Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

suggestion: improve warning on xpub / private key dialogs for deterministic wallets #844

Open
markblundeberg opened this issue Aug 31, 2018 · 1 comment
Open

suggestion: improve warning on xpub / private key dialogs for deterministic wallets #844

markblundeberg opened this issue Aug 31, 2018 · 1 comment
Labels
enhancement Security & Privacy UX and usability

Comments

@markblundeberg
Copy link

According to BIP32:

knowledge of a parent extended public key plus any non-hardened private key descending from it is equivalent to knowing the parent extended private key (and thus every private and public key descending from it).

In other words, if a user shares their xpub along with just one private key, then the entire wallet is compromised just as if the user had revealed the seed mnemonic. Currently neither the Wallet|Information dialog nor the per-address private key dialog (Right click -> private key) give any scare warnings about this. I suggest that one or both should have a warning added to that effect.

screenshot from 2018-08-31 13-48-06

screenshot from 2018-08-31 13-48-19

(currently there is only such a warning on Wallet|Private Keys|Export)
@cculianu
Copy link
Collaborator

This is a very good suggestion. Will keep open.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Security & Privacy UX and usability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cculianu @markblundeberg