Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor HD Wallets for Enhanced Security #7821

Merged
merged 34 commits into from
Nov 16, 2020
Merged

Refactor HD Wallets for Enhanced Security #7821

merged 34 commits into from
Nov 16, 2020

Conversation

rauljordan
Copy link
Contributor

@rauljordan rauljordan commented Nov 16, 2020
edited

What type of PR is this?

Refactor

What does this PR do? Why is it needed?

Our current HD wallet is extremely insecure, and other teams do not follow our convention. Currently:

  • We create a mnemonic for a user and tell them to write it down
  • We encrypt the seed derived from the mnemonic with their wallet password
  • We store the encrypted seed on disk
  • We load the seed to RAM upon startup of the validator
  • We generate N keys as needed at runtime by deriving them from the seed

If someone takes this seed, or dumps a validator's memory, they are screwed. Moreover, storing a seed on disk is still not an adequate substitute.

This PR advocates for a different approach to our HD wallet altogether. Instead, we make it a simple wrapper around our imported keymanager. During wallet creation, we now show the user a mnemonic and ask them to write it offline, then we ask the user to generate N accounts where N > 0. Then, we import those as keystore files into our imported keymanager. The seed nor mnemonic are never stored after this.

This PR also removes the accounts create command the RPC endpoint given there is no longer any way to create a new account in Prysm. This must be done by another tool such as ethdo or the deposit cli.

@rauljordan rauljordan requested a review from a team as a code owner November 16, 2020 01:33
@rauljordan rauljordan marked this pull request as draft November 16, 2020 01:33
rauljordan
rauljordan commented Nov 16, 2020
View reviewed changes
validator/accounts/wallet_create.go
@@ -9,7 +9,6 @@ import (
"github.com/manifoldco/promptui"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review these changes

validator/accounts/wallet_recover.go
@@ -36,7 +36,7 @@ type RecoverWalletConfig struct {
WalletDir string
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review these changes

validator/keymanager/derived/keymanager.go
@@ -6,61 +6,30 @@ import (
"fmt"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review this file

@rauljordan rauljordan self-assigned this Nov 16, 2020
@rauljordan rauljordan added Accounts Ready For Review A pull request ready for code review Security Security Related Issues labels Nov 16, 2020
@rauljordan rauljordan added this to the Diamond milestone Nov 16, 2020
@rauljordan rauljordan marked this pull request as ready for review November 16, 2020 20:10
prestonvanloon
prestonvanloon reviewed Nov 16, 2020
View reviewed changes
validator/accounts/wallet_recover.go Outdated Show resolved Hide resolved
validator/keymanager/derived/mnemonic.go Outdated Show resolved Hide resolved
@prylabs-bulldozer prylabs-bulldozer bot merged commit 7449eba into master Nov 16, 2020
@delete-merged-branch delete-merged-branch bot deleted the secure-hd-wallets branch November 16, 2020 22:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prestonvanloon prestonvanloon prestonvanloon approved these changes

@farazdagi farazdagi Awaiting requested review from farazdagi

@0xKiwi 0xKiwi Awaiting requested review from 0xKiwi

Assignees

@rauljordan rauljordan

Labels
Ready For Review A pull request ready for code review Security Security Related Issues
Projects
None yet
Milestone
Diamond
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rauljordan @prestonvanloon