Option to encrypt wallet from the start #1665

The first time the program is run, it creates a wallet.dat file that is written unencrypted to disk. Later encryption of this wallet file, may leave plaintext fragments on the storage device due to details of the operation of the filesystem or storage device. One workaround is to create the wallet.dat file on another system perhaps using a Live CD, encrypt it, and copy this encrypted wallet over to the desired system.

It would be better if the first time the program is run, it asks if the user wishes to encrypt their wallet, then asks for the passphrase, and from the start writes only the encrypted version to disk.

As long as you don't use that first address it makes, you're safe.

I thought it made 100 at first run.

Yes it makes sense. I know it was discussed when encrypted wallets were implemented. @luke-jr: It still may use that for change, right?

When you encrypt for the first time, it flags any unallocated addresses so they don't get used. Change never goes to used addresses, either these or user-visible ones.

If it is desirable to harden default user configuration against theft, making the proposed change would help. In the meantime, the documentation should be updated with a recommendation to encrypt before doing anything else.

Rather than a live cd you can also work from an encrypted volume using lvm or truecrypt.

Something like #1666 would have to be implemented first. Currently there are not enough recovery options to encourage encryption by default.