Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Given the first 15 words out of 24, can a hacker crack the wallet?
by
lyw123
on 06/10/2023, 00:14:26 UTC
Quote
Quote from: o_e_l_e_o on October 05, 2023, 02:29:15 PM
Quote from: lyw123 on October 05, 2023, 01:59:36 PM
The file is encrypted with WinRAR and 7-Zip. To ensure that encrypted electronic files can be opened, I have done the following works:
Have you personally reviewed the code of 7zip to ensure there are no flaws in its encryption algorithms?
Did you take steps to mitigate against known vulnerabilities such as this one: https://nitter.cz/3lbios/status/1087848040583626753?
Did you make sure to build the app yourself from the source code you reviewed to ensure you haven't downloaded a fake or malicious one?
How to you plan to do any of that for WinRAR given that it isn't even open source?
Did you only encrypt your data on a permanently airgapped device with a clean OS?
Did you make sure to delete all the temporary files it creates in the archiving process, and then write over those sections of your computer's memory with junk data?
Did you make sure to delete the unencrypted text file you would have first stored on your computer before encrypting it, and then write over that section of your computer's memory with junk data?
I know nearly nothing about 7-zip and winrar. Even if the electronic file is leaked, hackers only know part of the wallet data.
The encryption of all files is done on offline computers. The file is temporarily stored on a USB flash drive, and the data on the USB flash drive will be cleared using the software DiskGenius. The encrypted data is then transmitted to the network through this USB flash drive.

Quote
Quote from: lyw123 on October 05, 2023, 01:59:36 PM
I have purchased a few high-level encrypted USB drives, including two fingerprint USB drives.
Biometrics, especially fingerprints, can be very easily bypassed, even on high end 3D ultrasonic fingerprint scanners such as those on the latest flagship phones - https://bitcointalk.org/index.php?topic=5281976.msg55391797#msg55391797. It will be trivially easy to fool a basic USB fingerprint scanner.
Even if the thief takes the U disk and breaks it, he still needs to crack the password of Winrar or 7-Zip.

Quote
There is a reason that everyone here and every good wallet tells you to write down your seed phrase and store it offline. If you want to ignore all that advice and do your own thing then obviously we can't stop you, but you greatly increase the risk of loss.
I considered storing a portion of the unencrypted wallet data on a USB drive, but the remaining handwritten portion is not available at my home.