Author: Gregory Maxwell 2011-07-17 08:01:47
Published on: 2011-07-17T08:01:47+00:00
In a discussion thread on protecting Bitcoin wallets from theft, Luke-Jr suggested two potential measures for securing the wallet.dat file. The first suggestion was to overwrite the old unencrypted wallet.dat with pseudo-random data multiple times in an attempt to secure-delete it. The second suggestion was to mark all the keys imported from an unencrypted file as "potentially compromised" and never use them for new addresses. Arthur Britto chimed in, stating that writing zeros only once may not be sufficient on modern Unix file systems because the data won't be written in place. He also agreed with Luke-Jr's second suggestion of moving keypool addresses aside so they won't be used. However, he noted that there is no way for a wallet to be born-encrypted, which means the only way to prevent a leak is to build the wallet initially on a ramdisk or something similar, then move it over after encrypting it. Overall, Britto felt that Luke-Jr's second suggestion would make the key leak on a new wallet inconsequential since all keys in it are keypool keys at that point, and therefore should be implemented.
Updated on: 2023-05-18T21:26:06.607795+00:00