Simple code to enable encryption of the database. Uses Berkeley DB built in AES encryption with a password from the new dbpassword option. 1FabZdhzEQJC7qJxb3k1RHVMf5gctB8qbh
Added database encryption #46
pull Gnonthgol wants to merge 1 commits into bitcoin:master from Gnonthgol:master changing 1 files +16 −1-
Gnonthgol commented at 5:15 PM on January 28, 2011: none
-
Adding database encryption 722bd74749
-
tcatm commented at 5:26 PM on January 28, 2011: none
I think encryption should be limited to wallet.dat, so one could have multiple wallets with different passwords. This patch seems to encrypt blkindex.dat and addr.dat, too.
Also, a GUI prompt to enter the password would be useful.
-
Gnonthgol commented at 6:05 PM on January 28, 2011: none
It is not possible to selectively encrypt parts of the database environment with Berkeley DB. There is several possible solutions but the best long term is to encrypt everything and add a export/import wallet feature.
The gui prompt was a good idea, remember to add a non-GUI prompt for running headless.
-
gavinandresen commented at 8:03 PM on January 28, 2011: contributor
From http://www.bitcoin.org/smf/index.php?topic=2698.msg36793#msg36793
First, unless I'm reading the bdb docs wrong, you specify a password at database creation time. And then can't change it.
So, at the very least, somebody would have to write code that (safely) rewrote wallet.dat when you set or unset or changed the password.
Second, encrypting everything in wallet.dat means you'd have to enter your wallet password as soon as you started bitcoin (because user preference are stored in there right now), when ideally you should only enter the password as you're sending coins.
And third, there are all sorts of usability issues with passwords. Users forget their passwords. They mis-type them. I wouldn't be terribly surprised if doing the simple thing and just encrypting the whole wallet with one password resulted in more lost bitcoins due to forgotten passwords than wallets stolen by trojans.
I think creating a safe, useful wallet protection feature isn't easy, and there a lot of wrong ways to do it.
-
gavinandresen commented at 8:09 PM on January 28, 2011: contributor
Gnonthgol: if you're motivated to solve this right, please jump onto the forums and work out a good approach; I think this is a very important feature to get right.
-
tcatm commented at 8:12 PM on January 28, 2011: none
Also, database encryption can currently be accomplished using something like encfs or Truecrypt to encrypt the whole .bitcoin directory. That's probably a better workaround until we know how to get this right.
Closed. Further discussion should happen on the forums as Gavin suggested.
- zathras-crypto referenced this in commit 6b32320224 on Jul 3, 2014
- rdponticelli referenced this in commit 6c2f5ad94b on Nov 26, 2014
- MarcoFalke referenced this in commit 8643071725 on Sep 3, 2015
- TheBlueMatt referenced this in commit 601116fd2d on Oct 20, 2015
- ptschip referenced this in commit 29acd18c0f on Jul 6, 2016
- CryptAxe referenced this in commit 446eedf921 on Nov 15, 2017
- classesjack referenced this in commit 26975d430b on Jan 2, 2018
- CryptAxe referenced this in commit b7172a21cc on Mar 11, 2018
- Warchant referenced this in commit 8c8c82ca5c on Dec 31, 2019
- velesnetwork referenced this in commit 1d836a32ff on Jan 12, 2020
- jonasschnelli referenced this in commit f2a673f15b on Dec 1, 2020
- rajarshimaitra referenced this in commit d2f6a8ee6a on Mar 23, 2021
- satindergrewal referenced this in commit 6003396a91 on Jun 22, 2021
- rajarshimaitra referenced this in commit 713694baaf on Aug 5, 2021
- DrahtBot locked this on Sep 8, 2021
