Author

Topic: Wallet passphrase and salt encryption (Read 336 times)

brand new
Activity: 0
Merit: 8
October 03, 2019, 03:32:53 PM
#9
Im back again.

I have taken the unencrypted private key from the wallet, double sha256 the public key (IV) and taken decrypted Master Key derived in DecryptSecret function (crypter.cpp). I received an answer which is not correct and is twice as long as the encrypted private key from my wallet. Has anyone tried this before or have some idea as to what I am missing. Thanks.

reading comprehension class?
I did a cursory glance of this thread and there is a quote which states at a certain point, the passphrase is altered to continue to reach the answer.
newbie
Activity: 7
Merit: 1
October 01, 2019, 07:03:10 PM
#8
Im back again.

I have taken the unencrypted private key from the wallet, double sha256 the public key (IV) and taken decrypted Master Key derived in DecryptSecret function (crypter.cpp). I received an answer which is not correct and is twice as long as the encrypted private key from my wallet. Has anyone tried this before or have some idea as to what I am missing. Thanks.
newbie
Activity: 7
Merit: 1
October 01, 2019, 06:44:43 PM
#7
Disregard the above, the key is expanded automatically. I think I have computed something incorrectly.
newbie
Activity: 7
Merit: 1
October 01, 2019, 05:06:28 PM
#6
The passphrase is converted to a key/iv pair using EVP, with a dynamic number of rounds
This key/iv pair is used to encrypt a randomly-generated master key, using AES-256-CBC
The secret part of wallet keys are then encrypted using that master key, again with AES-256-CBC

For the above, is there any key stretching involved during the private keys encryption? I am going through calculation with my own wallet and bitcoin source code and it is not adding up for AES-256-CBC. The IV used is the double sha256 for the public key and the unecrypted master key for the secret key. Thanks for all the answers.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 01, 2019, 11:48:09 AM
#5
Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too? Say I run it on some server with 64 cores per CPU and it has 4 of them, will my wallet encryption get updated to the equivalent of 256 cores at 4ghz (or whatever is the speed of the CPU)?

Can this number be manually increased instead of it being automatically determined by the wallet software? Some people might want to add a few extra rounds, or is this not necessary anymore and just impractical? (adding 1 second to open the wallet, for example.)

I don't know developer's approach for cryptocurrency wallet, but generally numbers of rounds is predetermined.
Few software (such as KeePass) have option to configure number of rounds with benchmark option, so user could choose best number of rounds (for them based on their device specification and patience).

And as mentioned by pooya87, multiple core won't help at all in this case because it's sequential job (next task depends on result of previous task).
legendary
Activity: 3472
Merit: 10611
September 30, 2019, 11:15:11 PM
#4
Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too?

having more cores only help with algorithms that could be run in parallel. for that, each round has to be independent of others. but here, AES is being used and the CBC mode makes it serial, meaning each block needs to use the previous encrypted block so you can't run it in parallel.

with that said AES algorithm is quite fast itself specially if the implementation uses the CPU intrinsics that exist in majority of CPUs (specially Intel) there is no need for parallelism even if it were possible. 
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 30, 2019, 11:52:37 AM
#3
Honest question about wallet encryption: Is the rounds determined by how fast one (1) core of the CPU is? or would having some mulitple core CPU, or multiple CPU hardware increase the rounds for encryption too? Say I run it on some server with 64 cores per CPU and it has 4 of them, will my wallet encryption get updated to the equivalent of 256 cores at 4ghz (or whatever is the speed of the CPU)?

Can this number be manually increased instead of it being automatically determined by the wallet software? Some people might want to add a few extra rounds, or is this not necessary anymore and just impractical? (adding 1 second to open the wallet, for example.)
legendary
Activity: 1610
Merit: 1183
September 21, 2019, 01:16:41 PM
#2
My question is as follows: When encrypting BTC Core wallet, is the format as follows: Sha512(passphrase+salt) or Sha512(salt+passphrase) before encrypting with AES256CBC for the wallet? Thanks.

See this:

https://github.com/bitcoin/bitcoin/blob/6b8a5ab622e5c9386c872036646bf94da983b190/doc/README

Quote
Wallet encryption uses AES-256-CBC to encrypt only the private keys
that are held in a wallet.  The keys are encrypted with a master key
which is entirely random.  This master key is then encrypted with
AES-256-CBC with a key derived from the passphrase using SHA512 and
OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by
the speed of the machine which does the initial encryption (and is
updated based on the speed of a computer which does a subsequent
passphrase change).  Although the underlying code supports multiple
encrypted copies of the same master key (and thus multiple passphrases)
the client does not yet have a method to add additional passphrases.

Summary from PWiulle:

Quote
    The passphrase is converted to a key/iv pair using EVP, with a dynamic number of rounds
    This key/iv pair is used to encrypt a randomly-generated master key, using AES-256-CBC
    The secret part of wallet keys are then encrypted using that master key, again with AES-256-CBC
newbie
Activity: 7
Merit: 1
September 20, 2019, 09:41:36 PM
#1
My question is as follows: When encrypting BTC Core wallet, is the format as follows: Sha512(passphrase+salt) or Sha512(salt+passphrase) before encrypting with AES256CBC for the wallet? Thanks.
Jump to: