-Bitcoin 0.3.24 BETA
+Bitcoin 0.4.5 BETA
-Copyright (c) 2009-2011 Bitcoin Developers
+Copyright (c) 2009-2012 Bitcoin Developers
Distributed under the MIT/X11 software license, see the accompanying
file license.txt or http://www.opensource.org/licenses/mit-license.php.
This product includes software developed by the OpenSSL Project for use in
Wallet Encryption
-----------------
-Bitcoin supports native wallet encryption so that people who steal your wallet
-file don't automatically get access to all of your Bitcoins. In order to enable
-this feature, chose "Encrypt Wallet" from the Options menu. You will be prompted
-to enter a passphrase, which will be used as the key to encrypt your wallet and
-will be needed every time you wish to send Bitcoins. If you lose this passphrase,
-you will lose access to spend all of the bitcoins in your wallet, no one, not even
-the Bitcoin developers can recover your Bitcoins. This means you are responsible
-for your own security, store your password in a secure location and do not forget
-it.
-
-Remember that the encryption built into bitcoin only encrypts the actual keys
-which are required to send your bitcoins, not the full wallet. This means that
-someone who steals your wallet file will be able to see all the addresses which
-belong to you, as well as the relevant transactions, you are only protected from
-someone spending your coins.
-
-It is recommended that you backup your wallet file before you encrypt your wallet.
-To do this, close the Bitcoin client and copy the wallet.dat file from ~/.bitcoin/
-on Linux, /Users/(user name)/Application Support/Bitcoin/ on Mac OSX, and
-%APPDATA%/Bitcoin/ on Windows (that is /Users/(user name)/AppData/Roaming/Bitcoin on
-Windows Vista and 7 and /Documents and Settings/(user name)/Application Data/Bitcoin
-on Windows XP). Once you have copied that file to a safe location, reopen the
-Bitcoin client and Encrypt your wallet. If everything goes fine, delete the backup
-and enjoy your encrypted wallet. Note that once you encrypt your wallet, you will
-never be able to go back to a version of the Bitcoin client older than 0.4.
-
-Keep in mind that you are always responsible for you own security. All it takes is a
-slightly more advanced wallet-stealing trojan which installs a keylogger to steal
-your wallet passphrase as you enter it in addition to your wallet file and you have
-lost all your Bitcoins. Wallet encryption cannot keep you safe if you do not practice
-good security, such as running up-to-date antivirus software, only entering your
-wallet passphrase in the Bitcoin client and using the same passphrase only as your
-wallet passphrase.
+Bitcoin supports native wallet encryption so that people who steal your
+wallet file don't automatically get access to all of your Bitcoins.
+In order to enable this feature, chose "Encrypt Wallet" from the
+Options menu. You will be prompted to enter a passphrase, which
+will be used as the key to encrypt your wallet and will be needed
+every time you wish to send Bitcoins. If you lose this passphrase,
+you will lose access to spend all of the bitcoins in your wallet,
+no one, not even the Bitcoin developers can recover your Bitcoins.
+This means you are responsible for your own security, store your
+passphrase in a secure location and do not forget it.
+
+Remember that the encryption built into bitcoin only encrypts the
+actual keys which are required to send your bitcoins, not the full
+wallet. This means that someone who steals your wallet file will
+be able to see all the addresses which belong to you, as well as the
+relevant transactions, you are only protected from someone spending
+your coins.
+
+It is recommended that you backup your wallet file before you
+encrypt your wallet. To do this, close the Bitcoin client and
+copy the wallet.dat file from ~/.bitcoin/ on Linux, /Users/(user
+name)/Application Support/Bitcoin/ on Mac OSX, and %APPDATA%/Bitcoin/
+on Windows (that is /Users/(user name)/AppData/Roaming/Bitcoin on
+Windows Vista and 7 and /Documents and Settings/(user name)/Application
+Data/Bitcoin on Windows XP). Once you have copied that file to a
+safe location, reopen the Bitcoin client and Encrypt your wallet.
+If everything goes fine, delete the backup and enjoy your encrypted
+wallet. Note that once you encrypt your wallet, you will never be
+able to go back to a version of the Bitcoin client older than 0.4.
+
+Keep in mind that you are always responsible for your own security.
+All it takes is a slightly more advanced wallet-stealing trojan which
+installs a keylogger to steal your wallet passphrase as you enter it
+in addition to your wallet file and you have lost all your Bitcoins.
+Wallet encryption cannot keep you safe if you do not practice
+good security, such as running up-to-date antivirus software, only
+entering your wallet passphrase in the Bitcoin client and using the
+same passphrase only as your wallet passphrase.
+
+
+Technical details of wallet encryption
+--------------------------------------
+Wallet encryption uses AES-256-CBC to encrypt only the private keys
+that are held in a wallet. The keys are encrypted with a master key
+which is entirely random. This master key is then encrypted with
+AES-256-CBC with a key derived from the passphrase using SHA512 and
+OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by
+the speed of the machine which does the initial encryption (and is
+updated based on the speed of a computer which does a subsequent
+passphrase change). Although the underlying code supports multiple
+encrypted copies of the same master key (and thus multiple passphrases)
+the client does not yet have a method to add additional passphrases.
+
+At runtime, the client loads the wallet as it normally would, however
+the keystore stores the keys in encrypted form. When the passphrase
+is required (to top up keypool or send coins) it will either be queried
+by a GUI prompt, or must first be entered with the walletpassphrase
+RPC command. This will change the wallet to "unlocked" state where the
+unencrypted master key is stored in memory (in the case of GUI, only for
+long enough to complete the requested operation, in RPC, for as long as
+is specified by the second parameter to walletpassphrase). The wallet is
+then locked (or can be manually locked using the walletlock RPC command)
+and the unencrypted master key is removed from memory.
+
+Implementation details of wallet encryption
+-------------------------------------------
+When the wallet is locked, calls to sendtoaddress, sendfrom, sendmany,
+and keypoolrefill will return Error -13: "Error: Please enter the wallet
+passphrase with walletpassphrase first."
+
+When the wallet is unlocked, calls to walletpassphrase will fail.
+
+When a wallet is encrypted, the passphrase is required to top up the
+keypool, thus, if the passphrase is rarely entered, it is possible that
+keypool might run out. In this case, the default key will be used as the
+target for payouts for mining, and calls to getnewaddress and getaccount
+address will return an error. In order to prevent such cases, the keypool
+is automatically refilled when walletpassphrase is called with a correct
+passphrase and when topupkeypool is called (while the wallet is unlocked).
+Note that the keypool continues to be topped up on various occasions when
+a new key from pool is used and the wallet is unlocked (or unencrypted).
+
See the documentation at the bitcoin wiki:
git://git.novaco.in / novacoin.git / blobdiff