Author

Topic: Is it safe to store encrypted wallet files all over the internet? (Read 546 times)

hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
I have heard that the encryption used for electrum wallets is somewhat open to brute force attacks, which makes me think that even if I've encrypted the wallet, I should still try and keep it offline.

Thoughts?

You do need to be more careful when it comes to storing Electrum wallets online compared to many other wallets.

As others have already noted, nearly all wallets are open to brute force attacks. However, given a strong-enough password, any wallet can be safely stored online. The big problem is in determining whether or not your password is strong enough to resist brute forcing attacks, and there's no easy way to be sure.

This javascript site is the best I know of (thanks to Newar) at estimating password strength: https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html. There's an accompanying article discussing its method's strengths and weaknesses here (spoiler: it might be very good, but it's definitely not perfect): https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/.

What's different about Electrum is that it doesn't use any key stretching, so if you don't use a very strong password, you're much more vulnerable to brute force attacks than some other wallets such as Bitcoin Core or Armory. Here's a quick overview of how many cryptographic operations must be done to check a single password for these two wallet formats:

Electrum: 2 SHA-256's (each a single block long) and 1 block of AES-256 decryption
Bitcoin Core: approximately 100,000 SHA-512's (each a single block long) and 2x blocks of AES-256 decryptions

TL;DR: use a strong-enough password, and you'll probably be safe from brute force attacks, but it's really hard to know what "strong-enough" means.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Encrypted wallets are always vulnerable to brute force attacks. It's money you are talking about. You shouldn't have a wallet file stored online.

Its probably fine as long as the encryption used is strong and the password good enough.

see: http://www.stealmywallet.com/
hero member
Activity: 672
Merit: 500
Encrypted wallets are always vulnerable to brute force attacks. It's money you are talking about. You shouldn't have a wallet file stored online.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
I have heard that the encryption used for electrum wallets is somewhat open to brute force attacks, which makes me think that even if I've encrypted the wallet, I should still try and keep it offline.

Thoughts?

Thats true for any encryption. Maybe you can explain in more detailed fashion what you heard.
full member
Activity: 146
Merit: 100
I have heard that the encryption used for electrum wallets is somewhat open to brute force attacks, which makes me think that even if I've encrypted the wallet, I should still try and keep it offline.

Thoughts?
Jump to: