Author

Topic: WalletCrypt - Windows Wallet Protection (Read 1292 times)

hero member
Activity: 588
Merit: 500
August 09, 2011, 02:53:52 PM
#10
This is pretty obviously a joke to anyone with even basic knowledge of crypto. However, most non-technical people won't be able to evaluate it properly and reach this conclusion.
member
Activity: 70
Merit: 10
August 09, 2011, 02:51:07 PM
#9
Post Sauce of I'm considering this a dropper Cheesy

He hasn't posted the binaries either. So I guess we wait for him to provide both as he promised. Then we will analyze it.

A screenshot of the GUI isn't enough to say if it's legit or not.

hero member
Activity: 560
Merit: 500
August 09, 2011, 02:43:07 PM
#8
Post Sauce of I'm considering this a dropper Cheesy
full member
Activity: 134
Merit: 102
August 09, 2011, 12:28:41 PM
#7
The use of hash functions seems off to me, too. Maybe they are for key derivation? If so, then what algorithm do you use for the actual encryption?

Also, a custom crypto algorithm? This is a well known bad idea. Based on the name I assume it uses a Vigenère cipher which is not secure.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
August 09, 2011, 09:56:16 AM
#6
Well I guess if he releases the code then people can at least compile it themselves and compare it to what he is providing as a binary. The hashes part seem odd. Perhaps he's hashing the password then encrypting? It may be better to overwrite then delete. Although deleting wallets always makes me nervous...
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
August 09, 2011, 09:42:40 AM
#5
Looks cool. But how exactly do you decrypt md5?
+1, md5 isn't a form of encryption, it's hashing. Same with SHA btw.
+2
This makes me suspicious
Quote
WalletCrypt: Encrypt your wallet, never retrieve it


Quote from: OP
After all the drama's with on-line wallet services, I finally decided to have my own wallet steal your coins too
Fix'd
newbie
Activity: 42
Merit: 0
August 09, 2011, 09:39:52 AM
#4
Looks cool. But how exactly do you decrypt md5?

That's the point somebody-else-in-another-thread is making. Since MD5 and SHA are both one-way hash, encrypting the wallet using them would make it irrecoverable. Which implies WalletCrypt might not be doing what it claims to be doing aka wallet theft alert.
newbie
Activity: 22
Merit: 0
August 09, 2011, 09:33:23 AM
#3
Looks cool. But how exactly do you decrypt md5?
+1, md5 isn't a form of encryption, it's hashing. Same with SHA btw.
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
August 09, 2011, 08:15:05 AM
#2
Looks cool. But how exactly do you decrypt md5?
sr. member
Activity: 1204
Merit: 288
August 09, 2011, 04:17:47 AM
#1
After all the drama's with on-line wallet services, I finally decided to have my own wallet, Only problem there is so many topics about wallet stealing trojans. Hence the start of this simple but useful project that will help protect your wallet while your not using it. It total scrambles your wallet.dat in a single or combination of Encryption algorithms and a option to compress the encrypted wallet. It uses a pass word pharse to Decrypt the wallet and restore it back to its original state. Nothing real special but handy never the less. Full source code will available after releasing the first version(I need to setup a git account).

SnapShot:


Current Features:
* RC4
* MD5
* SHA
* Vigenere (my own custom implementation for encrypting the pass word pharse)
* Compression

Up coming Features:
* Append Encrypted wallet to EOF of WalletCrypt.exe (This will provide portable encryption, where ever the program goes so does your wallet)
* Auto Detect wallet location
* Decrypt and place in original wallet location
* Detect closure of bitcoin client then Encrypt automatically after closed(optional).

Info:
I have basic knowledge of reverse engineering(6 years) dealing with reversing encryption algorithms(a.k.s keygenning), I dont claim this will be 100% protection for your wallet due to it being decrypted to its original state when in use. But my small amount of time/knowledge I have in this field should assure you that the encrypted wallet will not be broken if using pass pharse with 12+ characters, Ontop of that is multiple encryption algo's which are basic but when combined in it should be just about impossible to decrpyt unless the attacker knows what algo and uses a brute forcer which would then be pointless due to the password length.

If you have suggestions or ideas this is the topic to submit them, I use this personally for my own bitcoin wallet and thought it might be useful to other windows users. Its coded in Delphi and source will be available once the project is released to public.


   
Jump to: