Jump to content
Sign in to follow this  
Christian Pichler

Question about security

Recommended Posts

Hello!

I made a backup of my wallet and saved it to a USB stick. Unfortunately, I lost this stick somewhere... so I want to create a new address and transfer all my coins to that new address to make sure, noone can steal my coins when he finds my USB stick somewhere.

Now my question: When I create a new address with the same wallet installation on my computer, does a potential thief have access to the coins in the new address somehow, when he has the stick with the old backup, or are my coins safe then? Does the backup contain a seed, where he can generate a set of private keys from (where new addresses are already included) , or are all new private keys generated independently?

Regards, Chris

Share this post


Link to post
Share on other sites

When someone has your wallet.dat and the password, he has access to all CHI inside the wallet no matter the addresses.

What you should do is, to just create new wallet.dat's.

Go here and make sure your wallet isn't running:

C:\Users\<user>\AppData\Roaming\Xaya\game.dat
C:\Users\<user>\AppData\Roaming\Xaya\vault.dat

Then make sure to rename the wallet.dat's that are in these folders, maybe to "lostvault.dat" and "lostgame.dat". Then start the wallet. This will create a new wallet and thus two new wallet.dat for game and vault. Encrypt the wallet and make sure to have the password stored in a safe place. Make a backup of your wallet in settings. Create an address and save it in editor or Word for the time being. Exit the wallet.

Go back to

C:\Users\<user>\AppData\Roaming\Xaya\game.dat
C:\Users\<user>\AppData\Roaming\Xaya\vault.dat

and now rename the newly created wallet.dat's, maybe to "newvault.dat" and "newgame.dat". Your old, partially lost wallet.dat's you have to rename to wallet.dat now. The wallet always gets its information from the file called wallet.dat inside these folders. If there is no wallet.dat in it, it will just create a new one. Start the wallet again, you should now see your CHI again, which you want so send away. Go to send and send the CHI to the address that you created with the new wallet and saved in editor or Word. Exit the wallet again.

Afterwards you have to go back to the folders:

C:\Users\<user>\AppData\Roaming\Xaya\game.dat
C:\Users\<user>\AppData\Roaming\Xaya\vault.dat

Your old wallet.dat's you have to rename again, maybe again "lostvault.dat" and "lostgame.dat" and your newly created wallet.dat's, which you renamed probably to "newvault.dat" and "newgame.dat" just some minutes ago will be named to "wallet.dat" again. Start the wallet again and the CHI should have arrived on your new, safe wallet.

When changing your wallet.dat's, the wallet might take some time upon starting. Don't be scared by that, just wait a bit.

If you happen to have a telegram account, you can contact me @tyKiwanuka in Telegram and I can assist you with the process (in german, I think you are german-speaking^^).

This video might also be of some help to handle the wallet.dat's: https://forum.xaya.io/topic/231-video-how-to-back-up-a-wallet-and-restore-wallet-backups/

 

  • Thanks 1

Share this post


Link to post
Share on other sites

Thank you ver much! But one question remains: How can someone have access to addresses that were created after the backup? So the wallet. dat file contains a seed for current and future private keys? Fortunately, I was clever enough not to put my secret password on the USB stick- but to be 100 percently safe, maybe I should do what you suggested me...

Edited by Christian Pichler

Share this post


Link to post
Share on other sites

No dev here, but afaik your wallet has only one private key which is saved inside your wallet.dat and all your addresses and those you create in the future are linked to that private key.

Imagine that being not the case, you would have to do a backup every time you create a new address. And since it's best practice to use a new address for every incoming transaction, it would be very weary to do a backup all the time afterwards.

The wallet also creates new addresses on its own. If you have 50 CHI on an address and send 5 CHI from that away, the remaining 45 CHI will get sent to another address as well. The wallet manages all that for you and you don't notice.

In general, your once made backup of game and vault wallet and the password will guarantee you access to your CHI forever, no matter what. And it's the same for a thief that has your backups and probably the password.

If you have a very strong password and the thief doesn't have it, your CHI are still somewhat safe, but a bad feeling remains. So I would just create a new wallet and send the CHI there to get rid of that headache.

  • Thanks 1

Share this post


Link to post
Share on other sites

yes, you are right! Furthermore, I was clever enough not to save the password on the stick, but maybe, I was stupid enough to keep an unencrypted version still saved there. I don't think it got stolen- as I remember, I wanted to hide it somewhere and just don't find it anymore. But as you said, I'll better remove the headache by making a new wallet... and btw, yes, I'm German-speaking... 😉 

Greetings from Austria!

  • Like 1

Share this post


Link to post
Share on other sites

To add to what ty already said:  Yes, the wallet contains a seed, so that future private keys and their addresses can be derived deterministically.  Unlike some other crypto wallets, Bitcoin Core and thus Xaya Core do not easily expose the seed (e.g. in form of a 12-word-sequence), but they have one nevertheless.  Thus someone finding your USB stick can indeed recover also future addresses.

If you have the USB stick itself encrypted or have a wallet passphrase, then the wallet is safe unless the thief or finder can crack those passwords.  But yeah, if I were you and just to be safe, I would create a new wallet and transfer everything there as ty has recommended.  (And don't forget to make a new backup!)

  • Thanks 2

Share this post


Link to post
Share on other sites

So, done!
Now the potential thief perhaps can get my USB- stick- and I wish him a lot of fun with this stick- as my CHI are on a new address now 😂. Ok, he/she still has a useful USB stick then, when he finds it, where he can save some funny cat vidoes or other stuff if he wants!
And: Thanks for the instruction @tyKiwanuka!
Kind Regards, Chris

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

Your use of this site is governed by our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.