Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not store decrypted private keys #4

Open
hrobeers opened this issue Apr 25, 2016 · 2 comments
Open

Do not store decrypted private keys #4

hrobeers opened this issue Apr 25, 2016 · 2 comments

Comments

@hrobeers
Copy link

https://github.com/3s3s/multicoins.org/blob/master/server_side/app.js#L49

DecodeWallet stores the decrypted private keys in localstorage.
It is safer to store the decrypted private keys in memory only.

Some reasons:

  • If the user closes the browser tab and forgets to encrypt, the wallet stays decrypted, which is a security risk.
  • Localstorage also writes to disk, even if wallets are encrypted consistently, private keys can still be retrieved by attackers.
@3s3s
Copy link
Owner

3s3s commented Apr 25, 2016

Not sure this is such a necessary feature. Most of clients are store decrypted private keys in local drive (wallet.dat). But I will think about the possible implementation this. Thank you.

@hrobeers
Copy link
Author

Yes you are correct. If it doesn't fit your wallet, no worries.
It's just something that I'd find important, but like you say most users don't really care.
So if you think it would reduce adoption, feel free to ignore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hrobeers @3s3s