9

I read this little nugget on the bitcoin client bug tracker:

the bdb binary log files can also contain sensitive data such as private keys

Is that true? Does this mean that even with an encrypted wallet.dat, there might be a way that the private keys are written to disk unprotected? If so, what can I do about it?

Thilo
  • 4,751
  • 5
  • 25
  • 37

1 Answers1

3

If you are using an encrypted wallet, private keys are never written unencrypted to disk.

However, the 0.4.0 release (the first to feature wallet encryption) had a bug where - upon upgrading a wallet from unencrypted to encrypted - parts of the unencrypted where not necessarily overwritten, leaving them accessible for a while.

0.4.1 and 0.5.0 fix this by first rewriting the entire wallet file upon encryption (or the first start afterwards), and invalidating the entire pool of reserve keys that was present before. This means (and has been tested), that if you start with an empty wallet, and immediately encrypt it, it will not ever use any key that was ever written to disk in unencrypted form.

Note that wallet encryption is not a silver bullet, and an attacker may have other ways of extracting the private key, such as keyloggers.

EDIT: only now I read your question correctly. The log files may contain anything that was attempted to be written to the database files themselves, and if you are using (or were using) an unencrypted wallet, that may indeed mean private keys as well. Again, if you start with an encrypted wallet in 0.5.0, no keys will be used that ever touched disk unencrypted.

Pieter Wuille
  • 98,249
  • 9
  • 183
  • 287
  • So how does this encrypted wallet work? Is it still a BerkeleyDB file (unencrypted) that contains private keys that are now individually encrypted before BerkeleyDB sees them? Or does the encryption happen below the BerkeleyDB layer? – Thilo Dec 05 '11 at 01:38
  • What do you mean "start with an encrypted wallet"? If you start with a fresh wallet, it's not encrypted. You can encrypt it immediately, but it generates some keys before being encrypted ... won't be in the log files? – ripper234 Dec 05 '11 at 06:34
  • 1
    Yes, those may end up in the log file. However, as soon as you encrypt it, the keypool is flushed, and 100 new reserve keys are generated. Thus, if you start with a new wallet, and encrypt it before doing anything else with it, those 100 new keys will never touch disk in unencrypted form. – Pieter Wuille Dec 05 '11 at 11:37
  • 1
    Thilo: it's a bdb file as before, only the key material itself is encrypted (at the application level). – Pieter Wuille Dec 05 '11 at 11:37
  • So, since I am not using Bitcoin encryption, but rather place my wallet.dat (only) on an encrypted disk, my private keys may have ended up in the log files. Any way to purge the logs going forward? – Thilo Dec 06 '11 at 00:54
  • Also, I was also hoping that placing wallet.dat on an encrypted disk would also protect my public keys (plausible denyability of owning them), which I understand are *not* encrypted using Bitcoin wallet encryption. Those also end up in the logs, right? Even with encryption turned on? – Thilo Dec 06 '11 at 01:02
  • Encryption only protects the private keys, public keys are available without passphrase. And if you do a clean shutdown, you can safely remove the log files and files in the database directory. – Pieter Wuille Dec 06 '11 at 10:57