Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <etotheipi@gmail.com>) id 1ROXDs-0000JT-Oz
	for bitcoin-development@lists.sourceforge.net;
	Thu, 10 Nov 2011 16:11:28 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.212.47 as permitted sender)
	client-ip=209.85.212.47; envelope-from=etotheipi@gmail.com;
	helo=mail-vw0-f47.google.com; 
Received: from mail-vw0-f47.google.com ([209.85.212.47])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-MD5:128)
	(Exim 4.76) id 1ROXDn-0004QX-GH
	for bitcoin-development@lists.sourceforge.net;
	Thu, 10 Nov 2011 16:11:28 +0000
Received: by vwe42 with SMTP id 42so3364341vwe.34
	for <bitcoin-development@lists.sourceforge.net>;
	Thu, 10 Nov 2011 08:11:18 -0800 (PST)
Received: by 10.52.24.11 with SMTP id q11mr13783286vdf.83.1320941476801;
	Thu, 10 Nov 2011 08:11:16 -0800 (PST)
Received: from [192.168.1.85] (c-76-111-108-35.hsd1.md.comcast.net.
	[76.111.108.35])
	by mx.google.com with ESMTPS id ey9sm12732723vdc.19.2011.11.10.08.11.14
	(version=SSLv3 cipher=OTHER); Thu, 10 Nov 2011 08:11:16 -0800 (PST)
Message-ID: <4EBBF7A7.8030708@gmail.com>
Date: Thu, 10 Nov 2011 11:11:19 -0500
From: Alan Reiner <etotheipi@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
	rv:1.9.2.23) Gecko/20110921 Thunderbird/3.1.15
MIME-Version: 1.0
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative;
	boundary="------------040906040300090304080306"
X-Spam-Score: -0.8 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(etotheipi[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.2 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1ROXDn-0004QX-GH
Subject: [Bitcoin-development] Wallet encryption issue
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2011 16:11:28 -0000

This is a multi-part message in MIME format.
--------------040906040300090304080306
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Sorry guys, I just realized I should've posted this to the dev list 
first, before/instead of putting it on the forums.

    https://bitcointalk.org/index.php?topic=51474

*I still have some of my private keys in plaintext. *I would guess that 
BSDDB sometimes will "overwrite" data by just discarding a pointer to 
the old data, and writing the replacement to a new location within the 
file.  In that case, examining the file with a BSDDB library tool is not 
going to find this problem.  You'll have to examine the raw binary file 
as I did.  Instructions for verifying this problem are in the post.

Can someone please verify that this is a real problem?  (and should we 
maybe remove my post until there's a remediation plan?  This is problem 
the best kind of problem to disclose after it's fixed)
-Alan



--------------040906040300090304080306
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    Sorry guys, I just realized I should've posted this to the dev list
    first, before/instead of putting it on the forums.&nbsp; <br>
    <br>
    &nbsp;&nbsp; <a class="moz-txt-link-freetext" href="https://bitcointalk.org/index.php?topic=51474">https://bitcointalk.org/index.php?topic=51474</a><br>
    <br>
    <b>I still have some of my private keys in plaintext.&nbsp; </b>I would
    guess that BSDDB sometimes will "overwrite" data by just discarding
    a pointer to the old data, and writing the replacement to a new
    location within the file.&nbsp; In that case, examining the file with a
    BSDDB library tool is not going to find this problem.&nbsp; You'll have
    to examine the raw binary file as I did.&nbsp; Instructions for verifying
    this problem are in the post.<br>
    <br>
    Can someone please verify that this is a real problem?&nbsp; (and should
    we maybe remove my post until there's a remediation plan?&nbsp; This is
    problem the best kind of problem to disclose after it's fixed)<br>
    -Alan<br>
    <br>
    <br>
  </body>
</html>

--------------040906040300090304080306--