1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <gmaxwell@gmail.com>) id 1QiMIU-0001ub-9j
for bitcoin-development@lists.sourceforge.net;
Sun, 17 Jul 2011 08:01:54 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.216.47 as permitted sender)
client-ip=209.85.216.47; envelope-from=gmaxwell@gmail.com;
helo=mail-qw0-f47.google.com;
Received: from mail-qw0-f47.google.com ([209.85.216.47])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1QiMIT-0002nO-Eh
for bitcoin-development@lists.sourceforge.net;
Sun, 17 Jul 2011 08:01:54 +0000
Received: by qwh5 with SMTP id 5so1532289qwh.34
for <bitcoin-development@lists.sourceforge.net>;
Sun, 17 Jul 2011 01:01:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.241.205 with SMTP id lf13mr3814606qcb.292.1310889708040;
Sun, 17 Jul 2011 01:01:48 -0700 (PDT)
Received: by 10.229.83.196 with HTTP; Sun, 17 Jul 2011 01:01:47 -0700 (PDT)
In-Reply-To: <201107142250.44189.luke@dashjr.org>
References: <201107142250.44189.luke@dashjr.org>
Date: Sun, 17 Jul 2011 04:01:47 -0400
Message-ID: <CAAS2fgRBQb82iwNjk3Vd6qecFX4Wxkkvk2LLWfVeKS+VD9nLzA@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Luke-Jr <luke@dashjr.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(gmaxwell[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1QiMIT-0002nO-Eh
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Wallet encryption migration
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 17 Jul 2011 08:01:54 -0000
On Thu, Jul 14, 2011 at 10:50 PM, Luke-Jr <luke@dashjr.org> wrote:
> Just wanted to get these suggestions out here:
> 1. Write over the old, unencrypted wallet.dat a couple of times with pseu=
do-
> =C2=A0 random data in an attempt to secure-delete it.
> 2. Mark all the keys imported from an unencrypted file (wallet or otherwi=
se)
> =C2=A0 as "potentially compromised" and never use them for new addresses
> =C2=A0 (basically, don't use the old keypool for getnewaddress, change, a=
nd such).
On Sat, Jul 16, 2011 at 6:38 PM, Arthur Britto <ahbritto@gmail.com> wrote:
> Writing zeros just once should be sufficient:
On many (most?) modern Unix file systems writing zeros just once is
not sufficient because the data won't be written in place, but
multiple writes aren't any better.
Moving the keypool addresses aside so they won't be used sounds like a
good idea.
The lamest thing is that there is no way for wallet to be
born-encrypted. So the only way to prevent a leak is to build the
wallet initially on a ramdisk or the like, then move it over after
encrypting it.
At least luke-jr's (2) would make the key leak on a new wallet
inconsequential=E2=80=94 since all keys in it are keypool keys at that poin=
t.
So I really think it ought to be done.
|
