Pages:
Author

Topic: Wallet Encryption Password, (Read 2150 times)

hero member
Activity: 504
Merit: 500
August 08, 2014, 12:33:51 PM
#42
Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

Hi rhkazani1, if someone compromised the wallet.dat which was encrypted with password "123456", then that's the password for the wallet. Whether you change your password or not has no effect on the compromised wallet.dat file as it's different from your new one with the changed password.

P.S. wrong category

This answers, thanks. Just realized its in wrong category.


If that really happened and you still have your funds, get them out out that wallet into a new one ASAP !

mbs

not sure, it might have happened, due diligence , he might be trying to crack the password, would it help if i change the password now?

If he stole your encrypted wallet he can decrypt it with the old password. You should create a *new* wallet, with different addresses and a new password and send your entire balance to it ASAP unless you have a very strong password such as r6jv16kZLmfJG#au and are sure it hasn't been exposed. For obvious reasons don't use the password I just posted.

Yup, thanks, appreciate your response.
legendary
Activity: 1330
Merit: 1003
August 08, 2014, 12:32:54 PM
#41
Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

Hi rhkazani1, if someone compromised the wallet.dat which was encrypted with password "123456", then that's the password for the wallet. Whether you change your password or not has no effect on the compromised wallet.dat file as it's different from your new one with the changed password.

P.S. wrong category

This answers, thanks. Just realized its in wrong category.


If that really happened and you still have your funds, get them out out that wallet into a new one ASAP !

mbs

not sure, it might have happened, due diligence , he might be trying to crack the password, would it help if i change the password now?

If he stole your encrypted wallet he can decrypt it with the old password. You should create a *new* wallet, with different addresses and a new password and send your entire balance to it ASAP unless you have a very strong password such as r6jv16kZLmfJG#au and are sure it hasn't been exposed. For obvious reasons don't use the password I just posted.
hero member
Activity: 504
Merit: 500
August 08, 2014, 12:04:21 PM
#40
No. If you want to secure the wallet, you should move its funds out into a new wallet asap. As stated earlier, locally changing the wallet's password from A to B does not secure the wallet if a stranger owns the wallet.dat file which was encrypted with password A and knows password A. If you change it to B, that has no effect on the compromised wallet.

What will the best way to move funds, rename old wallet.dat let the QT create a new one, generate a new address on the new wallet and then go back to old wallet transfer to new wallet?

Yes, except that you should set a password on the new wallet before you send the bitcoins over.

That actually isn't enough. If there really is malware on the computer, it could still get the unencrypted version of the wallet (which has all the keys) or intercetp the keyboard inouts via a keylogger! Every machine that's connected to the internet is at risk here.

True!
full member
Activity: 154
Merit: 100
Is there life on Mars?
August 08, 2014, 12:03:38 PM
#39
No. If you want to secure the wallet, you should move its funds out into a new wallet asap. As stated earlier, locally changing the wallet's password from A to B does not secure the wallet if a stranger owns the wallet.dat file which was encrypted with password A and knows password A. If you change it to B, that has no effect on the compromised wallet.

What will the best way to move funds, rename old wallet.dat let the QT create a new one, generate a new address on the new wallet and then go back to old wallet transfer to new wallet?

Yes, except that you should set a password on the new wallet before you send the bitcoins over.

That actually isn't enough. If there really is malware on the computer, it could still get the unencrypted version of the wallet (which has all the keys) or intercetp the keyboard inouts via a keylogger! Every machine that's connected to the internet is at risk here.
hero member
Activity: 504
Merit: 500
August 08, 2014, 11:57:52 AM
#38
No. If you want to secure the wallet, you should move its funds out into a new wallet asap. As stated earlier, locally changing the wallet's password from A to B does not secure the wallet if a stranger owns the wallet.dat file which was encrypted with password A and knows password A. If you change it to B, that has no effect on the compromised wallet.

What will the best way to move funds, rename old wallet.dat let the QT create a new one, generate a new address on the new wallet and then go back to old wallet transfer to new wallet?

Yes, except that you should set a password on the new wallet before you send the bitcoins over.

Alright, thanks, that was something new.
legendary
Activity: 3682
Merit: 1580
August 08, 2014, 11:56:54 AM
#37
No. If you want to secure the wallet, you should move its funds out into a new wallet asap. As stated earlier, locally changing the wallet's password from A to B does not secure the wallet if a stranger owns the wallet.dat file which was encrypted with password A and knows password A. If you change it to B, that has no effect on the compromised wallet.

What will the best way to move funds, rename old wallet.dat let the QT create a new one, generate a new address on the new wallet and then go back to old wallet transfer to new wallet?

Yes, except that you should set a password on the new wallet before you send the bitcoins over.
hero member
Activity: 504
Merit: 500
August 08, 2014, 11:47:17 AM
#36
Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

No password is 'in effect'. Spending the Bitcoins is possible only if someone has the private key to the address. The private key is encrypted in the wallet. If an attacker now has access to the private key, it doesn't matter how you encrypt the private key, since it already has been compromised! Makes sense? Any questions?

What extra level of security / protection does "Encrypt Wallet" has?

Well if somebody happens to compromise your wallet, there's an additional layer of security for encrypted wallets since one would need to know its password as well in order to be able to spend its funds.

"If one compromises an encrypted wallet, you can spend its funds right away" How could you spend right away if it is encrypted?

I think he meant "If someone got hold of your wallet". Because if that happens with an unencrypted wallet, the funds can be spend right away. But if there's still the encryption, they'd need to break that first!

Correct,
full member
Activity: 154
Merit: 100
Is there life on Mars?
August 08, 2014, 11:46:38 AM
#35
Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

No password is 'in effect'. Spending the Bitcoins is possible only if someone has the private key to the address. The private key is encrypted in the wallet. If an attacker now has access to the private key, it doesn't matter how you encrypt the private key, since it already has been compromised! Makes sense? Any questions?

What extra level of security / protection does "Encrypt Wallet" has?

Well if somebody happens to compromise your wallet, there's an additional layer of security for encrypted wallets since one would need to know its password as well in order to be able to spend its funds.

"If one compromises an encrypted wallet, you can spend its funds right away" How could you spend right away if it is encrypted?

I think he meant "If someone got hold of your wallet". Because if that happens with an unencrypted wallet, the funds can be spend right away. But if there's still the encryption, they'd need to break that first!
hero member
Activity: 504
Merit: 500
August 08, 2014, 11:46:30 AM
#34
Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

No password is 'in effect'. Spending the Bitcoins is possible only if someone has the private key to the address. The private key is encrypted in the wallet. If an attacker now has access to the private key, it doesn't matter how you encrypt the private key, since it already has been compromised! Makes sense? Any questions?

What extra level of security / protection does "Encrypt Wallet" feature has?

Well, if your wallet is encrypted, attackers can't get hold of your Bitcoins if they get your Wallet.dat for example. They'd still have to have your encryption password in order to get to steal the Bitcoins!

Yup, perfect, thanks for the clarification.
hero member
Activity: 504
Merit: 500
August 08, 2014, 11:46:05 AM
#33
"If one compromises an encrypted wallet, you can spend its funds right away" How could you spend right away if it is encrypted?

that was a typo Wink

lol, you scared the hell out of me, I was like I need to go to school again Tongue Thanks mate!
hero member
Activity: 798
Merit: 500
August 08, 2014, 11:44:53 AM
#32
"If one compromises an encrypted wallet, you can spend its funds right away" How could you spend right away if it is encrypted?

that was a typo Wink
hero member
Activity: 504
Merit: 500
August 08, 2014, 11:43:49 AM
#31
Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

No password is 'in effect'. Spending the Bitcoins is possible only if someone has the private key to the address. The private key is encrypted in the wallet. If an attacker now has access to the private key, it doesn't matter how you encrypt the private key, since it already has been compromised! Makes sense? Any questions?

What extra level of security / protection does "Encrypt Wallet" has?

Well if somebody happens to compromise your wallet, there's an additional layer of security for encrypted wallets since one would need to know its password as well in order to be able to spend its funds.

"If one compromises an encrypted wallet, you can spend its funds right away" How could you spend right away if it is encrypted?
full member
Activity: 154
Merit: 100
Is there life on Mars?
August 08, 2014, 11:42:14 AM
#30
Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

No password is 'in effect'. Spending the Bitcoins is possible only if someone has the private key to the address. The private key is encrypted in the wallet. If an attacker now has access to the private key, it doesn't matter how you encrypt the private key, since it already has been compromised! Makes sense? Any questions?

What extra level of security / protection does "Encrypt Wallet" feature has?

Well, if your wallet is encrypted, attackers can't get hold of your Bitcoins if they get your Wallet.dat for example. They'd still have to have your encryption password in order to get to steal the Bitcoins!
hero member
Activity: 798
Merit: 500
August 08, 2014, 11:42:02 AM
#29
Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

No password is 'in effect'. Spending the Bitcoins is possible only if someone has the private key to the address. The private key is encrypted in the wallet. If an attacker now has access to the private key, it doesn't matter how you encrypt the private key, since it already has been compromised! Makes sense? Any questions?

What extra level of security / protection does "Encrypt Wallet" has?

Well if somebody happens to compromise your wallet, there's an additional layer of security for encrypted wallets since one would need to know its password as well in order to be able to spend its funds.
hero member
Activity: 504
Merit: 500
August 08, 2014, 11:40:19 AM
#28
Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

No password is 'in effect'. Spending the Bitcoins is possible only if someone has the private key to the address. The private key is encrypted in the wallet. If an attacker now has access to the private key, it doesn't matter how you encrypt the private key, since it already has been compromised! Makes sense? Any questions?

What extra level of security / protection does "Encrypt Wallet" feature has?
full member
Activity: 154
Merit: 100
Is there life on Mars?
August 08, 2014, 11:38:16 AM
#27
Let's say I encrypted my wallet with a password "123456" and I kept the same password for 2 months. I then somehow realized that my wallet is hacked, or I had a trojan/malware or some one might have my wallet.dat, I plan to change my password to "98765".

Lets say someone hacked my wallet before I changed the password, So what password is now effective? Is 123456 or 98765? Which password does he need to get the coins?

No password is 'in effect'. Spending the Bitcoins is possible only if someone has the private key to the address. The private key is encrypted in the wallet. If an attacker now has access to the private key, it doesn't matter how you encrypt the private key, since it already has been compromised! Makes sense? Any questions?
legendary
Activity: 3248
Merit: 1070
August 08, 2014, 11:37:59 AM
#26
No. If you want to secure the wallet, you should move its funds out into a new wallet asap. As stated earlier, locally changing the wallet's password from A to B does not secure the wallet if a stranger owns the wallet.dat file which was encrypted with password A and knows password A. If you change it to B, that has no effect on the compromised wallet.

This is exactly what i thought, but you guys have spent more time on it, so wanted a clarification. Thanks.

he said "and knows password A", my case talk about the contrary, he don't know the password

The point is wallet password is stored locally, so if you have my point in time wallet.dat copy with password 123456, now matter if i change 10 password you have the wallet.dat with password 123456.

it should work like an account, if someone steal my aka(and he don't change the pass) then if i change it he can't access anymore

of i forgot that we are talking about a decentralized thing..yeah it makes sense
hero member
Activity: 504
Merit: 500
August 08, 2014, 11:37:54 AM
#25
No. If you want to secure the wallet, you should move its funds out into a new wallet asap. As stated earlier, locally changing the wallet's password from A to B does not secure the wallet if a stranger owns the wallet.dat file which was encrypted with password A and knows password A. If you change it to B, that has no effect on the compromised wallet.

What will the best way to move funds, rename old wallet.dat let the QT create a new one, generate a new address on the new wallet and then go back to old wallet transfer to new wallet?

Yes, that would be a way. Or send it to an exchange and then to an address of your new wallet.

Got it, thanks.
hero member
Activity: 798
Merit: 500
August 08, 2014, 11:37:26 AM
#24
No. If you want to secure the wallet, you should move its funds out into a new wallet asap. As stated earlier, locally changing the wallet's password from A to B does not secure the wallet if a stranger owns the wallet.dat file which was encrypted with password A and knows password A. If you change it to B, that has no effect on the compromised wallet.

What will the best way to move funds, rename old wallet.dat let the QT create a new one, generate a new address on the new wallet and then go back to old wallet transfer to new wallet?

Yes, that would be a way. Or send it to an exchange and then to an address of your new wallet.
hero member
Activity: 504
Merit: 500
August 08, 2014, 11:36:02 AM
#23
No. If you want to secure the wallet, you should move its funds out into a new wallet asap. As stated earlier, locally changing the wallet's password from A to B does not secure the wallet if a stranger owns the wallet.dat file which was encrypted with password A and knows password A. If you change it to B, that has no effect on the compromised wallet.

This is exactly what i thought, but you guys have spent more time on it, so wanted a clarification. Thanks.

he said "and knows password A", my case talk about the contrary, he don't know the password

The point is wallet password is stored locally, so if you have my point in time wallet.dat copy with password 123456, now matter if i change 10 password you have the wallet.dat with password 123456.
Pages:
Jump to: