public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [Bitcoin-development] Wallet encryption migration
@ 2011-07-15  2:50 Luke-Jr
  2011-07-16 22:38 ` Arthur Britto
  2011-07-17  8:01 ` Gregory Maxwell
  0 siblings, 2 replies; 3+ messages in thread
From: Luke-Jr @ 2011-07-15  2:50 UTC (permalink / raw)
  To: bitcoin-development

Just wanted to get these suggestions out here:
1. Write over the old, unencrypted wallet.dat a couple of times with pseudo-
   random data in an attempt to secure-delete it.
2. Mark all the keys imported from an unencrypted file (wallet or otherwise)
   as "potentially compromised" and never use them for new addresses
   (basically, don't use the old keypool for getnewaddress, change, and such).



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Bitcoin-development] Wallet encryption migration
  2011-07-15  2:50 [Bitcoin-development] Wallet encryption migration Luke-Jr
@ 2011-07-16 22:38 ` Arthur Britto
  2011-07-17  8:01 ` Gregory Maxwell
  1 sibling, 0 replies; 3+ messages in thread
From: Arthur Britto @ 2011-07-16 22:38 UTC (permalink / raw)
  To: Luke-Jr; +Cc: bitcoin-development

[-- Attachment #1: Type: text/plain, Size: 370 bytes --]

On Thu, Jul 14, 2011 at 7:50 PM, Luke-Jr <luke@dashjr.org> wrote:

> Just wanted to get these suggestions out here:
> 1. Write over the old, unencrypted wallet.dat a couple of times with
> pseudo-
>   random data in an attempt to secure-delete it.
>

Writing zeros just once should be sufficient:
http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf

-Arthur

[-- Attachment #2: Type: text/html, Size: 1013 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Bitcoin-development] Wallet encryption migration
  2011-07-15  2:50 [Bitcoin-development] Wallet encryption migration Luke-Jr
  2011-07-16 22:38 ` Arthur Britto
@ 2011-07-17  8:01 ` Gregory Maxwell
  1 sibling, 0 replies; 3+ messages in thread
From: Gregory Maxwell @ 2011-07-17  8:01 UTC (permalink / raw)
  To: Luke-Jr; +Cc: bitcoin-development

On Thu, Jul 14, 2011 at 10:50 PM, Luke-Jr <luke@dashjr.org> wrote:
> Just wanted to get these suggestions out here:
> 1. Write over the old, unencrypted wallet.dat a couple of times with pseudo-
>   random data in an attempt to secure-delete it.
> 2. Mark all the keys imported from an unencrypted file (wallet or otherwise)
>   as "potentially compromised" and never use them for new addresses
>   (basically, don't use the old keypool for getnewaddress, change, and such).

On Sat, Jul 16, 2011 at 6:38 PM, Arthur Britto <ahbritto@gmail.com> wrote:
> Writing zeros just once should be sufficient:

On many (most?) modern Unix file systems writing zeros just once is
not sufficient because the data won't be written in place, but
multiple writes aren't any better.

Moving the keypool addresses aside so they won't be used sounds like a
good idea.

The lamest thing is that there is no way for wallet to be
born-encrypted. So the only way to prevent a leak is to build the
wallet initially on a ramdisk or the like, then move it over after
encrypting it.

At least luke-jr's (2) would make the key leak on a new wallet
inconsequential— since all keys in it are keypool keys at that point.
So I really think it ought to be done.



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-07-17  8:01 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-15  2:50 [Bitcoin-development] Wallet encryption migration Luke-Jr
2011-07-16 22:38 ` Arthur Britto
2011-07-17  8:01 ` Gregory Maxwell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox