From: Gregory Maxwell <gmaxwell@gmail.com>
To: Luke-Jr <luke@dashjr.org>
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Wallet encryption migration
Date: Sun, 17 Jul 2011 04:01:47 -0400 [thread overview]
Message-ID: <CAAS2fgRBQb82iwNjk3Vd6qecFX4Wxkkvk2LLWfVeKS+VD9nLzA@mail.gmail.com> (raw)
In-Reply-To: <201107142250.44189.luke@dashjr.org>
On Thu, Jul 14, 2011 at 10:50 PM, Luke-Jr <luke@dashjr.org> wrote:
> Just wanted to get these suggestions out here:
> 1. Write over the old, unencrypted wallet.dat a couple of times with pseudo-
> random data in an attempt to secure-delete it.
> 2. Mark all the keys imported from an unencrypted file (wallet or otherwise)
> as "potentially compromised" and never use them for new addresses
> (basically, don't use the old keypool for getnewaddress, change, and such).
On Sat, Jul 16, 2011 at 6:38 PM, Arthur Britto <ahbritto@gmail.com> wrote:
> Writing zeros just once should be sufficient:
On many (most?) modern Unix file systems writing zeros just once is
not sufficient because the data won't be written in place, but
multiple writes aren't any better.
Moving the keypool addresses aside so they won't be used sounds like a
good idea.
The lamest thing is that there is no way for wallet to be
born-encrypted. So the only way to prevent a leak is to build the
wallet initially on a ramdisk or the like, then move it over after
encrypting it.
At least luke-jr's (2) would make the key leak on a new wallet
inconsequential— since all keys in it are keypool keys at that point.
So I really think it ought to be done.
prev parent reply other threads:[~2011-07-17 8:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-15 2:50 [Bitcoin-development] Wallet encryption migration Luke-Jr
2011-07-16 22:38 ` Arthur Britto
2011-07-17 8:01 ` Gregory Maxwell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAS2fgRBQb82iwNjk3Vd6qecFX4Wxkkvk2LLWfVeKS+VD9nLzA@mail.gmail.com \
--to=gmaxwell@gmail.com \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=luke@dashjr.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox