Topic: Does wallet.dat ever expose private keys? (Read 1028 times)

what he meant by "will expire" might have related to how non-HD wallet behaves.
expired in the meaning the first backup for the first 100 receiving addresses would be irrelevant.
after the user has received his transaction on 120th receiving address and forgot to create new backup,
he could risk losing his access to the next 100 generated address (address #101-200) in non-HD wallet
or... I, too, misunderstood what Quickseller said below

Bitcoin doesn't work that way. Your backups NEVER expire, anyone telling you that is lying. When you change/encrypt your wallet, the keypool will refresh (or the seed will change) but your previous addresses will still be inside and anyone with it can access them. So, you might end up losing your coins. When you suspect that your wallet is compromised/you threw a HDD with an unencrypted backup, encrypt your wallet and send your funds to a newly generated address.

Yes, please be careful with wallet.dat and don't give it to anyone, people can extract private key from your wallet. dat in conditions he know your password of your wallet.dat.
If you make mistakes, just backup your wallet.dat again, your old backup wallet.dat will expire and can't to use again

The behaviors for HD and non-HD wallets are exactly the same regarding encryption and decryption of keys. Literally the only difference is how the keys are generated and that the seed is stored in the wallet. Everything else is the same.

Bitcoin Core uses hardened derivation which is not vulnerable to this attack.

There is one method, but that involves copying over the blockchain files from the hot wallet, to the cold wallet, so the cold Bitcoin Core wallet can see all the transactions. Been doing that for awhile, can get tedious.

Now that I think of it, perhaps the hot wallet can craft the transaction, but it can't sign it, you import the unsigned transaction to the cold wallet, the cold wallet signs it.

That should work too, you just turned your laptop into a hardware wallet.

The trezor or ledger or whatever hardware wallets are smaller and don't do anything else.

Everyone should be using Linux, and everyone should be using a separate computer to store offline private keys... one's private keys should never touch the internet. If they ever touched the internet, create a brand new wallet in an airgapped Linux computer, sign transactions there, then pass them into an online node, that is what im trying to learn, but Bitcoin Core GUI sucks for this compared to Armory, the problem is I don't trust Armory, so im stuck with learning the raw transaction crafting thing which can be dangerous if you enter the wrong numbers...

Achow could you please let other Core devs know how adding a better support to sign offline transactions in the GUI should be a priority? I don't want to rely on other software to do that. Armory had an exploit recently with their implementation of SSS for example...

Thats not true. The wallet is only encrypted if you set a password to protect it. Else its not encrypted at all (encryption with an empty string doesn't count..).



Thats not true either. 'Professional programmer' can't just break cryptographical functions/methods if implemented right.
The only way for a programmer to decrypt an encrypted file (or whatever) would be if he manipulated the source code and built in a backdoor (un-)intentionally.
Usually most software runs through security audits, fuzzing, etc.. to make sure the implementation is correct and no bugs are found.
You can trust maths and cryptography but should be cautios when trusting implementations.

Nope, unless you expose them the private keys of Bitcoin they can't do anything apart from watching your Bitcoin address on that wallet.Installed Bitcoin core and fully synchronized wallet and saved wallet.dat to a Usb key.

Wallet.dat does not need to be encrypted. It isn't unless you set a password to it. You cannot decrypt a wallet easily, the source code is out there and there isn't any backdoors etc.

Changing your OS to a more secure one won't eliminate the physical access to it nor a weak password.

Every wallet is encrypted specially the wallet.dat, so no attacker can brute force or decrypt your wallet.dat unless if the attacker already planted some malware to your computer then you are really DOOMED. Some professional programmer can decrypt it if they were working with these application before but i guess they shouldn't do it unless they were told. They should change their OS into LINUX or MAC so that the attacker won't have an easy way to get their wallet then.

Good points. I've seen several people question if HD wallet is adds vulnerability or not. Looks like the very early format had a keypool of 100, then of 1000, and then finally HD.

From what I've read, "dumpwallet" will indeed dump your HD seed on the console, so if a hacker gets that.. it's over. Your wallet is compromised forever.

The solution may be to just buy a laptop, airgap it (get rid of all potential communication devices), install linux on it, and then create a brand new wallet.dat there, and use it as cold storage. Then in another laptop, use another install of Bitcoin Core for watch only addresses. This is my plan and what im learning to do. Im going to practice with testnet coins, since if you don't know exactly what you are doing with rawtransactions, you may send an huge fee for example. So I want to be sure first, and do with testnet coins with 2 computers, once I have this figured out, I will transition to airgap setup. It is the best in my opinion. It's the only way to be sure that your private keys never see the internet, and you can still continue using Bitcoin Core software. I just wish devs added GUI support for this. I think Armory got this, but I want to keep using Core, I don't want to learn some brand new software, and I don't trust anything but Core software to be honest..

If a wallet is not encrypted, then the private keys are visible. If it is encrypted, the attacker would need the password or powerful means to break the encryption.

For most users, a HD wallet will be better. They will only need to backup the wallet once verses having to back it up at least every 100 (or 1000) transactions.

Yes, it would surely depend both on the user and attacker. The assumption here is that an attacker will sit and wait for a big transaction, even if that means ignoring 100 or 1000 transactions before it. With non-HD there's at least a limit to how much into the future the risk exists.

I do wonder if a default keypool of 1000 (in non-HD) is a good or bad thing for most users. Or if HD is a good thing.

True, but unless you are specifically targeted as someone receiving a large amount of bitcoin in the future, this probably will not make a difference. If bitcoin disappears from your wallet unexpectedly, you absolutely should not continue using that wallet. 

The point is that with an HD wallet seed, an attacker would also know all your future keys. With non-HD he will only have the keypool.
But the difference could be academic to most people, since the default keypool is now 1000 keys.

How is that unique to Windows?

I would disagree with this statement. An attacker who is able to access your RAM is almost certain to be able to determine all of your private keys in your wallet regardless of if you are using an HD wallet or not.

An HD wallet is much easier to backup and once you generate the seed (and back it up), you will have all the private keys you will ever need to spend funds from your wallet. With a 'traditional' wallet.dat wallet, you will need to backup your wallet at least once every 100 transactions, or else you will risk losing access to some of your funds, and the process of backing up your wallet is not without risks.

While the wallet.dat can't be cracked itself, there are some silly methods to get your wallet password if you are an unwary Windows user.
In Windows there are more security risk to look after, example:
->The hacker might already included a KeyLogger before stealing the wallet.dat.
->Some are producing "activators" which are available all over the net (these activate paid versions if windows). There are other Computer Technicians that blindly using these to "format" PC's they are servicing, making the whole operating system compromised.

But the wallet.dat doesn't expose your pvtkeys since these are encrypted with you password. Bruteforcing works but requires more computing power (supercomputer) the longer the password.

Also in the older wallet format it pre-generates keys ahead of their use. I think with default settings it was 100 keys, then changed to 1000 in a newer version. So even an old stolen wallet.dat would compromise a lot. Still, a good point about HD wallets.

So this sounds like the old wallet.dat format in bitcoin core is safer than the new HD wallet.dat? I think achow101 said that the new HD wallet.dat is safer or at least has no drawbacks compared to the old wallet.dat format and now im not sure anymore. I haven't still updated my old wallet.dat into HD format, because I didn't want to pay the fees to move my funds into a new wallet, but the new 0.16 version will conver the old wallet.dat format into the new HD format, and now im sure if I really want that or not...


In any case im moving a fully air gapped linux laptop as soon as possible to never expose my keys to the internet.