pull down to refresh

1569 sats \ 5 replies \ @ek 27 Dec 2023 freebie \ parent \ on: How safe is Sparrow's wallet encryption? bitcoin

Okay, I got nerdsniped by this, haha

Did some little "reverse engineering" [0]. I tried file on the encrypted wallet file but it came up empty handed:

$ file wallet.mv.db
wallet.mv.db: data

But afaik, all file does to identify a file is to look at the file signature (also known as magic bytes):

This manual page documents the format of magic files as used by the file(1) command, version 5.45. The file(1) command identifies the type of a file using, among other tests, a test for whether the file contains certain “magic patterns”.

-- https://man.archlinux.org/man/core/file/magic.5.en

(ok, apparently only "among other tests")

So why not just look at the magic bytes ourself?

$ hexdump -C -n32 wallet.mv.db
00000000  48 32 65 6e 63 72 79 70  74 0a fa 3e 4a fb 1e 2f  |H2encrypt..>J../|
00000010  99 ff 53 50 52 57 31 0a  5c 89 26 f0 23 97 3c 73  |..SPRW1.\.&.#.<s|
00000020

Turns out, Sparrow likely uses H2 Database under the hood to store wallets:

Welcome to H2, the Java SQL database.

This makes sense since Sparrow indeed is written in Java.

The security docs however mention this:

Encrypted storage
Encrypting your on-disk database will provide a small measure of security to your stored data. You should not assume that this is any kind of real security against a determined opponent however, since there are many repeated data structures that will allow someone with resources and time to extract the secret key.

Also the secret key is visible to anything that can read the memory of the process.

Mhh, that doesn't sound good 🤔

I asked in the TG group. Let's wait for an answer before jumping to conclusions. I also didn't take a close look at the source code yet.

[0] not sure if this already counts as reverse engineering

write
preview
407 sats \ 2 replies \ @pillar OP 27 Dec 2023

You made my day just by showing me the nerd sniping verb.

Looking forward to know that you find out in the TG group.

I didn't understand from your message if the wallet file itself is an encrypted H2 database and Sparrow reads from it and decrypts on the fly, or if Sparrow starts and in-memory H2 database when the daemon starts and loads the data from the wallet file into the H2 database on runtime.

reply
1 sat \ 1 reply \ @ek 27 Dec 2023 freebie
I didn't understand from your message if the wallet file itself is an encrypted H2 database and Sparrow reads from it and decrypts on the fly, or if Sparrow starts and in-memory H2 database when the daemon starts and loads the data from the wallet file into the H2 database on runtime.

My educated guess would be it's the former. But that is also a good question!

Are you playing the nerd sniping game as mentioned in the xkcd? lol

0 sats \ 1 reply \ @franzap 27 Dec 2023

Great find! Do update us here

reply
91 sats \ 0 replies \ @ek 28 Dec 2023 freebie

The only reply I got was this (someone linked this message in a reply)

The mv.db file format is from the embedded open source database that Sparrow uses, called H2. You can open it outside Sparrow if you have an H2 client, although if your wallet is encrypted you’ll have to rederive the database password from your wallet password via Argon2. The next version of Sparrow will allow importing this file format (as well as opening it directly).

This doesn't really answer my question but ok.

As a screenscrollshot:

https://m.stacker.news/9764

reply