Bitcoin Core Old Wallet.dat Vulnerability

2

Own a wallet.dat file from 2010-2011. Yesterday I saw there was a vulnerability which is makes attacking somewhat easier if your wallet is generated by old client and I'm pretty sure my wallet is affected that vulnerability because my last transaction is made 2010.

So my problem is I don't have any idea about wallet passphrase. Maybe the vulnerability helps to open my wallet. It is about AES padded encryption. But i don't have enough cryptographic knowledge to handle it. I'm aware it is brute force task but the vulnerability decreases time of task.

I hope that someone can create a brute force tool for me which is using the vulnerability, so that I can recover my wallet.

Github Report about vulnerability : https://github.com/bitcoin/bitcoin/commit/c682cdf3eda0f55297eb0e72a04508b7b9c2f5df

VulDB report : https://vuldb.com/?id.4883

bitlobo

Posted 2018-12-11T21:29:47.833

Reputation: 21

Answers

1

The vulnerability affects the encryption of the wallet file, weakening the encryption by lowering the resources needed to brute force attack it.

Practically, this means if an attacker were to get a copy of your wallet.dat file, they would have an easier time brute force attacking it (ie. guessing your password would become a little easier), compared to an attack against a wallet.dat file using the same password, that is not affected by the vulnerability.

Any attack that exploits this vulnerability would have to be highly targeted, so for affected users the threat of attack is probably quite low. Perhaps ironically, by asking for help, you may draw attention to yourself as an affected user, so I would be very wary of anyone offering a 'tool' to help you fix the issue!

I assume that your goal here is simply to ensure your bitcoins are secure. If you are concerned that someone may steal (of have already stolen) your encrypted wallet.dat file, a simple fix would be to create a new wallet using software of your choice, and then send the entire balance of the old wallet to the new one. This way, your new wallet file will not be affected by the vulnerability.

chytrik

Posted 2018-12-11T21:29:47.833

Reputation: 10 276

Hey, I altered the question. I don't remember my passphrase and thought it is helps to find it much faster due to vulnerability.bitlobo 2018-12-11T22:29:57.983

Ah okay, that changes the scope of the question substantially. Note that in general, it is against site rules to offer a reward for help. I do hope you are able to recover your wallet!chytrik 2018-12-11T22:45:23.403

Asked: 2018-12-11T21:29:47.833

Viewed: 495 times

Active: 2019-05-10T23:02:15.457