Skip to content


Wallet encryption has extra 0x10 bytes on the end of keys #933

TheBlueMatt opened this Issue · 1 comment

2 participants


Found by etotheipi, likely due to this comment being wrong:
This hurts security by making it easier to brute force, but not significantly, should be easily fixable.

@sipa sipa added a commit to sipa/bitcoin that referenced this issue
@sipa sipa Use unpadded encryption for wallet keys (fixes #933)
Wallet keys are 32 bytes, exactly two AES blocks. Using padded encryption
makes attacking somewhat easier, as the attacker can check whether the
padding is correct after decrypting using an attempted passphrase, rather
than needing to do an EC multiplication to check whether the private and
public keys match.
@laanwj laanwj closed this
Bitcoin member

(fixed by c682cdf two years ago...)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.