Author

Topic: What are the risks of having blockchain wallet backup (Read 1008 times)

legendary
Activity: 952
Merit: 1005
--Signature Designs-- http://bit.ly/1Pjbx77
I think it is multibit compatible. (have not actually tested though)

I have tested. It did work.
I downloaded multibit and imported the json file and have access to my wallet in about an hour
(an hour to download relevent blockchain data)
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
If you don't know the exact details of how blockchain.info encrypts the wallet you shouldn't assume it is done properly.   Have they made the encryption/decryption process open source?

I think it is multibit compatible. (have not actually tested though)
donator
Activity: 1218
Merit: 1079
Gerald Davis
"Encrypted doesn't tell us much".   If the encryption is properly implemented (including using salt in the key derivation function) and the passphrase is sufficiently strong then there is no practical risk.

If you don't know the exact details of how blockchain.info encrypts the wallet you shouldn't assume it is done properly.   Have they made the encryption/decryption process open source?
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
I have trouble understanding why people think wallet back-ups are secure if they are encrypted: you need to store that encryption key somewhere! That is all wallets are: sets of encryption keys.

I still recommend paper back-ups in at least two geographically separate locations. Physical theft is a concern though. Using n-of-m transactions and a Pay to script hash address (read: 2 of 3 locations) would be better. Blockchain.info does not support that as far as I know.
legendary
Activity: 952
Merit: 1005
--Signature Designs-- http://bit.ly/1Pjbx77
The json backup file is your entire wallet in encrypted form. If your password is weak, it can be brute-forced.
So use a very strong password with at least 12 alphanumeric characters with mixed upper and lower cases.



legendary
Activity: 1092
Merit: 1001
Touchdown
So it is safer not to have it in mailbox then to have it?
There are two basic levels of protection when it comes to your wallet.dat file:

(1) Don't let people get hold of a copy.

(2) Keep it encrypted (an option in most clients) with a very strong password. If someone does get hold of a copy, they might not be able to crack the password.

You are making (1) more difficult for yourself.

Obviously the more copies you make and the more places you send them, the more likely it is someone else will get hold of a copy.

If someone were to gain access to your email, for example, Bitcoin related messages might prompt them to do a quick search for a wallet back up.
member
Activity: 84
Merit: 10
So it is safer not to have it in mailbox then to have it?
sr. member
Activity: 304
Merit: 380
According to the "FAQ: wallet" the backup is encrypted.  It doesn't tell what encryption they use.  
The "FAQ: technical" doesn't mention the backup encryption.
member
Activity: 84
Merit: 10
...in one's mailbox?

How can someone steal it and what would it take?

I read blockchain's FAQ on it but can't pin down the risk precisely.
Thanks!
Jump to: