Author

Topic: How safe is the first address in the standard client? (Read 1877 times)

legendary
Activity: 1036
Merit: 1002
I hope you know the encryption is a security feature against physical theft of the hard drive. NOT against someone who has code execution abilities aside your Bitcoin client.

A person who did the latter will simply load a program that waits until you enter the pass-phrase, then decrypt all keys and send them to the attacker. A simple keylogger does the job. Or modify Bitcoin to replace the next generated transaction with a different one. If an attacker already got this far, it is usually just a matter of time until he finds some way to achieve his goal, and if you use the common operating systems and their "monitoring" features, little chance of noticing him before he's done.

I find the encryption feature rather useless; just enable OS encryption against physical theft. And hope that keys were properly kept away from the swap file, unless that's encrypted too. In Armory, I see the point, because it's designed to run on insecure machines. But in Bitcoin-Qt, it looks like a PR feature. "You can feel safe now, it's encrypted!!"
staff
Activity: 4284
Merit: 8808
Since we do not know what address the coins might go to in the wallet might they go to the very first address, the one that was once unencrypted? 
No.

Change goes to new addresses. Funds should only go to that first displayed one if you copy that address out of the client and send ones there.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
May I make the following suggestion in addition to what was already said.

1. Backup old wallet.
2. Delete old wallet.
3. Run bitcoin and let it create a new wallet, then immediately encrypt it.
4. Backup new encrypted wallet. Take note of an address.
5. Delete new wallet, copy old wallet back.
6. Send all bitcoins to the new encrypted wallet.

Step 6 can be slightly modified so that you can actually send all bitcoins to different addresses in the new encrypted wallet. (You can use pywallet to back a paper backup of the new wallet public keys, and send varying amounts of your bitcoins to many addresses.)

Optionally Step 7 is to make a watching only wallet of the old unencrypted wallet (you can encrypt it too, since you will not be using the old wallet). Just in case someone sends you some coins to any of the old wallet addresses.

Oh yeah, shut down bitcoin when you are backing up or deleting wallets in between steps.

Of course, you could use two instances of bitcoin (or two different machines, virtual or real) to do the above steps.
legendary
Activity: 980
Merit: 1008
Huh? I don't know what hamdi is talking about.

Encrypting the wallet encrypts all keys in it at the time, not just new ones. If it worked the way you described it would be very confusing indeed!

Well in the past I made back up of wallets that I did not encrypt.

If they were found could they take my BTC?



Yes, they can take up to the first 100 addresses because they were pregenned.

I'm considering starting over myself.

So, I need to encrypt. Then generate 100 address that are not safe and then generate a good one??

That can't be right...

Huh
The following should protect you from anyone getting hold of your previous, unencrypted backups:

1. Encrypt wallet
2. Send all your coins to a newly generated address (that now resides in the encrypted wallet)

Please someone correct me if I'm wrong here.

And there is an open issue in github to add a message indicating that a new backup is needed to the end of the encryption process.

https://github.com/bitcoin/bitcoin/issues/1884
I've made a simple patch that tries to address this here: https://github.com/bitcoin/bitcoin/pull/1890
kjj
legendary
Activity: 1302
Merit: 1026
And there is an open issue in github to add a message indicating that a new backup is needed to the end of the encryption process.

https://github.com/bitcoin/bitcoin/issues/1884
legendary
Activity: 2506
Merit: 1010
Can you include a FAQ (or a link to it) in the client?

I just added mention of the keypool getting flushed upon encryption:

 - http://en.bitcoin.it/wiki/Wallet_encryption
legendary
Activity: 1072
Merit: 1181
But this also means that I have to update my backups everytime I request a new address, right?

You need a backup after every 100 transactions (since there are 100 future keys pregenerated, that are part of the backup), AND immediately after encryption as well (since encryption flushes those 100 keys, for security reasons).
newbie
Activity: 57
Merit: 0
Yes, they can take up to the first 100 addresses because they were pregenned.

I'm considering starting over myself.

So, I need to encrypt. Then generate 100 address that are not safe and then generate a good one??

That can't be right...

No, as I said, the key pool is flushed when encrypting. This means that any new address you request after encrypting is guaranteed to never have touched disk in unencrypted form (since 0.5.0).


But this also means that I have to update my backups everytime I request a new address, right?
legendary
Activity: 1072
Merit: 1181
Yes, they can take up to the first 100 addresses because they were pregenned.

I'm considering starting over myself.

So, I need to encrypt. Then generate 100 address that are not safe and then generate a good one??

That can't be right...

No, as I said, the key pool is flushed when encrypting. This means that any new address you request after encrypting is guaranteed to never have touched disk in unencrypted form (since 0.5.0).
hero member
Activity: 588
Merit: 500
firstbits.com/1kznfw
Huh? I don't know what hamdi is talking about.

Encrypting the wallet encrypts all keys in it at the time, not just new ones. If it worked the way you described it would be very confusing indeed!

Well in the past I made back up of wallets that I did not encrypt.

If they were found could they take my BTC?



Yes, they can take up to the first 100 addresses because they were pregenned.

I'm considering starting over myself.
legendary
Activity: 1031
Merit: 1000
best practice is to create all important addresses via bitaddress.org or vanitygen.

then send all coins to new cold-storage addresses from time to time and start a new wallet file.

I need to trust a 3rd party to be safe?

No. You can both generate addresses and create transactions completely offline with the javascript files.

Go ahead and play around with it. Create the address then import it into Blockchain.info, etc. Then you can create and push an offline generated transaction.
hero member
Activity: 815
Merit: 1000
FYI I never use the address generated before encryption, in fact I mark it as "unsafe".

I keep my wallet.dat encrypted at all times and my backups are encrypted password RAR files of said ecrypted wallet spread across my devices and email accounts.

I have also double checked the backup wallets work and were not corrupted in the process.


I would like to generate my own keys with my own fully understood software and store on paper only until first usage, but I'm not that far yet.
legendary
Activity: 1072
Merit: 1181
But if someone send to that old address later if can be stolen right?

Yes:
If you have a backup of a wallet that was made before encrypting it, people who find the file will at most have access to funds sent to addresses that were obtained before encryption.

It would be best just to make a whole new wallet if we ever had unencrypted address?

In general, yes. But if you need to keep the old addresses alive anyway (because people may still send coins to them), the only alternative is keeping them in a separate wallet. That is not safer than keeping them around in the newly-encrypted wallet.
legendary
Activity: 1072
Merit: 1181
If you have a backup of a wallet that was made before encrypting it, people who find the file will at most have access to funds sent to addresses that were obtained before encryption.

Once you encrypt, all private keys are encrypted (also those of old addresses), and the key pool is flushed (the corresponding keys are not deleted, but requests for addresses after encryption will always return addresses that were created after encryption). So to be safe from crashes, make sure you always make a (new) backup after encrypting.
legendary
Activity: 1526
Merit: 1134
Huh? I don't know what hamdi is talking about.

Encrypting the wallet encrypts all keys in it at the time, not just new ones. If it worked the way you described it would be very confusing indeed!
hero member
Activity: 826
Merit: 500
best practice is to create all important addresses via bitaddress.org or vanitygen.

then send all coins to new cold-storage addresses from time to time and start a new wallet file.
vip
Activity: 840
Merit: 1000
Hello all.

If the first thing I do is encrypt my wallet will my first address be secure? I'm talking about the address that is already there when I load it up. To be safe will I not need to generate a new address and use that?

If this is true should we make a note of this somewhere? Not everyone is tech savvy and we all overlook things like this from time to time.

Also there should be a way to get rid of the unsafe or address we just no longer want.

Thanks.
Jump to: