elective-stereophonic
elective-stereophonic
Wallet.dat encyption
singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Author Topic: Wallet.dat encyption  (Read 4930 times)

marcus03

  • Board Moderator
  • Sr. Member
  • ****
  • Karma: +24/-1
  • Offline Offline
  • Posts: 389
    • View Profile
Wallet.dat encyption
« on: June 28, 2014, 04:31:18 pm »

Hi!

I'm planning to implement wallet.dat support for my Android NXT wallet and wonder how to do it.

It seems that other Bitcoin wallets like Mycelium and Hive do not at all encrypt the wallet.dat located in the AppPath on the device. My understanding is that any app with root access would be able to steal the file and maybe there are other ways, too.

While this kind of setup seems generally accepted, I have my doubts.

On the other hand, the need to enter a wallet password for every transaction really makes things complicated.

Should the wallet.dat file be password protected? Should it be optional? Should there be a warning that it is not password protected? Maybe only a warning when the sum of the account for which there are secrets in the wallet is higher than like US$100?

If password protection/encryption is needed, I would use diceware with a list of 7149 words. How many words would be enough?

Number of words   Bits of entropy
1         13
2         26
3         38
4         51
5         64
6         77
7         90
8         102
9         115
10      128


My feeling is that the wrong decision will result in pain and anger due to users loosing their NXT, so I would like to have this discussed.

Ideas and opinions appreciated. :-)

Cheers,
Marcus
« Last Edit: June 28, 2014, 04:35:42 pm by marcus03 »
Logged
My Android NXT wallet project!
Raspberry Pi NXT node/Two VPS NRS nodes
NXT tips and donations: NXT-X5EB-VSL5-Z7DU-3GWTJ

LocoMB

  • Hero Member
  • *****
  • Karma: +101/-37
  • Offline Offline
  • Posts: 751
    • View Profile
Re: Wallet.dat encyption
« Reply #1 on: June 28, 2014, 05:04:59 pm »


Hi marcus!

let us coordinate a bit on this!
I have to 'emulate' the bitcoin accounts 'feature' of BTC wallet.dat somehow, and I am including a python sqlite3 db for that.

In a few short words: BTC wallet.dat is one giant flustercuck, don't try to do it that way, it'll drive you nuts!
Logged
TOX
90E54E5B5213290EE616D425CADC473038CFABFA53C913271AA8559D1937DC4AF3A354A9E4E5

CryptKeeper

  • Hero Member
  • *****
  • Karma: +78/-5
  • Offline Offline
  • Posts: 1235
    • View Profile
Wallet.dat encyption
« Reply #2 on: June 28, 2014, 05:21:07 pm »

IMHO the private keys in the wallet.dat file of bitcoin-qt are very well encrypted with several rounds of aes-256, maybe the amount of rounds are dynamically calculated by measuring the speed of the computer, to make brute-forcing harder. Have a look at the implementation of PBKDF2: http://en.m.wikipedia.org/wiki/PBKDF2

Edit: I have a link to a good open-source implementation, but it's c#...
Logged
Follow me on twitter for the latest news on bitcoin and altcoins!
Vanity Accounts Sale :-)

marcus03

  • Board Moderator
  • Sr. Member
  • ****
  • Karma: +24/-1
  • Offline Offline
  • Posts: 389
    • View Profile
Re: Wallet.dat encyption
« Reply #3 on: June 28, 2014, 05:55:23 pm »

Just to clarify: I am referring to a wallet.dat implementation on Android devices.

The BTC Android wallets like Mycelium and Hive do not encrypt the file, but rely on the premise that no other apps can read the wallet.dat file in the apps home directory.
Logged
My Android NXT wallet project!
Raspberry Pi NXT node/Two VPS NRS nodes
NXT tips and donations: NXT-X5EB-VSL5-Z7DU-3GWTJ

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Wallet.dat encyption
« Reply #4 on: June 28, 2014, 06:54:02 pm »

It seems that other Bitcoin wallets like Mycelium and Hive do not at all encrypt the wallet.dat located in the AppPath on the device. My understanding is that any app with root access would be able to steal the file and maybe there are other ways, too.

People should not root their phones, and I am pretty sure 99.99% Android users don't.  So the real question is can any app access the data when the phone isn't rooted?

If the answer to that question is no, then I think it will be fine.

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Wallet.dat encyption
« Reply #5 on: June 28, 2014, 06:58:27 pm »

Just to clarify: I am referring to a wallet.dat implementation on Android devices.

The BTC Android wallets like Mycelium and Hive do not encrypt the file, but rely on the premise that no other apps can read the wallet.dat file in the apps home directory.

Typing a long encryption password on the phone would be real pain. If the encryption password is really small, then what's the point anyway as brute force will crack it.

You need to ensure that files cannot be stolen by other apps on non-rooted devices  (which is how android phones are shipped by default) and rooting phones is definitely bad idea (for security).


Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Wallet.dat encyption
« Reply #6 on: June 28, 2014, 07:03:32 pm »

If you choose to not  encrypt it, there should be "backup" option that emails the backup (lets say in encrypted zip file) to the users email.
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
Re: Wallet.dat encyption
« Reply #7 on: June 28, 2014, 07:43:42 pm »

I believe that there has to be some sort of encryption on the wallet.dat. However anything more than 6-8 characters on a phone is just going to be too much a pain.

So I think users should be able select a password, I would just want this feature just to make sure people who pick up my phone can't make any payments (including mates mucking around on my phone), yes it definitely wouldn't be brute force protected by any means.

Obviously to do the above I would want to be sure that no one was able to access my wallet.dat remotely.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

TeamWealth

  • Full Member
  • ***
  • Karma: +11/-1
  • Offline Offline
  • Posts: 217
    • View Profile
Re: Wallet.dat encyption
« Reply #8 on: June 28, 2014, 08:07:45 pm »

Would it be possible for there to be a middle ground? Typing a password is tough on a touch device, But maybe using a photo or multiple photos as a keyfile would be a suitable middle ground as it could still be done quickly and not completely open to anyone being able to access it? It still would not be anywhere near as secure as on there main wallets but they should only have a small amount in it anyway so it should be sufficient to prevent anyone from picking up the persons phone and sending the coins anywhere?
Logged
NXT: NXT-V93N-SYX2-2CNW-5TF9Y

marcus03

  • Board Moderator
  • Sr. Member
  • ****
  • Karma: +24/-1
  • Offline Offline
  • Posts: 389
    • View Profile
Re: Wallet.dat encyption
« Reply #9 on: June 28, 2014, 08:09:35 pm »

In the Mycelium BTC wallet you can set a pin code for that purpose.

I am currently in favor of the following setup:

* Unencrypted wallet.dat in the app's home directory where other apps can't read from.
* Show a warning when the wallet holds secrets for accounts with a total sum of more than x NXT (or y USD later on).
* Write encrypted backup to external storage, send it by email, share to dropbox etc.. Option to verify the backup.
* Show warnings when backup or verify for an account wasn't done yet.
* Option for a pin code to do transactions, delete accounts, do backups, etc..

Logged
My Android NXT wallet project!
Raspberry Pi NXT node/Two VPS NRS nodes
NXT tips and donations: NXT-X5EB-VSL5-Z7DU-3GWTJ

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Wallet.dat encyption
« Reply #10 on: June 28, 2014, 08:13:57 pm »

In the Mycelium BTC wallet you can set a pin code for that purpose.

I am currently in favor of the following setup:

* Unencrypted wallet.dat in the app's home directory where other apps can't read from.
* Show a warning when the wallet holds secrets for accounts with a total sum of more than x NXT (or y USD later on).
* Write encrypted backup to external storage, send it by email, share to dropbox etc.. Option to verify the backup.
* Show warnings when backup or verify for an account wasn't done yet.
* Option for a pin code to do transactions, delete accounts, do backups, etc..

Sounds fair.

Can file explorer (with no root access) read from app's home directory ?

Also all the new android phones internal storage can be encrypted http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

marcus03

  • Board Moderator
  • Sr. Member
  • ****
  • Karma: +24/-1
  • Offline Offline
  • Posts: 389
    • View Profile
Re: Wallet.dat encyption
« Reply #11 on: June 28, 2014, 08:19:31 pm »

In the Mycelium BTC wallet you can set a pin code for that purpose.

I am currently in favor of the following setup:

* Unencrypted wallet.dat in the app's home directory where other apps can't read from.
* Show a warning when the wallet holds secrets for accounts with a total sum of more than x NXT (or y USD later on).
* Write encrypted backup to external storage, send it by email, share to dropbox etc.. Option to verify the backup.
* Show warnings when backup or verify for an account wasn't done yet.
* Option for a pin code to do transactions, delete accounts, do backups, etc..

Sounds fair.

Can file explorer (with no root access) read from app's home directory ?

You need root access for it. With root, no problem. I've looked into the Mycelium wallet file that stores the private keys earlier today and it was all there.

I think we also have to educate users that they should not carry more NXT in their Android wallet than they would be comfortable to carry in their real wallet.
Logged
My Android NXT wallet project!
Raspberry Pi NXT node/Two VPS NRS nodes
NXT tips and donations: NXT-X5EB-VSL5-Z7DU-3GWTJ

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Wallet.dat encyption
« Reply #12 on: June 28, 2014, 08:22:02 pm »

You need root access for it. With root, no problem. I've looked into the Mycelium wallet file that stores the private keys earlier today and it was all there.

Or better yet educate users not to use the wallet on rooted phones.  I don't think this is serious problem them, as most people don't root their phones, and those who do surely already understand the risk.

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

marcus03

  • Board Moderator
  • Sr. Member
  • ****
  • Karma: +24/-1
  • Offline Offline
  • Posts: 389
    • View Profile
Re: Wallet.dat encyption
« Reply #13 on: June 28, 2014, 08:22:31 pm »

In the Mycelium BTC wallet you can set a pin code for that purpose.

I am currently in favor of the following setup:

* Unencrypted wallet.dat in the app's home directory where other apps can't read from.
* Show a warning when the wallet holds secrets for accounts with a total sum of more than x NXT (or y USD later on).
* Write encrypted backup to external storage, send it by email, share to dropbox etc.. Option to verify the backup.
* Show warnings when backup or verify for an account wasn't done yet.
* Option for a pin code to do transactions, delete accounts, do backups, etc..

Addendum: Users can always enter secrets to do transactions for accounts that are not in the wallet file.
Addendum2: Check if phone is rooted and warn the user.
Logged
My Android NXT wallet project!
Raspberry Pi NXT node/Two VPS NRS nodes
NXT tips and donations: NXT-X5EB-VSL5-Z7DU-3GWTJ
 

elective-stereophonic
elective-stereophonic
assembly
assembly