Author

Topic: Steal coins from unencrypted wallet after encryption (Read 1708 times)

hero member
Activity: 812
Merit: 502
So instead of testing out if a thief have a copy I will just create a new one and transfer the NMC there.
Yes, this has to be the safest way, move the coins to a new wallet that is properly secured  Smiley

The coins are still at the pool and my dilema was to either use the old wallet (nostalgia seeing all these transactions from 2011) or a new one.

I am so paranoid sometimes, which in the Bitcoin world is a good thing  Grin

full member
Activity: 196
Merit: 100
So instead of testing out if a thief have a copy I will just create a new one and transfer the NMC there.
Yes, this has to be the safest way, move the coins to a new wallet that is properly secured  Smiley
hero member
Activity: 812
Merit: 502
Thank you guys.
I have an old NMC wallet from 2011, which is probably safe, but one cannot be 100% sure.
So instead of testing out if a thief have a copy I will just create a new one and transfer the NMC there.
full member
Activity: 196
Merit: 100
It is true that it prunes the "keypool", but this is simply a bunch of pre-generated keys which bitcoin-qt uses whenever it needs a new key. There's a lot more to this question than meets the eye but the simple answer is:

All coins in the addressess created before the encryption will be accessible to the thief.  This includes coins sent to these addresses before and after the encryption.

And you can prove this to yourself very easily. Just do what you are suggesting.

I have done this on my test rig, but you can follow this demo and see for yourself.

From the command console of bitcoin-qt:

21:07:10

dumpprivkey 12JCRJTxKjwbucjdP12hZwa9TeqLjsmAP8   <-- this dumps the private key for the specified address


21:07:10

L25HtjefAu1RAhVTFQToBqMJ8sedpBYXtuwuYBUkCsG6MBmsWMeQ   <-- this is the unencrypted private key of the address (no coins associated!)


encrypt wallet (test)  <-- I used the gui to encrypt the wallet with the pass phrase of 'test'


21:14:02

walletpassphrase test 6000  <-- this unlocks the wallet using the encryption key of 'test' for 6000 /units of time/


21:14:29

dumpprivkey 12JCRJTxKjwbucjdP12hZwa9TeqLjsmAP8  <-- with the wallet unlocked dump the private key again


21:14:29

L25HtjefAu1RAhVTFQToBqMJ8sedpBYXtuwuYBUkCsG6MBmsWMeQ  <-- and compare with the previous version


L25HtjefAu1RAhVTFQToBqMJ8sedpBYXtuwuYBUkCsG6MBmsWMeQ - the same!  Wink



hero member
Activity: 533
Merit: 500
^Bitcoin Library of Congress.
It is true that it prunes the "keypool", but this is simply a bunch of pre-generated keys which bitcoin-qt uses whenever it needs a new key. There's a lot more to this question than meets the eye but the simple answer is:

All coins in the addressess created before the encryption will be accessible to the thief.  This includes coins sent to these addresses before and after the encryption.
hero member
Activity: 812
Merit: 502
Yes.

This is why its important to shred unencrypted wallet backups after they have been replaced with the encrypted version.


Coins are not stored in the wallet, only private keys with their corresponding public key.

If the private key that is linked to coins is compromised, the coins can be spent.

I am aware of what the wallet contains, but when you encrypt your wallet you get a message that the old wallet will no longer work.
After some brief research I found that it prunes the entire pool of private keys and create a new one after encrypting, which is confusing to me.
full member
Activity: 196
Merit: 100
Yes.

This is why its important to shred unencrypted wallet backups after they have been replaced with the encrypted version.


Coins are not stored in the wallet, only private keys with their corresponding public key.

If the private key that is linked to coins is compromised, the coins can be spent.
hero member
Activity: 812
Merit: 502
Imagine the following scenario: a thief had managed to steal an unencrypted wallet long time ago, which I now decide to encrypt and use.
If he doesn't know the encryption password, but has the same wallet from before encrypting it, can he spend any coins that I put in the wallet after encrypting it?

Thank you.
Jump to: