 07:40:13 AM

Hey,
I was just wondering, is it possible for someone to hack an encrypted wallet.dat
Thanks

Encrypted wallet.dat are pointless because of keyloggers. If you afraid of hacking your PC, then you should not hold wallet on the pc but on different device, like computer without internet.

If you are afraid of somebody come to your home and steal your wallet and pc, this is much worse.

Patatas

legendary

Activity: 1750

Merit: 1115

Providing AI/ChatGpt Services - PM!

Quote from: Niemands on March 24, 2016, 08:06:56 AM

Another question: how to make it impossible for keyloggers to log the password?
Thanks!

Log the password ? Not sure what it means.Use a good Aniti Virus software or key logger remover.Take precautions while opening suspicious links and downloading random files from the internet.Store all your private keys and important files offline ,don't ever save the files on the computer you use for daily browsing. Especially the one with good number of coins.Use cold storage.

Niemands

member

Activity: 71

Merit: 10

Another question: how to make it impossible for keyloggers to log the password?
Thanks!

Patatas

legendary

Activity: 1750

Merit: 1115

Providing AI/ChatGpt Services - PM!

I'd say ,use encrypted password again.Use any of the primitive ciphers like symmetric key or ceaser cipher to encrypt your key.Keep the private key in your mind,even though its a simple one,encrypt it using any of the methods ,only you will know how to decrypt it.Brute Forcing is almost impossible in this case.

Topic: Can someone hack an encrypted wallet.dat? (Read 2000 times)