Author

Topic: how sensitive is wallet.dat (Read 168 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 03, 2022, 06:44:10 AM
#11
it's truly /dev/urandom  Cool
so what can you do when you run out of entropy?

The entropy won't run out only by generating 16 ASCII character. Besides, you always generate entropy when you use your computer and /dev/urandom doesn't perform block when it ran out of entropy.
hero member
Activity: 868
Merit: 737
October 03, 2022, 06:40:23 AM
#9
it's truly /dev/urandom  Cool
so what can you do when you run out of entropy?
legendary
Activity: 2268
Merit: 18711
October 02, 2022, 01:53:50 PM
#8
If you have 16 random characters from the full set of 95 printable ASCII characters, then you have 9516 possibilities, which comes out to a little over 105 bits of entropy. The bitcoin network currently has a hashrate of around 250 EH/s. Given that each of those is two SHA256s, then that means it would take the entire bitcoin network around 2,800 years at current rates to perform 2105 hashes. So your password is quite safe against random brute forcing.

But, as Loyce correctly points out, if someone has managed to steal your wallet.dat file from your computer, then your entire set up is now compromised either physically or electronically, and a secure password is no guarantee of safety.
hero member
Activity: 630
Merit: 731
Bitcoin g33k
October 02, 2022, 11:45:33 AM
#7
it's truly /dev/urandom  Cool
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
October 02, 2022, 11:37:51 AM
#6
It depends on whether the alphanumeric code is truly random or not. As long as you have 16 characters that are random then you should be fine for now..

If you happen to have words in there then the password might become solvable for an attacker.
hero member
Activity: 630
Merit: 731
Bitcoin g33k
October 02, 2022, 11:00:06 AM
#5
Thanks for the helpful responses. I just wanted to understand if and how far the wallet.dat is protected by such a scenario. Of course the password should be cleverly chosen that it doesn't appear in any dictionary, isn't a common word or could be built from permutations of it. I know the process of brute-force cracking. But that there are special "services" out there that can crack 16-digit passwords of the type mentioned in reasonable time ... didn't know that. I always thought with 16 digits you were already on the safe side. But well, then I'll just raise it to 26 chars and then I'll sleep better  Tongue
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 02, 2022, 10:24:44 AM
#4
I think your scenario isn't realistic: if someone gets their hands on your wallet.dat, they can probably install a keylogger too.
Brute-forcing 16 characters is going to take a while, but there are specialized services out there.
legendary
Activity: 952
Merit: 1385
October 02, 2022, 10:23:15 AM
#3
16 characters (alphanumeric + special characters) are (IMHO) unbreakable, 8 is a quite easy task, anything more needs so much time and resources, that it is undoable - so you may sleep safe.
There is only one remark - that is correct reasoning if password is somehow “random”. If you used any dictionary word and then just added “123!” at the end, it is not safe at all. Even worst if you used any password which is on any list of used/leaked passwords.
staff
Activity: 3500
Merit: 6152
October 02, 2022, 10:22:53 AM
#2
-snip-
Let's assume in this example that he has gained absolutely no other information of me and even does not know anything about the owner/me so he couldn't construct a personalized brute-force attack on the wallet.dat

In this case, no. There's nothing to be worried about. But if someone manages to remotely steal your wallet.dat (with malware) it would be safe to assume that he has your keystrokes too.
hero member
Activity: 630
Merit: 731
Bitcoin g33k
October 02, 2022, 10:08:20 AM
#1
Hello everybody,

Assuming that someone manages to steal the wallet.dat (which is password-protected of 16 characters alphanumeric + special chars) of my computer, how (bad are my and how) good are his chances that he will gain full access to my coins? Is this something I have to worry about or nothing to worry about ? Let's assume in this example that he has gained absolutely no other information of me and even does not know anything about the owner/me so he couldn't construct a personalized brute-force attack on the wallet.dat

Looking forward to your comments.
Jump to: