Topic: Can the encrypted wallet be recovered using the unencrypted? - page 2. (Read 7332 times)

What's the update on the OP? You can try piriform's recuva. That works on deleted files that have not been wiped.

The current bitcoin client (satoshi) is not making any specific warnings when encrypting the wallet about making a backup.

I did an experiment and made a backup of my wallet file, encrypted it, and made a backup of the encrypted wallet file. I then used pywallet to extract the keys and made a comparison.

It seems that my unencrypted wallet has 108 keys. The encrypted wallet has 208 keys. Getting the keys into a spreadsheet and doing a basic lookup, and / or dupe check, it seems the encrypted wallet now has 100 new additional keys, in addition to the existing keys that were in the unencrypted wallet.

This tells me, than the unencrypted wallet has all the old keys, the encrypted wallet has new keys, but it's possible that the change bitcoins were sent to one of the new keys instead of the old keys.

When you lost the new encrypted wallet, you essentially lost the change bitcoins that were sent to one of the new keys.

In my experiment, all the new keys are of the compressed type (private keys beginning with L or K instead of 5.)

+1

There are several threads where raw data inspection has been discussed to find out whether wallet data is on the deleted drive. E.g. a recommended a procedure is a deep scan, here:
https://bitcointalksearch.org/topic/m.1016998

If you are not familiar with these techniques, find someone trustworthy who is.

+1.  It caught me by surprise.



Ouch.  That's enough to warrant some serious exploration of your USB stick.  Definitely make a dd block dump of it before you do anything.  Even if the undelete utilities can't find anything, we may be able to scrounge something.  There's a good utility here for recovering unencrypted keys by looking for their raw signature:  https://bitcointalksearch.org/topic/bitcoin-private-keywalletdat-data-recovery-tool-25091 .  If they were encrypted you can probably place a bounty for someone to extend the program to recognize encrypted keys.

Approaching this from a different angle (assuming the thief hasn't found and spent the coins already - hopefully your password was strong enough, but check on blockchain.info whether the coins have moved):

try everything you can to recover the stolen laptop. This may be possible with some luck and if the thief isn't too smart.

You mentioned you are a dropbox user. Try the following: log on to the dropbox website and check your access logs - perhaps you'll discover the thief's ip address. Some people have been known to track and recover their stolen laptop thanks to dropbox logs. 

Or perhaps you have some other software running on that laptop allowing you to remotely access it? Teamviewer, remote desktop, ftp, telnet perhaps? 

Ouch, sorry.  When you said, "There are enough bitcoins on this wallet to put a huge amount of work into recovering them" I misread and thought there weren't very many coins.

So, have you learned anything about the possible backup on the thumb drive?  For this much money, I think it worth it to hire someone trustworthy with experience in this.  I think Casascius has recovered (unencrypted?) wallets and seems willing to do it for a smallish payment.

Good luck.

The developers and in fact the entire community have failed you and lots of other people. This and the investment scams are the two biggest problems facing Bitcoin right now.

My guess is "nowhere near the top of the list" unfortunately.

This is absolutely not generally understood, and the main dev team should not assume this.  Multiple people with thousands of posts have told me that the wallet can always be recovered as long as you don't use more than 100 addresses on it after the backup.  The 100 address generation is the part that is generally understood.  The client should accommodate this view.  If I have the password, I should not be able to destroy the coins before 100 addresses if it is common knowledge that you cannot.  The new 100 keys should be able to be generated from the unencrypted ones if you have the password.





A large part of the reason I think I did not back up as well as I should have is that I didn't want someone with access to the wallet file I was storing on the internet to be able to see the balance and transactions.  I always reencrypted the wallet file, making it more of a hassle to do a backup.  This may be a stupid line of thinking, but it may be helpful for devs to know this in making the client more user-friendly and secure.

I have spent several hours a day for the last two years reading the forums, and still made this error.  I knew it was risky to put them on my computer, but I thought with my knowledge of bitcoin it was less risky than keeping them online.  Obviously I was wrong.

That said, I had to make at least 4 catastrophic errors that are not at all logical to allow this to happen.  If I only made any 3 of these errors I would still have the coins:

Used a wallet with a huge balance as a main wallet to conduct tiny transactions on bitcoin-otc
Only backed up the wallet on dropbox.  Need to email, dropbox, and flash drive the backup
Left laptop in insecure location
Didn't do a wallet backup when I made an account on OTC a few days after encrypting the wallet.  There was a warning to do so.

I lost over 1300 btc.  Where does that put me on the loser's list of losses due to carelessness?

I think at this point in time everybody's best bet is an electrum deterministic wallet, like Joel hinted at.

I'm a computer security person, and I don't trust myself to keep a significant amount of money in Bitcoins. It's just too difficult to balance making sure you can always access the coins no matter what might go wrong with making sure others can never access them no matter what might go wrong.

+1

While the Satoshi client doesn't use deterministic wallets, an alternative for its users would be to have the wallet.dat be a symbolic link towards a safe backup account, like Wuala for example.
This way your backup is updated on real-time.


You use strong words, but yeah, you have to understand in details how things work to be safe. We cannot expect that of most people. I still don't recommend my parents for example, to store wealth in bitcoins. And they're not totally computer-illiterate, they know how to send e-mails, to chat, to use facebook and watch youtube. My father even has a blog. But I don't think they would be able to protect their keys. It's a pity.

Typically, this is what a user would want. The reason you opt to encrypt the wallet is to prevent someone from being able to get your coins without knowing the key to decrypt the wallet. It is generally understood that your coins are only assuredly protected if you backup your wallet after your last transaction.

However, I 100% firmly believe that non-deterministic wallets should be abandoned entirely as a failed experiment. Perhaps they should be left as an option with clear warnings about their problems.

People keep losing their money and it's getting ridiculous. One of the biggest problems with Bitcoin is it's damn near impossible to use it safely.

Well this is what happens when people mindlessly encrypt their wallets. Obviously better safe than sorry, but again, this is what happens when people mindlessly encrypt their wallets.

If you didnt overwrite that space, there is a very good chance of being able to recover it. Use testdisk:
http://www.cgsecurity.org/wiki/TestDisk

I would also advice you to make a copy of the drive first. Not a regular copy of course, but using dd under linux so you copy "every bit" of the drive.
Boot linux and run

dd if=/dev/yourusbdrive of=backup.dat

That way if you mess up the undelete, nothing is lost and you can try again.

I can vouch for tokiwa datarecovery, it's free and fantastic. Saved my ass many times.

http://tokiwa.qee.jp/EN/dr.html

Some topics that might help (recovering using hex editor from raw disk image):
https://bitcointalksearch.org/topic/need-help-extracting-walletday-keys-with-a-hex-editor-14698
https://bitcointalksearch.org/topic/recovering-address-and-key-from-corrupted-wallet-7116
https://bitcointalksearch.org/topic/help-with-walletdat-8274
https://bitcointalksearch.org/topic/bitcoin-private-keywalletdat-data-recovery-tool-25091

I say might because none of them seem to indicate if this works for encrypted wallets.  Good luck!

That's great - be sure not to copy any new files to it before using file recovery software.

You could try this software: http://www.nchsoftware.com/data-recovery/index.html?gclid=CM3ktL3Ww7ICFS5U4godHhkA4w

(I haven't used it myself though so can't personally recommend it)

It is remotely possible there is a deleted version of the encrypted backup on a thumb drive, if someone can recommend a program to unerase....

This type of recovery is possible with deterministic wallets but AFAIA the Satoshi client doesn't support this.

Sorry to give you such bad news (and would be happily corrected if I've got anything wrong).

One thing that probably should be added to the Satoshi client is a message to tell you to backup your wallet as soon as you have encrypted it.

Something needs to be changed if I really can't get these coins back.  It is reasonable for me to think that if I have an unencrypted file, back it up, and then encrypt one of them, that I can derive the encrypted version from the unencrypted one if I know the password.  There should be a warning in there somewhere.  I am sick over losing this many coins.