Author

Topic: Wallet Encryption (Read 218 times)

hero member
Activity: 518
Merit: 625
Pizza Maker 2023 | Bitcoinbeer.events
December 26, 2022, 12:43:06 PM
#10
Since your repairer has had access to your hd maybe your keys have been exposed, so since when it comes to Bitcoin it is always better to take care of your privacy and security I recommend you generate a new wallet or a new private key, there are many ways to do this and send your btc to a new address. This way there is no chance that your repairer will become aware of your data.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
December 23, 2022, 12:13:52 AM
#9
I restored my entire hard drive image from a week-old backup to a new hard drive including wallet.dat (no activity during the week on wallet.dat).

If I now generate a new receiving address from the wallet and receive funds on that address, would the private key for that new address (and therefore funds) be available to an opportunistic computer repair guy if he were to dump all addresses and private keys from the un-encrypted wallet.dat? i.e., if he generated all addresses in the pool in the un-encrypted wallet.dat, would my new receiving address and private key eventually show up for him?

Does keypoolrefill replace all old addresses with new addresses in the pool or only just replenish back to the maximum? If replaces, then that one command would insure that I'd get an address that's not in the old wallet.dat.
In this scenario, the wallet.dat is still unencrypted right?
If so, then the repair guy can theoretically steal your recent funds because wallet.dat already has a keypool filled with pre-generated keys based from your HDSeed.
For descriptor wallet, each descriptor that your wallet has can re-create the keys that the other copy of the wallet.dat used.

keypoolrefill will just change your default keypool size of 1000keys per descriptor/, but it wont replace the previous keys.
newkeypool on the other hand will seemingly create "new" keys but all the repair guy has to do is to run the same command to get your new keys.

The right command is encryptwallet which will set a new HDSeed and refill a new keypool based from it.
But you can only do that once since changing the passphrase with walletpassphrasechange will not set a new HDSeed.
Alternatively, you can use sethdseed true "WIF prvkey" (the WIF prvKey will be used as the new HDSeed) to create a new keypool.

But as obvious, if that happened; just do yourself a favor and create a new wallet to receive your funds.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
December 22, 2022, 06:59:46 PM
#8
Not all repair guy knows how Bitcoin wallet works but they know what is bitcoin the only problem is if your wallet is un-encrypted then there is a big chance that techy still have a backup or access to that wallet anytime he can able to transfer your funds to another wallet.
So the only option here is to create a new wallet and transfer all funds to a new wallet.

But I think that techy guy just telling you that he can able to recover any Bitcoin wallet and he means that you can trust him? Or he means that he knows Bitcoin but does not have deep knowledge about bitcoin it's just my guess maybe.
legendary
Activity: 1554
Merit: 1139
December 22, 2022, 04:43:47 PM
#7
I think you know what your doing @OP and that you itself is good news. It means, you understand that, there could be compromises along the way and sees the need to fix things before it gets out of hand. Although, for this undermined but serious concern, I think it's as easy as already stated in the quote below.
If the repair guy had access to your wallet then for sure your private keys were exposed, so, the best to do should be to generate a new wallet and forget about the old one.
Without any hypothetical thinking or taking any serious risk, make the first move by downloading a fresh wallet and move all your hodlings unto the new wallet. That way, you don't get to bother about compromise as, you might not know to what level of exposure the computer repair guy have got. Zero him out with an entirely new wallet besides, it doesn't cost nothing.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
December 20, 2022, 09:24:00 AM
#6
I restored my entire hard drive image from a week-old backup to a new hard drive including wallet.dat (no activity during the week on wallet.dat).

If I now generate a new receiving address from the wallet and receive funds on that address

After all of this, I encrypted my wallet.dat.  Does encrypting change replace all addresses from the un-encrypted wallet with new addresses?
When you encrypt your wallet file, it is a hindrance to access of your wallet private key. It does not change anything inside that wallet, just block the access to wallet private key.

You can test it by
  • Using a same private key to import two different wallet files: one is encrypted and one is not encrypted.
  • Opening two wallet files, with passphrase and no passphrase, you will see same receiving addresses.

It's same when you use mnemonic seed on other wallets like Electrum.

Warning on Bitcoin Core when you encrypt your wallet
Quote
If you encrypt your wallet and lose your passphrase, you will LOSE ALL OF YOUR BITCOINS!

Are you sure you wish to encrypt your wallet?

Never use that old wallet again, and create a new wallet to receive your bitcoins from your old wallet.

A new wallet, not a new receiving address in your old wallet!

If you want to use Electrum wallet, you can Sweep your bitcoins from Bitcoin Core wallet into Electrum
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
December 20, 2022, 09:14:51 AM
#5
When picking up the computer, the repair guy commented, "I noticed you had a Bitcoin wallet so I recovered that for you too".

At the moment somebody else gets even close to getting access to your wallet (so, if possible, before the repair guy getting to your file), you should consider that wallet compromised, move your funds away and never use it again.
Depending on your wallet's version (basically HD vs non HD) a new address may or may not be getting into his hands. However, why would you take chances?
sr. member
Activity: 1932
Merit: 442
Eloncoin.org - Mars, here we come!
December 19, 2022, 05:12:33 PM
#4
Well for me, just my own opinion --quickly transfer your fund into a new wallet that you have created. Your recent wallet that was recovered by the repair guy would be vulnerable as of now [even though you see there is no transaction] and perhaps you have private access to that wallet to recover. Dont make things complicated if you can buy your own hardware wallet, it leaves no traces in any device that you will use, so nothing to worry about. For now, transfer it into a safe wallet and you are done.
legendary
Activity: 3346
Merit: 3130
December 19, 2022, 03:57:48 PM
#3
If the repair guy had access to your wallet then for sure your private keys were exposed, so, the best to do should be to generate a new wallet and forget about the old one.

And if you only want to save the coins in a safe place then you could just create an address with vanity gen and send the coins to it, when you want to get access to those coins then just import the private key on a wallet that's the easy way to save your coins without the bitcoin core and the long wait for the sync.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 19, 2022, 05:01:49 AM
#2
If I now generate a new receiving address from the wallet and receive funds on that address, would the private key for that new address (and therefore funds) be available to an opportunistic computer repair guy if he were to dump all addresses and private keys from the un-encrypted wallet.dat? i.e., if he generated all addresses in the pool in the un-encrypted wallet.dat, would my new receiving address and private key eventually show up for him?

Does keypoolrefill replace all old addresses with new addresses in the pool or only just replenish back to the maximum? If replaces, then that one command would insure that I'd get an address that's not in the old wallet.dat.

For old/non-HD wallet, the keypool is refreshed to generate different set of private keys. As for HD wallet, your master private key will be changed. So the repair guy unable to know newly generated private key/address.

Should I just create a new wallet, encrypt it and use a receiving address from the new wallet to receive future funds (and transfer the $40 to an address in the new wallet)? This is a simple thing to do, I just want to understand what addresses are in a wallet using this hypothetical situation.

Yes, you should do that immediately for these reason,
1. I would consider your Bitcoin is currently vulnerable.
2. You don't want accidentally re-use Bitcoin address which created before you encrypt the wallet file.
PCW
newbie
Activity: 23
Merit: 6
December 19, 2022, 04:50:03 AM
#1
I'd like to ask a hypothetical question (situation didn't really happen) to better my understanding of addresses and wallet encryption.

I had about $40 in a Bitcoin Core un-encrypted (backed up) wallet.

My hard drive crashed and the computer repair guy was able to recover 100% of the documents that I needed that were saved since my last backup.  

When picking up the computer, the repair guy commented, "I noticed you had a Bitcoin wallet so I recovered that for you too".

I restored my entire hard drive image from a week-old backup to a new hard drive including wallet.dat (no activity during the week on wallet.dat).

If I now generate a new receiving address from the wallet and receive funds on that address, would the private key for that new address (and therefore funds) be available to an opportunistic computer repair guy if he were to dump all addresses and private keys from the un-encrypted wallet.dat? i.e., if he generated all addresses in the pool in the un-encrypted wallet.dat, would my new receiving address and private key eventually show up for him?

After all of this, I encrypted my wallet.dat.  Does encrypting change replace all addresses from the un-encrypted wallet with new addresses?

Does keypoolrefill replace all old addresses with new addresses in the pool or only just replenish back to the maximum? If replaces, then that one command would insure that I'd get an address that's not in the old wallet.dat.

Do I have to create a new wallet, encrypt it and use a receiving address from the new wallet to receive future funds (and transfer the $40 to an address in the new wallet)? This is a simple thing to do, I just want to understand what addresses are in a wallet using this hypothetical situation.

Thanks.
Jump to: