Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Questions about encryption #7

Closed
chrismarquardt opened this issue Jul 27, 2014 · 6 comments
Closed

Questions about encryption #7

chrismarquardt opened this issue Jul 27, 2014 · 6 comments

Comments

@chrismarquardt
Copy link

How exactly are the cold storage keys encrypted?
What does "Check private keys" do?

I would only trust bigger amounts to a cold wallet if I knew how the keys are treated and if I could export my private keys.
@bithernet
Copy link
Contributor

How exactly are the cold storage keys encrypted?
Bither use the same encryption method as Bitcoinj (AES256).

What does "Check private keys" do?
After your correctly input the password, Bither will validate all the private keys to confirm they are totally match with the addresses.
There are two reasons why we provide this function:

  1. You don't need to sign a new transaction to make sure you own the money, and the only thing you need to do is "check".
  2. People often forget things, especially the passwords that we don't often use. So checking private keys periodly will help us to memorise the password.

You should try Bither with small amount of bitcoins (serveral mBTCs) first. After familiar with our product and prepare enough backup devices (cold wallet phones and backup SD Cards), you can try a little bigger amounts.
We will provide more advanced options for private key management in the future version.
Notice : Don't uninstall Bither while there are bitcoins in it, otherwise that will cause the money loss.

Thanks again.
Sincerely,

Wen Hao

@chrismarquardt
Copy link
Author

Thanks!
Chris

@chrismarquardt
Copy link
Author

One more question about encryption: I understand private keys have to be decrypted in memory. How long are they kept in memory after decryption? I'm asking because I know several exploits of other systems steal information from system memory and even though iOS apps are sandboxed, you cannot be too paranoid with these things.

@bithernet
Copy link
Contributor

Good question, they are keeping in memory in a very short term. After finish checking each private key, the memory will be released.

@songchenwen
Copy link
Contributor

We will clear the memory of decrypted private keys as soon as we can. Detail follows:

  1. When we do things like calculating the public keys and sign transactions, we'll need the decrypted private keys.
  2. Then we ask the user for the password.
  3. Decrypt the private keys.
  4. Clear the memory of the password.
  5. Do the things we mean to do (calculating public keys, sign transactions).
  6. Clear the memory of the decrypted keys.

@bithernet
Copy link
Contributor

close this issue :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chrismarquardt @songchenwen @bithernet