Topic: So, bitcoin client still use unencrypted wallet.dat - page 4. (Read 7446 times)

I think it's a requirement to use bitcoin with non-negligible amounts of money on a computer. It doesn't work without security, including strong confidentability and integrity of data.

You have to realize that what is secure enough now for a home computer user is very probably not sufficient. You are not going to change that by fussing around.

Think about only one aspect: To make backups possible, pre-generated keys (addresses) are stored in the wallet. If you receive some amount of money, the security of that amount depends on the security of these keys since their creation until the money is moved to another address, which can take years.

Another point: If I can copy your wallet.dat, I can probably replace your entire bitcoin client as easily. I don't need to install a key logger then - I can do directly with the money whatever I want.

Or just another trick: You use your browser to look up payment addresses. Fine. I install some add-on into your browser which once in a while replaces some addresses with one of my owns. And you just wonder why your landlord throws you out.

Running the client is not the only way to adopt BitCoin. Currently, it is most certainly not the best.

So long non-niche market adoption! This is as asinine as owning a computer /just/ to store a wallet.dat on.

Personally, I am only allowed access to my encrypted wallet after I prick my finger and take a small blood sample. 12 hours later, my DNA is roughly confirmed and I'm allowed to "see" in the wallet. I can't make transactions to new addresses for about 5 days while confidence in my identity is confirmed.

Also, I'm required to submit nasal and fecal swabs. A few tests are run and the unique combination and relative numbers of various bacteria, as well as their particular drug resistances and other protein markers, are used to confirm that I am probably me, and probably alive. One time, I got food poisoning and this threw everything off until my bacterial load was back to normal. I couldn't spend bitcoins for a few weeks.

After those tests are approved, I have verbal passphrase that is checked not just for correctness, but for indicators of stress in order to test if I am likely being coerced. After that, I type in a password that varies daily based on another password that was encrypted with a one-time-pad. Then, a random block of text is generated on-screen for me to type out. You might be able to fake all the prior checks, but have fun trying to replicate the exact cadence of my typing.

All throughout this, I have a hidden microphone that listens for me saying a particular keyword that indicates that I'm under duress. If I drop it into conversation with whoever might be coercing me, my wallet is locked for 1 month.

After that, I am given 3 names of random friends and relatives who I must talk to in order to be given one-time passwords taken from separate books that I gave them previously.

One person is chosen to perform a "secret handshake" that varies slightly with each day of the week.

Then, my dog has to go through most of the above steps, because he's always with me. I haven't been able to get into my wallet this month because he really sucks at typing and can't remember his verbal password until I give him a treat.

Ye well if we want to use bitcoins we should be able to keep the wallet with us, so maybe i have the big wallet encrypted somewhere and a wallet with few bitcoins that i bring around with me and someone can steal it. If the client directly encrypt this, the problem is solved

If someone uses your pc?

You mean you don't have your own user login with encrypted home folder on your pc then I guess?  Because you should, if you're keeping many bitcoins on it. 

If someone stole my PC then I suppose they could crack the encryption and steal my wallet but I hope this security at least would buy me enough time to get my wallet backup to another PC and move my bitcoins to a safe place.

All this discussion is pointless. The developers are working on it, it should be included in the next version. You can see their progress here:

https://github.com/bitcoin/bitcoin/pull/232

Bitcoin is a specification and protocol. The bitcoin client that everybody is talking about is an implementation. But for the normal user, the only thing something "is" is what is in front of their face on the screen. So for new users, the bitcoin client from bitcoin.org is bitcoin. There's a great opportunity for somebody to develop a more full-featured client (with encryption, backup, payment confirmation, etc.). I bet one will emerge soon.

Jesus, how hard can it be to understand.

unencrypted :
- thief steals your hard drive : wallet.dat up for grabs be it linux or windows or w/e
- thief hacks your PC : wallet.dat up for grabs be it linux or windows or w/e
- get a trojan : trivial to add a couple of lines of code to an existing one to steal wallet.dat
Average time needed to steal all user's coins : microseconds

encrypted:
- thief steals your hard drive : thief more or less s.o.o.l
- thief hacks your PC : thief needs to grab wallet.dat, install a keylogger and wait patiently until user makes a payment, which could be today, next week, or never
- get a trojan : needs to target Bitcoin specifically and wait until a payment is made as above
Average time needed to steal all user's coins : days to weeks

FWIW, there are ways to evade the most common keyloggers. KeePass, for instance, has implemented one such system: http://sourceforge.net/projects/keepass/forums/forum/329220/topic/4198801

Also, AFAIK, encrypting wallet.dat doesn't prevent you from doing any other security measures you might find necessary.

NOT encrypting wallet.dat means that to be safe from the kids' friends, 0-day exploits and the occasional 'oops, shouldn't have downloaded that' you need some sort of security scheme, which probably involves encryption and passwords anyways. And how were you going to spend coins without unencrypting the keys, again?

It really doesn't make any difference whose fault it is. If anything, having it be your fault makes it worse.
[/quote]
if you say so.... I would not think so.
I was under the impression that BitCoin is meant for everybody, not only for banks... So there should be security enough for everybody to use it, otherwise it will fail.
As long as "oh noes you could install a keylogger specifically for bitcoin, which makes no encryption better than having encryption" is an argument, I won't bother, thank you ;-)

Ok, if your pc is infected, then encrypting don't help and you need a non-infected pc to use the wallet

But encrypting it is not only about viruses, it's also about more simpler things like someone use my pc and steal the file.

Then you will say that i can still delete the wallet.dat and keep the encrypted copy and unencrypt it only when i need it, and then i say, yes, but if we add this to the bitcoin client it is much easier.

Also if the client directly encrypt it we can make sure an unencrypted wallet NEVER goes on the hard disk (cause the client will unencrypt and use it on the memory and not the hard disk), so it will be impossible to later recover it from the hard disk (like if someone steal your hard disk)

It really doesn't make any difference whose fault it is. If anything, having it be your fault makes it worse.

Of course not. Since they can't be expected to secure their machine, they shouldn't be holding BitCoin keys on it. The best way to use a credit card is not to become a bank or a merchant.

Propose a scheme. I don't know how to do it so that the upside exceeds the downside. If you do, please share.

I really dont understand why people defend NOT encrypting the wallet.

Maybe I'm missing something.

Gavin Writes in the blog:
"First, losing your wallet or forgetting your password is (arguably) as big a threat as theft."
Even if we ran with this and said, 50/50 you lose your password or get your unencrypted wallet stolen, people would still choose to lose their password. At least some douch bag isnt out there spending them.


It seems to me nobody ever expects 'average' people to use bitcoins (whereby I define average as someone running windows, and is not really sure if blu-ray is the same as bluetooth).
In that case, I think just take down the windows binaries, and make users compile it themselves. if they can do that, they're ready for bitcoin.

BTW I really hate this elitest attitude.

Yeah, but a forgotten password is everybody's own fault, while the average BTC user can't be expected to only keep his wallet on his walled-off linux machine with only carrier pigeon connectivity.
Of course, most known cases of theft have been linked to gross negligence, but that's just how people work - you don't worry until it's too late.

I, for one, would welcome wallet encryption, even if it's not 100% secure and perfect. I mean, what is 100% secure?

Encryption is not some magic dust you sprinkle on an application and it magically becomes secure. If you can come up with a wallet encryption scheme that has more upsides than downsides, there's a good chance it will be implemented.

IMO, that's just inviting disaster. The client should only be running on machines that are inherently secure. Doing this will encourage people to run the client on insecure machines, which will compromise their wallets even if they are encrypted. Strong passwords will be forgotten, leading to lost BitCoins. Weak passwords will be brute forced, accomplishing nothing.

Read: http://gavinthink.blogspot.com/2011/06/why-arent-bitcoin-wallets-encrypted.html

I think how the wallet is managed is one of the major problem of the bitcoin client as now. To use it you have to have it unencrypted and this is a serious security flaw as it allow a virus to directly steal it. I know it has been asked a lot of times but, we need a client that can use a CRYPTED wallet.dat

Then we have the fact that well the client automatically create wallet.dat in his folder inside roaming without telling you anything and while it is not a problem for people who know how the software work, it's a bit fail for new ppl, because by trying the bitcoin client you just end with a NEW folder under roaming that you don't even know it exist (you discover it LATER, when you go read the wiki). Not exactly the safer way, there should be like something in the client that allow you to create the wallet and place it where you want or something like that...