Can the encrypted wallet be recovered using the unencrypted?

FreeMoney

legendary

Activity: 1246

Merit: 1014

Strength in numbers

Quote from: kjj on September 30, 2012, 12:36:42 AM

Quote from: FactoredPrimes on September 30, 2012, 12:28:17 AM

Why does the standard client always send the change to a new address?? It would make more sense to send the change back to one of the sending addresses.

Sending to a new address leaks the least privacy. Also, there is no concept of a sending address in the bitcoin system.

Sending back to one of the input addresses could be an optional setting.

sunnankar

legendary

Activity: 1031

Merit: 1000

Quote from: sethsethseth on September 20, 2012, 03:05:26 AM

Something needs to be changed if I really can't get these coins back. It is reasonable for me to think that if I have an unencrypted file, back it up, and then encrypt one of them, that I can derive the encrypted version from the unencrypted one if I know the password. There should be a warning in there somewhere. I am sick over losing this many coins.

As far as creating a safe and secure backup of private keys, what about (1) using an offline computer to create a wallet address via bitaddress.org's html/javascript then (2) placing the keys into a TrueCrypt volume and (3) transferring the TrueCrypt volume, or offline generated transaction, via USB to an online computer and backing up to multiple places like Dropbox, AWS, Google Drive, etc.

Here is the code to create offline wallets and generate offline transactions.

Is there a flaw in this procedure that I am not seeing?

kjj

legendary

Activity: 1302

Merit: 1025

Quote from: FactoredPrimes on September 30, 2012, 12:28:17 AM

Why does the standard client always send the change to a new address?? It would make more sense to send the change back to one of the sending addresses.

Sending to a new address leaks the least privacy. Also, there is no concept of a sending address in the bitcoin system.

FactoredPrimes

newbie

Activity: 14

Merit: 0

Why does the standard client always send the change to a new address?? It would make more sense to send the change back to one of the sending addresses.

kjj

legendary

Activity: 1302

Merit: 1025

Quote from: Jutarul on September 29, 2012, 02:00:08 AM

Quote from: sethsethseth on September 29, 2012, 01:15:34 AM

Still a tiny chance of recovering the laptop. The encrypted wallet is not on the flash drives. In my mind at the time, I thought that encrypting the wallet was a repeatable process just like encrypting any other file, so I did not think to back it up again.

Yes the developers really screwed that one up. That's why bitcoin still deserves beta status.

https://github.com/bitcoin/bitcoin/issues/1884

Don't be too hard on the devs. Wallet encryption has been around for like a year, and we are just now noticing this problem, which suggests that it is not obvious except in hindsight.

sethsethseth

sr. member

Activity: 257

Merit: 250

Not trusting third parties with my private keys

yeah i checked that. the computer had a logon password, and they didnt steal the charger, and it was constantly crashing and I had to boot it like 8 times to get it to load windows properly, so the thief would probably just wipe it. Probably still recoverable if I get it back though.

flatfly

legendary

Activity: 1064

Merit: 1011

760930

Quote from: sethsethseth on September 29, 2012, 11:42:42 AM

I do not believe I backed the encrypted wallet up on the flash drive. If on some off chance I did, it is not showing up on the recovery tools. Perhaps I will mess with this hex thing once I determine if I cannot recover the laptop

Have you tried to check your Dropbox access logs as I mentioned?
If you can't find them, let me know and I'll help you out.

sethsethseth

sr. member

Activity: 257

Merit: 250

Not trusting third parties with my private keys

I do not believe I backed the encrypted wallet up on the flash drive. If on some off chance I did, it is not showing up on the recovery tools. Perhaps I will mess with this hex thing once I determine if I cannot recover the laptop

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

There are many laptop tracking software available. A commercial one is Lo Jack for computers. An open source one is Prey.

BUT, they have to be installed and activated prior to your laptop being stolen. (Works with desktops and smart phones too.)

Jutarul

donator

Activity: 994

Merit: 1000

Quote from: flatfly on September 29, 2012, 04:18:08 AM

Sorry, I should've emphasized today's update:

Quote from: sethsethseth on September 29, 2012, 01:15:34 AM

Still a tiny chance of recovering the laptop. The encrypted wallet is not on the flash drives.

Yes. That assumes the OP has done a deep scan. casascius implicitly asked the OP to confirm that.

flatfly

legendary

Activity: 1064

Merit: 1011

760930

Sorry, I should've emphasized today's update:

Quote from: sethsethseth on September 29, 2012, 01:15:34 AM

Still a tiny chance of recovering the laptop. The encrypted wallet is not on the flash drives.

Jutarul

donator

Activity: 994

Merit: 1000

Quote from: flatfly on September 29, 2012, 03:46:26 AM

Errr.. Guys, read the OP (and subsequent posts) again. Your advice is good but unfortunately not relevant at this stage. Before any of that can happen, the laptop must be recovered from the thief.

https://bitcointalksearch.org/topic/m.1206155

flatfly

legendary

Activity: 1064

Merit: 1011

760930

Errr.. Guys, read the OP (and subsequent posts) again. Your advice is good but unfortunately not relevant at this stage. Before any of that can happen, the laptop must be recovered from the thief.

Jutarul

donator

Activity: 994

Merit: 1000

Quote from: casascius on September 29, 2012, 02:22:23 AM

Quote from: Jutarul on September 29, 2012, 02:15:38 AM

Quote from: casascius on September 29, 2012, 02:07:39 AM

My understanding is that an encrypted wallet is simply an unencrypted database with encrypted records in it. I think the wallet file itself, the database overhead being unencrypted, could easily be found on a hard drive simply by scanning all disk sectors for unique string markers that are plenty easy to find with a tool like WinHex.

Exactly. https://bitcointalksearch.org/topic/m.1016998

I suppose the OP explored this option already. If not - I recommend reading the advice more carefully...

Ironically, I don't think the wallet file stores Bitcoin addresses in human-readable text form anywhere in the wallet.dat, even in an unencrypted wallet. I believe it only stores the actual underlying public key and hash, which are just random-looking binary data. So even if this wallet existed on the drive, if I'm right about this, the script wouldn't be able to find it.

You would, rather, be searching for strings that appear, such as "blockindex", "bestblock", "pool"... the most valuable record is "key", and surely there has got to be a few relatively static bytes that could be searched.

BTC addresses are stored in binary form. The referenced script works, since the tool grep searches for the supplied key in binary form. Try it out. Replace /dev/sdaX with your wallet file.

scintill

sr. member

Activity: 448

Merit: 252

Quote from: casascius on September 29, 2012, 02:22:23 AM

I believe it only stores the actual underlying public key and hash, which are just random-looking binary data.

Maybe if he knows an address, he could search for that in hex? (Going on the assumption there might be something to recover.)

I just pulled two addresses out of my wallet, one I received coins at and one I sent coins to; base58-decoded them into hex at brainwallet.org, and searched wallet.dat for them in a hex editor, found both in the clear in my encrypted wallet. (This is pretty disconcerting, depending on what you were hoping an encrypted wallet would do for you.)

So, if you do this on a whole disk and find stuff, there's a good chance they're wallet fragments. From there I guess you start looking for nearby markers like Casascius talked about.

casascius

vip

Activity: 1386

Merit: 1136

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: Jutarul on September 29, 2012, 02:15:38 AM

Quote from: casascius on September 29, 2012, 02:07:39 AM

My understanding is that an encrypted wallet is simply an unencrypted database with encrypted records in it. I think the wallet file itself, the database overhead being unencrypted, could easily be found on a hard drive simply by scanning all disk sectors for unique string markers that are plenty easy to find with a tool like WinHex.

Exactly. https://bitcointalksearch.org/topic/m.1016998

I suppose the OP explored this option already. If not - I recommend reading the advice more carefully...

Ironically, I don't think the wallet file stores Bitcoin addresses in human-readable text form anywhere in the wallet.dat, even in an unencrypted wallet. I believe it only stores the actual underlying public key and hash, which are just random-looking binary data. So even if this wallet existed on the drive, if I'm right about this, the script wouldn't be able to find it.

You would, rather, be searching for strings that appear, such as "blockindex", "bestblock", "pool"... the most valuable record is "key", and surely there has got to be a few relatively static bytes that could be searched.

Jutarul

donator

Activity: 994

Merit: 1000

Quote from: casascius on September 29, 2012, 02:07:39 AM

My understanding is that an encrypted wallet is simply an unencrypted database with encrypted records in it. I think the wallet file itself, the database overhead being unencrypted, could easily be found on a hard drive simply by scanning all disk sectors for unique string markers that are plenty easy to find with a tool like WinHex.

Exactly. https://bitcointalksearch.org/topic/m.1016998

I suppose the OP explored this option already. If not - I recommend reading the advice more carefully...

casascius

vip

Activity: 1386

Merit: 1136

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

To answer the question as to whether the deleted encrypted wallet material is still on the drive, I think it should be deterministically possible to confirm it or rule it out with a simple disk scan with a hex editor.

My understanding is that an encrypted wallet is simply an unencrypted database with encrypted records in it. I think the wallet file itself, the database overhead being unencrypted, could easily be found on a hard drive simply by scanning all disk sectors for unique string markers that are plenty easy to find with a tool like WinHex.

I don't have a computer with an encrypted wallet.dat handy, but I will bet I could find tons of strings in the file that would be highly likely to appear in every wallet.dat, and I am sure others can provide a suitable search string as well.

Jutarul

donator

Activity: 994

Merit: 1000

Quote from: sethsethseth on September 29, 2012, 01:15:34 AM

Still a tiny chance of recovering the laptop. The encrypted wallet is not on the flash drives. In my mind at the time, I thought that encrypting the wallet was a repeatable process just like encrypting any other file, so I did not think to back it up again.

Yes the developers really screwed that one up. That's why bitcoin still deserves beta status.

sethsethseth

sr. member

Activity: 257

Merit: 250

Not trusting third parties with my private keys

Still a tiny chance of recovering the laptop. The encrypted wallet is not on the flash drives. In my mind at the time, I thought that encrypting the wallet was a repeatable process just like encrypting any other file, so I did not think to back it up again.

Topic: Can the encrypted wallet be recovered using the unencrypted? (Read 7296 times)