Having a hard-coded location for the wallet.dat is a bad practice #2363

issue celil-kj opened this issue on March 13, 2013
  1. celil-kj commented at 8:36 AM on March 13, 2013: contributor

    Having a default hard-coded location for the wallet.dat file allows any malware to easily find it and steal the data contained inside. It would be more appropriate to have the user keep that file in a private location on the file system, and load it into the bitcoin software manually only when he/she needs to spend coins. This will make it harder for malware to locate the file, as now it will have to search the entire file-system for something that looks like a bitcoin private key.

    Perhaps a separate agent similar to pageant for Putty would be appropriate. It will hold private keys in memory only when bitcoin needs to use them.

  2. gavinandresen commented at 5:47 PM on March 13, 2013: contributor

    If you have malware on your system, then the malware can simply replace bitcoind/Bitcoin-Qt with a wallet-stealing version of bitcoind/Bitcoin-Qt... right?

    I'm generally against whack-a-mole security features that will stop THIS round of malware, but will do nothing against tomorrow's smarter malware.

  3. tobypinder commented at 10:27 PM on March 14, 2013: none

    Honestly Bitcoin software features that go anywhere near the wallet.dat should be as predictable and idempotent as possible if you ask me. The last thing we need is some complexity intending to add casual obfuscation causing a wallet to get corrupted...

  4. laanwj commented at 5:53 AM on March 15, 2013: member

    I agree these kind of measures cannot protect against the general case of malware. However, a decade or so ago (but also a few times since) there were various bugs in the browser origin policy that made it possible to retrieve a file if you had the exact name. This is what led Mozilla, for example, to add a randomized string to the profile directories.

    Today's threats are different, with the common attack vector to exploit bugs in flash, java plugins or the javascript compiler itself. Thus the attacker gains full control over the browser process and playing hide and seek with files won't help you for long. So I think the security gained by this is at most marginal...

    Anyway, multi-wallet support is going to allow exactly what you propose.

  5. Comodore1 commented at 5:41 PM on March 28, 2013: none

    We are going to have multi-wallet support? When will it probably be done?

  6. laanwj commented at 9:06 AM on March 29, 2013: member

    If you need multiwallet support badly, can you help testing @codeshark's pulls?

    https://github.com/bitcoin/bitcoin/pulls/CodeShark

    Testing will always help get things merged sooner.

    Closing this issue, as the consensus is that we don't agree that this is bad practice.

  7. laanwj closed this on Mar 29, 2013
  8. bitcoin locked this on Sep 8, 2021
Contributors
celil-kjgavinandresentobypinderlaanwjComodore1
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:55 UTC