Security Information About Wallet.db

The seed is not in the database (currently, it might be in the future), but even if it were it would definitely be encrypted with the private crypto key. The following is a basic overview of how the crypto inside wallet.db works.



I assume by psw you mean password? No, the private passphrase is used to derive the private master key (and the public passphrase is used to derive the public master key) as per the diagram above.

As far as the specific key derivation and crypto algorithms used, we can see those from the feature overview of the waddrmgr package:

• Scrypt-based key derivation
• NaCl-based secretbox cryptography (XSalsa20 and Poly1305)

Perhaps it's also important to note from the diagram that the public crypto key is used to encrypt to account extended public keys and other public keys. These can NOT be used to spend coins, but they can be used to generate all of the addresses you will ever use for that account which of course means it would allow whoever is in possession of them to calculate your exact balances. This is why public encryption is offered as an optional feature for the security conscious.

Finally, the database contains the transactions which involve your addresses, a bit of account information, the current chain state, and some other minor state-related things.

---

TL;DR

Nobody can steal your coins if they get access to the wallet.db file unless they also have your private passphrase. If you chose to use public encryption, they also can't get access to any of your extended public keys or addresses.

 

dcrwallet changed this. The seed is saved in the db, encrypted along with the rest of your private keys.

 

Ok, good to know. I did caveat that with an it might be in the future, so it seems that already happened.