Multibit: Using the same passphrase for both my wallet and exported private keys

I have a password-protected wallet in Multibit that I have backed up in multiple locations.

I have exported the private keys from this wallet. The private keys are password-protected using the same password as my wallet.

The password is more than 50 characters (passphrase) with words that cannot be found in a dictionary.

The wallet file and private keys file are stored together.

I don't care if the attacker can see my balance.

My questions:

How (un)safe is this?
If an attacker retrieves these files, can the attacker take a cryptographic shortcut because both files use the same password?

Blaise

Posted 2014-01-09T19:57:51.237

Reputation: 113

Answers

How (un)safe is this?

It is probably OK. Even though, in general case, you would want a different password for any different use, in your case the things you protecting are nearly the same. The wallet will hold all the "keys", and the keys along form your wallet.

Suppose you have a selection of deposit boxes in a bank. Now imagine that there are no guards in the bank and anyone can pop in and open any deposit box. Now, expand this idea, instead of a single bank you have as many deposit boxes as there are probably atoms in the universe.

A key is a pointer to one of those boxes. No passwords, no locks, just the location.

Because the wallet and keys are kind of the same stuff you can use the same passwords. But really, in a world where tools like KeyPass, can generate strong random noise, there is no excuse not to use them, and not to have two different passwords.

If an attacker retrieves these files, can the attacker take a cryptographic shortcut because both files use the same password?

An attacker would need to get access to either of the wallet or the keys to get your money. Given access to any, means he will be able to transfer the funds elsewhere. The good news, he will need to know your password. There are no successful attacks known, that can decrypt the data without the password.

oleksii

Posted 2014-01-09T19:57:51.237

Reputation: 391

I do the same thing.

There are very important reasons why you should, in general, not use a password in more than one location.

One is: if your password protecting one thing gets compromised, your other password is also compromised.

Another is: If someone has a copy of your password (e.g. Facebook, to check it when you log in), then that someone also has the password for the other service (being the same). So, an unscrupulous facebook employee can steal your twitter account. Or, if facebook gets hacked, the hacker also has your twitter account.

Neither of these is relevant to Bitcoin; if someone has your wallet and your password, they no longer need your private key password; they have your wallet, and vice-versa.

Of course, it is very important to keep your private key backup IN A DIFFERENT PLACE! - if your hard drive fails, you lose all your BC!

AMADANON Inc.

Posted 2014-01-09T19:57:51.237

Reputation: 412