9
1
I read this little nugget on the bitcoin client bug tracker:
the bdb binary log files can also contain sensitive data such as private keys
Is that true? Does this mean that even with an encrypted wallet.dat, there might be a way that the private keys are written to disk unprotected? If so, what can I do about it?
3
If you are using an encrypted wallet, private keys are never written unencrypted to disk.
However, the 0.4.0 release (the first to feature wallet encryption) had a bug where - upon upgrading a wallet from unencrypted to encrypted - parts of the unencrypted where not necessarily overwritten, leaving them accessible for a while.
0.4.1 and 0.5.0 fix this by first rewriting the entire wallet file upon encryption (or the first start afterwards), and invalidating the entire pool of reserve keys that was present before. This means (and has been tested), that if you start with an empty wallet, and immediately encrypt it, it will not ever use any key that was ever written to disk in unencrypted form.
Note that wallet encryption is not a silver bullet, and an attacker may have other ways of extracting the private key, such as keyloggers.
EDIT: only now I read your question correctly. The log files may contain anything that was attempted to be written to the database files themselves, and if you are using (or were using) an unencrypted wallet, that may indeed mean private keys as well. Again, if you start with an encrypted wallet in 0.5.0, no keys will be used that ever touched disk unencrypted.
So how does this encrypted wallet work? Is it still a BerkeleyDB file (unencrypted) that contains private keys that are now individually encrypted before BerkeleyDB sees them? Or does the encryption happen below the BerkeleyDB layer? – Thilo – 2011-12-05T01:38:32.167
What do you mean "start with an encrypted wallet"? If you start with a fresh wallet, it's not encrypted. You can encrypt it immediately, but it generates some keys before being encrypted ... won't be in the log files? – ripper234 – 2011-12-05T06:34:41.570
1Yes, those may end up in the log file. However, as soon as you encrypt it, the keypool is flushed, and 100 new reserve keys are generated. Thus, if you start with a new wallet, and encrypt it before doing anything else with it, those 100 new keys will never touch disk in unencrypted form. – Pieter Wuille – 2011-12-05T11:37:22.357
1Thilo: it's a bdb file as before, only the key material itself is encrypted (at the application level). – Pieter Wuille – 2011-12-05T11:37:58.300
So, since I am not using Bitcoin encryption, but rather place my wallet.dat (only) on an encrypted disk, my private keys may have ended up in the log files. Any way to purge the logs going forward? – Thilo – 2011-12-06T00:54:18.307
Also, I was also hoping that placing wallet.dat on an encrypted disk would also protect my public keys (plausible denyability of owning them), which I understand are not encrypted using Bitcoin wallet encryption. Those also end up in the logs, right? Even with encryption turned on? – Thilo – 2011-12-06T01:02:34.507
Encryption only protects the private keys, public keys are available without passphrase. And if you do a clean shutdown, you can safely remove the log files and files in the database directory. – Pieter Wuille – 2011-12-06T10:57:49.830