pull down to refresh

Sparrow wallet offers setting up a password for each wallet. The password is used to encrypt and decrypt the wallet file.
How safe and strong is the encryption used? I couldn't find details on this in the docs, and I don't have the knowledge to judge from the code itself.
Good question, I also use Sparrow and I also didn't find anything related to this in the docs.
Will ask in the TG group or check the code and come back with an update.
reply
Okay, I got nerdsniped by this, haha
Did some little "reverse engineering" [0]. I tried file on the encrypted wallet file but it came up empty handed:
$ file wallet.mv.db wallet.mv.db: data
But afaik, all file does to identify a file is to look at the file signature (also known as magic bytes):
This manual page documents the format of magic files as used by the file(1) command, version 5.45. The file(1) command identifies the type of a file using, among other tests, a test for whether the file contains certain “magic patterns”.
(ok, apparently only "among other tests")
So why not just look at the magic bytes ourself?
$ hexdump -C -n32 wallet.mv.db 00000000 48 32 65 6e 63 72 79 70 74 0a fa 3e 4a fb 1e 2f |H2encrypt..>J../| 00000010 99 ff 53 50 52 57 31 0a 5c 89 26 f0 23 97 3c 73 |..SPRW1.\.&.#.<s| 00000020
Turns out, Sparrow likely uses H2 Database under the hood to store wallets:
Welcome to H2, the Java SQL database.
This makes sense since Sparrow indeed is written in Java.
The security docs however mention this:
Encrypted storage Encrypting your on-disk database will provide a small measure of security to your stored data. You should not assume that this is any kind of real security against a determined opponent however, since there are many repeated data structures that will allow someone with resources and time to extract the secret key.
Also the secret key is visible to anything that can read the memory of the process.
Mhh, that doesn't sound good 🤔
I asked in the TG group. Let's wait for an answer before jumping to conclusions. I also didn't take a close look at the source code yet.
[0] not sure if this already counts as reverse engineering
reply
You made my day just by showing me the nerd sniping verb.
Looking forward to know that you find out in the TG group.
I didn't understand from your message if the wallet file itself is an encrypted H2 database and Sparrow reads from it and decrypts on the fly, or if Sparrow starts and in-memory H2 database when the daemon starts and loads the data from the wallet file into the H2 database on runtime.
reply
I didn't understand from your message if the wallet file itself is an encrypted H2 database and Sparrow reads from it and decrypts on the fly, or if Sparrow starts and in-memory H2 database when the daemon starts and loads the data from the wallet file into the H2 database on runtime.
My educated guess would be it's the former. But that is also a good question!
Are you playing the nerd sniping game as mentioned in the xkcd? lol
Great find! Do update us here
reply
The only reply I got was this (someone linked this message in a reply)
The mv.db file format is from the embedded open source database that Sparrow uses, called H2. You can open it outside Sparrow if you have an H2 client, although if your wallet is encrypted you’ll have to rederive the database password from your wallet password via Argon2. The next version of Sparrow will allow importing this file format (as well as opening it directly).
This doesn't really answer my question but ok.
As a screenscrollshot:
reply
Personally, I take the wallet directory and locate it within a VeraCrypt volume and keep the VeraCrypt volume in cold storage.
reply
I also do something similar
reply
Interesting. Can you please explain more on this? Thanks
reply
He's talking about disk encryption, on a USB stick as cold storage probably.
I guess it depends on your password quality. You can always additionally encrypt with another tool, the whole partition where your wallet is stored too.
reply
Interesting question. We knew that Sparrow used Argon2 (and that it's OWASP recommended) but beyond that it's an interesting thing to verify.
We've reached out to @SparrowWallet on Twitter to see if they can come on in here and help clear things up 🙂
FWIW, we wouldn't ever consider giving Sparrow (or any other software based wallet) access to your Private Keys. Instead they should be stored on a well vetted Hardware Wallet if we're talking about any amount of funds you don't want to lose. That way even if an attacker breaks your password, all they'll get is the wallet file. They'll be able to see your coins... but not spend / steal them.
reply
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
deleted by author
reply
Thanks. From what I understand, this is not what is used to encrypt the wallet, but rather the hashing algorithm used on the wallet password. It's definitely an important part of the security scheme, but it's not exactly what I'm looking for.
In any case, thanks for sharing.
reply
From what I understand, this is not what is used to encrypt the wallet, but rather the hashing algorithm used on the wallet password.
That's a very good find by @radentor but you're right, the quoted docs don't mention how the derived key is used to encrypt the wallet afaict.
Btw, I wouldn't call Argon2 a hashing algorithm (at least in this context here) even though it can be seen as one. All key derivation functions (KDFs) are very similar to hashing algorithms since they try to output something very random in a deterministic way - like hashing algorithms do. Afaik, KDFs only additionally guarantee certain properties, unlike hashing algorithms. A hashing algorithm does not have to be as secure as a KDF.
So basically, Sparrow uses Argon2 to derive a key from your password. And this key is used to encrypt the wallet. However, as you mentioned, the quoted docs don't mention which algorithm is used for encryption, that's right.
See this and this question on StackExchange for more info regarding KDFs vs hashing algorithms.
reply
deleted by author
Strong Encryption Many wallets use relatively weak password hashing in order to support a wide range of devices, such as PBKDF2 or similar. Sparrow is desktop focussed and uses a configuration of Argon2 (winner of the Password Hashing Competition in 2015) configured to take at least 500ms on modern hardware to derive the key from your password in order to unlock your wallet. Even if it only contains public keys, that data is still worth protecting properly.
reply