Pages:
Author

Topic: Wallet encryption "only" protects against spending? - page 2. (Read 1426 times)

sr. member
Activity: 444
Merit: 250
Note that Bitcoin addresses and transactions are inherently public, and the only thing that's private (and the only thing which needs protecting with encryption) are the private keys used to sign transactions. Anyone who knows your addresses can see how many bitcoins you have, where they came from, and where they're going. Privacy is only achieved by the difficulty of associating Bitcoin addresses with real-life identities. You can encrypt your entire wallet using Truecrypt or EncFS if you really want to, but be aware that this might not provide as much protection as you think.

Just because some punk found a wallet.dat on my machine doesn't mean he needs to know what my private keys are, and thus how much the wallet is worth. He won't be able to touch them, but he was able to breach my privacy by snooping on my personal finance. If I had considerable funds, that may motivate him to install a keylogger on my machine or something.

I was planning on using just the standard wallet encryption before backing up my wallet.dat to "the cloud", but having learned this, I'll wrap it in an additional layer. Thanks for the clarification, guys (and your great work, Gavin).
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
Note that Bitcoin addresses and transactions are inherently public, and the only thing that's private (and the only thing which needs protecting with encryption) are the private keys used to sign transactions. Anyone who knows your addresses can see how many bitcoins you have, where they came from, and where they're going. Privacy is only achieved by the difficulty of associating Bitcoin addresses with real-life identities. You can encrypt your entire wallet using Truecrypt or EncFS if you really want to, but be aware that this might not provide as much protection as you think.
legendary
Activity: 1652
Merit: 2311
Chief Scientist
Do I have to put it into a truecrypt/encfs container to get the kind of protection I expected?
Yes.
sr. member
Activity: 444
Merit: 250
I just encrypted my wallet (reference client), and I would have expected it to ask me for the password as soon as it loaded the wallet on startup, but it didn't. Instead, it only asks when I try to send btc. This seems to mean that if someone gets ahold of my wallet, they will be able to "read" it and see what it's worth. Then if it holds enough value, they can start brute forcing (however futile that may be, but whatever).

Am I misunderstanding something here? Do I have to put it into a truecrypt/encfs container to get the kind of protection I expected?
Pages:
Jump to: