Wallet passphrase and salt encryption

HardwalletAttacker1

brand new

Activity: 0

Merit: 8

Quote from: khangmartin on October 01, 2019, 07:03:10 PM

Im back again.

I have taken the unencrypted private key from the wallet, double sha256 the public key (IV) and taken decrypted Master Key derived in DecryptSecret function (crypter.cpp). I received an answer which is not correct and is twice as long as the encrypted private key from my wallet. Has anyone tried this before or have some idea as to what I am missing. Thanks.

reading comprehension class?
I did a cursory glance of this thread and there is a quote which states at a certain point, the passphrase is altered to continue to reach the answer.

khangmartin

newbie

Activity: 7

Merit: 1

Im back again.

I have taken the unencrypted private key from the wallet, double sha256 the public key (IV) and taken decrypted Master Key derived in DecryptSecret function (crypter.cpp). I received an answer which is not correct and is twice as long as the encrypted private key from my wallet. Has anyone tried this before or have some idea as to what I am missing. Thanks.

khangmartin

newbie

Activity: 7

Merit: 1

Disregard the above, the key is expanded automatically. I think I have computed something incorrectly.

khangmartin

newbie

Activity: 7

Merit: 1

The passphrase is converted to a key/iv pair using EVP, with a dynamic number of rounds
This key/iv pair is used to encrypt a randomly-generated master key, using AES-256-CBC
The secret part of wallet keys are then encrypted using that master key, again with AES-256-CBC

For the above, is there any key stretching involved during the private keys encryption? I am going through calculation with my own wallet and bitcoin source code and it is not adding up for AES-256-CBC. The IV used is the double sha256 for the public key and the unecrypted master key for the secret key. Thanks for all the answers.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Dabs on September 30, 2019, 11:52:37 AM

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too? Say I run it on some server with 64 cores per CPU and it has 4 of them, will my wallet encryption get updated to the equivalent of 256 cores at 4ghz (or whatever is the speed of the CPU)?

Can this number be manually increased instead of it being automatically determined by the wallet software? Some people might want to add a few extra rounds, or is this not necessary anymore and just impractical? (adding 1 second to open the wallet, for example.)

I don't know developer's approach for cryptocurrency wallet, but generally numbers of rounds is predetermined.
Few software (such as KeePass) have option to configure number of rounds with benchmark option, so user could choose best number of rounds (for them based on their device specification and patience).

And as mentioned by pooya87, multiple core won't help at all in this case because it's sequential job (next task depends on result of previous task).

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: Dabs on September 30, 2019, 11:52:37 AM

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too?

having more cores only help with algorithms that could be run in parallel. for that, each round has to be independent of others. but here, AES is being used and the CBC mode makes it serial, meaning each block needs to use the previous encrypted block so you can't run it in parallel.

with that said AES algorithm is quite fast itself specially if the implementation uses the CPU intrinsics that exist in majority of CPUs (specially Intel) there is no need for parallelism even if it were possible.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too? Say I run it on some server with 64 cores per CPU and it has 4 of them, will my wallet encryption get updated to the equivalent of 256 cores at 4ghz (or whatever is the speed of the CPU)?

Can this number be manually increased instead of it being automatically determined by the wallet software? Some people might want to add a few extra rounds, or is this not necessary anymore and just impractical? (adding 1 second to open the wallet, for example.)

pereira4

legendary

Activity: 1610

Merit: 1183

Quote from: khangmartin on September 20, 2019, 09:41:36 PM

My question is as follows: When encrypting BTC Core wallet, is the format as follows: Sha512(passphrase+salt) or Sha512(salt+passphrase) before encrypting with AES256CBC for the wallet? Thanks.

See this:

https://github.com/bitcoin/bitcoin/blob/6b8a5ab622e5c9386c872036646bf94da983b190/doc/README

Quote

Wallet encryption uses AES-256-CBC to encrypt only the private keys
that are held in a wallet. The keys are encrypted with a master key
which is entirely random. This master key is then encrypted with
AES-256-CBC with a key derived from the passphrase using SHA512 and
OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by
the speed of the machine which does the initial encryption (and is
updated based on the speed of a computer which does a subsequent
passphrase change). Although the underlying code supports multiple
encrypted copies of the same master key (and thus multiple passphrases)
the client does not yet have a method to add additional passphrases.

Summary from PWiulle:

Quote

The passphrase is converted to a key/iv pair using EVP, with a dynamic number of rounds
This key/iv pair is used to encrypt a randomly-generated master key, using AES-256-CBC
The secret part of wallet keys are then encrypted using that master key, again with AES-256-CBC

khangmartin

newbie

Activity: 7

Merit: 1

My question is as follows: When encrypting BTC Core wallet, is the format as follows: Sha512(passphrase+salt) or Sha512(salt+passphrase) before encrypting with AES256CBC for the wallet? Thanks.

Topic: Wallet passphrase and salt encryption (Read 333 times)