Topic: Default encryption for wallet.dat (Read 4981 times)

I have had a slight change of heart on this topic:

A miner does not need a decrypted wallet.dat because it is possible to make a wallet-less miner

I think this could be a problem if something goes wrong with the CPU or motherboard the wallet might not be able to be unencrypted.

-Dukejer

Well, I was thinking of mechanism that uses the so-called "Trusted Computing Module" in your motherboard, or uses a secure key generated by your CPU's unique private key.

How do you keep this unique code from the hackers?  If they can access your wallet.dat, they can get at this code too.

The problem of lost passwords for default-encrypted wallet.dat files is already solved by existing online password storage services...

For example: http://www.passpack.com/en/home/

One can easily image an entrepreneur on this forum offering such a service tailored for, and marketed to, bitcoin clients.

Maybe each bitcoin client could have a unique code built in to decrypt with by default so that the wallet.dat stays encrypted on the hard drive but users wouldn't need to remember their password if they use their same client.

Whenever new private keys are generated they should mandatory have the option to send the keys to a removable device unencrypted clear text for safe keeping.  Then the private keys in the wallet should be encrypted in the wallet and in memory and only unencrypted at the time Bitcoins are sent.   If someone forgets their password they should be able to re-import the private key from a removable device and then set a new password on the private keys for the wallet.

-Dukejer.

I would build in default encryption using a strong algorithm such as AES, with options to switch to other types of encryption if the user desires.  Having an unencrypted wallet is like having a car with no locks. :/ Thieves are still responsible when they steal, but you sure posted a welcome sign on the door!  Until this flaw in the Bitcoin software is fixed, I've put my wallet (still empty, but not for much longer) on a purpose-build Jetico Bestcrypt volume, along with the Bitcoin program, and protected it with a unique passphrase of unusual length.  That's a nuisance, but a whole lot safer than otherwise.  Please note that even an encrypted volume doesn't protect you against a password-stealing trojan or other types of malware; that's why I favor having the Bitcoin software do encryption on the fly.  It can protect your wallet better than just using a third-party encryption program.  However, third-party is better than nothing.

For those who prefer to support open source, Truecrypt works as well for this purpose.  I've been using Bestcrypt since the late 1990s, when Truecrypt wasn't even a gleam in anybody's eye, and trust it, so I've stuck with it.

You know what, I guess Gavin will chose the last one. He didn't think the encrypt would be his first priority, which was mentioned in one of his blog after the heist of 25k bitcoin.

Just tossing in an idea.

What if the user instead of using a password used a private key that was saved separately from the wallet.dat? This private key would be needed to decrypt the wallet when the user wanted to use an adress in the wallet. That way, if the attacker got a encrypted wallet.dat, he would be unable to decrypt it without the proper private key.

Preferably the client would show the user a screen for proper handling of private keys and wallet once the client starts up, or preferabbly the first few times, and then later with random intervals. Perhaps a bit annoying, but many people will put convenience over security and not care about securing their wallet, so perhaps reminding them more often would help? There could also be an option screen where this could be turned off perhaps.

The private key could then be stored on for example an usb disk or a mobile phone, and just be inserted every time you needed to do a transaction.

I do not propose to have the final solution to these issues, as I know people are lazy, forgets easily and a lot of users will forget to back up their private key, or misplace it. I am sure we will see a lot of services and ways to keep the wallet.dat safe pop up in the coming months.

But as it is now, and as many people have said, getting access to anyone's coins now is just a matter of getting their wallet.dat just like a physical wallet, but unlike a physical wallet, a bitcoin wallet can exist in many copies. In the event an encrypted wallet that's encrypted with either a password or a private key is stolen, the wallet owner should have enough time to transfer the bitcoins to a new wallet if he notices this has happened, and even if he notices it has happened and he does nothing about it, it is highly unlikely that the attacker will be able to decrypt the wallet he got if it is secured with a very strong password or a very strong private key.

So, in my view, encryption of the wallet.dat will prevent some bitcoins from being stolen, but perhaps even more bitcoins will be lost from people forgetting about their passwords or private keys? But I am sure there will spring up companies that take security very seriously and that will hold your private keys for you. I can think of a company which sole purpose is to hold private keys for users, but not handling their wallets. Then it would be nearly impossible for such a company to compromise the wallets of any of its clients, because they do not know which private key belongs to which wallet, so storing keys and wallets separately could be a good idea.

Well, that's some rant from me, and I am not a crypto-expert and I am not an expert on user behavior, but is very obvious that no matter the solution we chose to adapt, there will always be cons and pros.

The developers are already working on this, of course, and it is a priority for the next release.

You can follow their progress here:

https://github.com/bitcoin/bitcoin/pull/232

Encryption as an option in the client is what I would recommend. If you want to encrypt then you can. If not, then you don't have to.

Lets face it, security is a major problem for bitcoin. If bitcoin is to go mainstream then the average joe needs to know that their wallet is secure. Encryption is one way of solving that (even if its a mirage).

The primary value of money is derived from faith in the currency. Faith that it will hold its value and faith that the merchant up the street will accept it.

Well better than wallet stole by trojans...

This will trash tons of bitcoins because of users forgetting their passwords.

Encryption will lead to data-loss when users forget their paswords passphrase after 3-300 months.

The other extreme would be the users using "12345678" as their password: giving them little protection.

That said, leaving the wallet.dat unencrypted complicates securely backing up the wallet.dat. If the Drive is not using full-disk encryption, it is too easy to leave clear-text versions scattered around the disk as well.

Edit: a (solo) miner needs to use an unencrypted wallet.dat (or more accurately, as least 1 unencrypted private key) to generate the 50 coins they pay themselves when generating a block. Just as important as encryption options may be wallet-splitting options.

A developer stated this actually would be their priority for the next version

It's open source. Maybe you could implement it and submit a pull request?

Is here a developer of the default client?  Could that be implemented in the next release?

I don't want it to be encrypted actually, but I want that feature to be there for others.

I already remember passwords for friends and family what's one more.