Hey everyone,
I've got a little worry.
So, since Bitcoin Core keeps the public key unencrypted on your device, I'm thinking, is there a risk if I hook up Specter to it? I mean, in theory, you could figure out the private key from the public one, right? I know it’s a tough nut to crack, especially with today’s tech, but still possible with a quantum computer down the line.
What’s the deal when you’re creating a multi-sig wallet in Specter? Does that make it harder to crack, or does it not really change the game compared to a single-sig setup?
Also, does Bitcoin Core save the Account Extended Public Key or is it the BIP32 Extended Public Key it holds?
Is Linking Specter with Bitcoin Core a Security Concern?
3 replies 58 views
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#2Mar 19, 2024, 09:52 PM
If you mean it like the terms used in iancoleman's BIP39 tool, then the imported (non-MultiSig) descriptors will contain the 'Account Extended Public Key'.
By definition, your "Account Extended Public key" is just an "Extended public key" derived at the 'account_index'.
However, your "BIP32 Extended Public Key" can be easily computed from it since it is its non-hardened child.
If you want to check; use Bitcoin Core's wallet RPC: listdescriptors with the wallet "specter....../specter_wallet_name".
Use the command above and you'll see that it also imported your Specter MultiSig Wallet's Extended Public keys to a watch-only Bitcoin Core wallet with the same name.
So there's no difference in terms of your concern about quantum computers computing your private key from your public key.
Future-proofing your backup?
You're supposed to connect your Specter wallet to a Bitcoin Core client that you own which will create a watch-only wallet that's locally stored, so I don't get the point.
Thanks for the detailed answer.
Why does sparrow write that it would pose a risk?
What could a hacker do with the pub key?
Sparrwor writes:
Unfortunately, Bitcoin Core stores your public keys and funds unencrypted on the computer that runs it. If that computer is regularly connected to the Internet, it is at risk to hackers - making you a target once your balance is discovered.
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#4Mar 20, 2024, 09:10 AM
Ah, they mean that if some hacker got his hands into your xpub and with it, saw that you have certain amount of Bitcoins;
That information: "you possessing N number of Bitcoins" will be the basis of hackers to make you a target, specially if it's a significant amount.
It's not necessarily mean that they'll use the xpub in Bitcoin Core directly to hack your Specter wallet.
Nevertheless, take note that the xpub is not entirely safe if you've been exporting individual private keys from Specter, even prvKeys of the unfunded addresses.
(AFAIK, there's no option to do that in Specter, just like in Bitcoin Core's descriptor wallets)
Because a child private key can be used together with its parent "extended public key" to compute its pair "extended private key".
But if you haven't exported any private key and exposed it to the internet, then this shouldn't be an issue in your case.
Related topics
- Bitcoin Core displaying coins (UTXOs) in a new tab 13
- Ways to earn some sats by contributing to bitcoin core development 5
- What can I do to fix this Bitcoin Core error? 8
- How do you protect your Bitcoin Core wallet? 19
- issues with bitcoin core database read error 2
- Curious about the 'Services' section in the peers of Bitcoin Core 6