Author: Gavin Andresen 2011-07-04 18:23:53
Published on: 2011-07-04T18:23:53+00:00
In an email thread, Gavin Andresen discusses potential vulnerabilities and solutions related to unencrypted keys. He expresses concern that if an attacker has access to wallet.dat, they could delete encrypted keypool keys and replace them with unencrypted ones that they know how to spend. To avoid this, 0.4 and later versions of Bitcoin have the ability to create a wallet_e.dat (encrypted wallet) upon wallet encryption, then truncate wallet.dat and set its file-permissions to 000. This would prevent old versions of Bitcoin or any "dumb" wallet backup scripts from reading it.Andresen also suggests adding a nMinVersion to wallet.dat to specify a minimum version required to read the file in future upgrades, which could provide a warning message if the user tries to downgrade after an incompatible change. If backup scripts use the backupwallet RPC command, then they will continue to work.
Updated on: 2023-05-26T19:10:07.418613+00:00