Topic: If wallet.dat shared or stolen, then encrypt it? (Read 201 times)

I don't think you can shrink wallet because it contains all keypairs and related transactions
but you can send all your old wallet's balance to a newly created wallet
so your new wallet will start fresh contains only new keypairs (hence smaller size )
you can safely stored the old wallet somewhere, don't ever completely delete it

That's incorrect.

A non-HD wallet will remain non-HD even if you update to a newer version of Bitcoin Core.

It is is data format of the wallet file that gets updated (and in some versions will render the file incompatible with older versions).

If the "HD" icon in the bottom right corner had a X through it... You have a non-HD wallet.

Otherwise, if the "HD" icon is active, you have an HD wallet with a seed.

Bitcoin Core implements BIP32 (derivation of addresses from a seed)... But does not implement BIP39 (derivation of seed from word mnemonic).

As far as I'm aware there is no (easy) way to extract the "seed" itself from Bitcoin Core. It isn't included in dumpwallet (you only get master private key)...

So for Bitcoin Core, you need backups of wallet.dat... as opposed to writing down the 12-24 word seed mnemonic... Also, as stated, Bitcoin Core changes the seed if wallet.dat is encrypted or encryption password is changed, necessitating new backups when this happens.

There are pros and cons to both methods.

I saw the other day a guy mentioning he had a 1.5 GB wallet which to me makes no sense no matter what kind of usage you are making out of Bitcoin.

How many transactions have you made to have a 200MB wallet? perhaps you are a miner/pool operator?

Also as far as I know since 0.15, if you are coming from an older wallet, it will automatically convert it into the new HD wallet format. I was a bit paranoid about using the HD format (I've had been using the same wallet.dat since qt days) because I was paranoid that the seed could be somehow derived but achow101 told me it's safe and it isn't the same approach as an Electrum wallet, actually said it is safer than the legacy wallets.

Is there a method for shrinking wallet.dat? There are so many who do not use keys in wallet.dat.
It grows and grows, more than 200MB.
"Change =" option works, but not all altcoins have this option. It should also run before wallet.dat becomes larger.

Any gross method is also appreciated. I want to reduce wallet.dat safely.

Given that you specifically mention "wallet.dat"... I will assume that you are referring to Bitcoin Core. The answers below are only valid for Bitcoin Core. Other wallets like Electrum deal with encryption in a different manner.

NOTE: it is important to understand that there will be quite a large number of pre-generated addresses already in the wallet (default keypool size for HD wallets in Bitcoin Core is 1000, older non-HD wallets had a keypool of 100). Using "generated before encryption" or "generated after encryption" could be a little misleading in this instance. As addresses may have already been created and stored in the wallet file, but they are only displayed to the user when the user clicks the "new receiving address" button. New addresses are only actually generated and added into the wallet file when the keypool is refilled.


Yes. A+B will have access to the same history and current keypool.


Depends if the wallet.dat is an HD wallet (default from Bitcoin Core v0.13+) or an older non-HD wallet.

In a Bitcoin Core "HD" wallet... whenever you enable encryption (or change the password)... the "old" seed and addresses are marked as "inactive"... and a new seed is generated and a new "active" keypool is created with addresses based off the new seed (which A will not have). I'm not sure if the old seed is still stored in the wallet, but I suspect it is.

However, the old addresses are still stored in the wallet.dat, so B will still have access to addresses that A had at the time the wallet was encrypted. I am not sure if encrypted B still contains a copy of the original seed. A "dumpwallet" on a newly encrypted file (or one with a recently changed password) only shows the current extended master key (and does not output any seed). So I'm not sure if B is still able to generate addresses on the "old" seed after A exhausts the keypool that B had a copy of and begins to generate addresses that B had not generated from the old seed yet.

In short:
B will have old A addresses and new B addresses
A will only have old A addresses.

In an older Bitcoin Core "non-HD" wallet... both A and B will still have the same keypool... so until that is exhausted, A and B will be using the same addresses. Over time, as the individual keypools in A and B are replenished with new randomly generated addresses, they'll be generating addresses that the other wallet does not contain.

In short:
B will have old A addresses + new B Addresses
A will have old A addresses + new A Addresses


I'm not sure if you mean that A then encrypts their wallet? Or do you mean original A wallet with no Encryption?

If A encrypts their wallet as well:
For HD, both A and B will now have new seed + new keypool... they'll both have access to original pre-encryption addresses... but will be both have new keypool with different addresses from this point.
For non-HD, both A and B will have access to original pre-encryption addresses + keypool... A will start generating addresses that B does not have as keypool is replenished.

If A doesn't encrypt their wallet:
For HD, A and B have access to original pre-encryption addresses... B will not be generating the new addresses that A generates as B is using new seed. I'm not sure if B can still access the original seed and continue to generate addresses that A will.

For non-HD, A and B have access to original addresses+keypool at the time the wallet.dat was copied... As the keypool is replenished A and B will then be generating different random addresses to replenish their respective keypools.

Bitcoin Core has been HD since 0.13.0

Depends, if the wallet isn't HD (Hierarchical Deterministic) (Ex. Bitcoin Core Wallet), the answers are:
[1] Yes
[2] Yes
[3] No
Encryption won't affect the new address (private key) generation of the wallet, any new generated addresses after the separation are randomized which will produce different new addresses for wallet A & B.

If the wallet is an HD wallet with a SEED (Ex. Electrum), it's:
[1] Yes
[2] No
[3] Yes
Any new Private keys are based on the wallet's seed so, if you generate more addresses, both A & B wallet will produce the same.

If A and B are using the same wallet file, it doesn't matter if either of them encrypts it or when. They're already sharing the same master seed which is used to derive all of their addresses. Encryption only protects against people getting access to your computer and attempting to get to your private keys (master seed) but in this scenario you've let A and B share the same seed. They would both be able to spend the other's money.

If A, B get same wallet.dat file, and after that, if B encrypt his computer's wallet program(or daemon) (B2), then what happen?

All coins received via address generated before encryption, B can use them also?

And all coins received via address generated after encryption, only B can use them?

And all coins received via address generated after encryption at A's computer (A2), A and B can use them?


Here [use] means spending coin.