Delete Wallet Button #1830
Comments
|
It might be better to do a Hide/Archive feature instead. We could then put a button or menu to show hidden/archived wallets |
|
Yes, that might be enough for some cases. But one user wants to delete the cold card skeleton wallet file from the laptop to ensure that the xpub does not leak. So in this case, archiving would not solve the issue... |
|
That user was me, Max. I go by duly_noded on Telegram & Twitter. Another option would be adding the ability to encrypt wallet files. Wallets on Wasabi are created using the BIP39 seed/password combination. To avoid confusion, once a wallet is created using the BIP39 seed/password combination the wallet file could also be encrypted using the same password that was used to create the wallet xpriv/xpub. That would also help avoid some of the lost coin/password issues that have taken place with Wasabi as it would require a user to know the password to load (and fund) the wallet. Nevertheless, I've tried quite a few wallets over the years and I can't think of any that allow the loading and viewing of a wallet without a password or pin. Technically, Electrum does, but it at least offers a wallet encryption password when the wallet is created. As I mentioned on Telegram, I've made my own workaround with a bash script but I still think that Wasabi should not store coldcard wallets locally. I think any user advanced enough to be using the microSD feature and creating PSBT's will realize that if they start Wasabi and their coldcard wallet is no longer listed, it still exists on the microSD or can be regenerated at any time with the coldcard. |
|
I would discourage anyone working on this. Deleting wallet also means deleting wallet related meta data, which is always expected to change, so this will be huge maintenance burden. Also it's dangerous. |
|
nopara73, |
|
I agree with your feature request to encrypt the sensitive public keys of the wallet. Currently, anyone with access to the hardware can fully de-anonymize the user. Yes, of course when the attacker has the hardware, most likely everything is screwed. But I think we should be as secure as possible. Well, this encryption is an entirely other issue... In regards of deleting only the cold card watch only wallet, the issue here is that Wasabi should not even know which hardware wallet is signing - and to encode the logic to check which wallet it is, and then delete only a certain one has lot's of complexity. This is for me a concept NACK, though maybe there's a nice way of implementing this. |
|
Thanks for your considered thoughts, Max. I'm not attached to any particular solution to this. My desire to anonymize the xpub (and the hardware wallet type, for that matter) for any hardware wallets is exactly aimed at mitigating the notion that "when the attacker has the hardware, most likely everything is screwed". As it is, wasabi clearly does know what hardware wallet is signing, and keeps a local copy of that info in cleartext after wasabi is shutdown. I mentioned in an earlier conversation that I would just implement a bash script that deletes my local coldcard wallet json upon shutdown. After seeing nopara73's remark about that being a potential problem, perhaps it would be better if I make my script instead encrypt/decrypt my local coldcard wallet file. I welcome any further thoughts by you or anyone, and appreciate your time. |
|
Ok, so I'd say that we agree, concept NACK for deleting wallet. If you agree, please close the issue :) @davterra, I really would like to see proper encryption of all sensitive data in Wasabi. If you have a working script, can you please make it public? Maybe even better, do you think you can work on a PR that does this within Wasabi? I've opened issue #1870 to continue the conversation under the proper title. |
|
Yes, agreed on deleting and I will close this issue. I don't yet have an encryption script and I'm leaving for a camping trip in a couple of hours. I will revisit next week. I'm actually a bit of a noob when it comes to github, filing issues, and PR's, etc. You opened this issue pursuant to a conversation we had on Telegram. Am I even able to close it? |
|
I meant it's dangerous for most people, probably not for those ones who can use GitHub:) |
|
Agree with this. This must be an option as @MaxHillebrand describes in the first comment. |
|
@nopara73 @danwalmsley @molnard Can we implement this ?. |
|
I think there solutions to mitigate accidents. For example, if the GUI asks for the wallet password and for the wallet name to delete. Some implementation notes:
|
|
🤦♂️ |
Problem
In the
Wallet Managertab, I can generate a new wallet, or load an existing one. Yet I cannot delete a wallet in the GUI.Solution
When right clicking the wallet name in
Load Walletshow a menu withDelete Wallet. When this is clicked, show a HUGE warning message that this will delete the private key, and if there is no backup, then there is no way of recovering funds send to this wallet. The wallet is only deleted after the password is typed in, and at least twoYes, I understand deleting the wallet is dangerouswarnings and buttons.Yes, there is a risk of loosing funds without a proper backup, but this risk is mitigated with the extra warnings. If the user want's to delete the wallet, then he should have the tools to do so. In some cases [in my case particular] the deleted wallet might be a testnet or copy of an already existing wallet.
This right click menu might also have the option to re-name the wallet, or to show the wallet details like fingerprint etc.
The text was updated successfully, but these errors were encountered: