Closed ytx1991 closed 3 years ago
latinvm
commented
3 years ago This makes a lot of sense, it was something that surprised me quite a bit. The private keys / mnemonic should be encrypted and password protected, being able to export them using a simple CLI command is asking for problems. A malicious 3rd party tool could easily wipe out entire wallets.
ytx1991
commented
3 years ago Exactly, I'm surprised too. This could be a serious security issue for everyone. Any software which has Internet access can steal the private keys potentially.
M-Covrig
commented
3 years ago Describe the request In case of some third-party software trying to use the CLI tool to access the users private keys, the CLI shouldn't show any sensitive information. There are many third-party plotting/mining tools may cause many users in a risk!
So, how can we separate the keys, still not clear 100%, if I don't store them on the harvester, will my plots will still be valid without the farm key. Which keys are stored in plots, the public ones or private? Thanks
ytx1991
commented
3 years ago Describe the request In case of some third-party software trying to use the CLI tool to access the users private keys, the CLI shouldn't show any sensitive information. There are many third-party plotting/mining tools may cause many users in a risk!
So, how can we separate the keys, still not clear 100%, if I don't store them on the harvester, will my plots will still be valid without the farm key. Which keys are stored in plots, the public ones or private? Thanks
Only public keys in the plot file. You don't need to add your key on the harvester as long as you are using SSL. The Chia plot check command may tell your plots on harvester are invalid but it's fine.
latinvm
commented
3 years ago I'm surprised this discussion has not gained more traction yet, basically all private keys should be password protected... when you start any Chia wallet/daemon that requires access to a private key it should be unlocked using a password.
github-actions[bot]
commented
3 years ago This issue has been flagged as stale as there has been no activity on it in 14 days. If this issue is still affecting you and in need of review, please update it to keep it open.
github-actions[bot]
commented
3 years ago This issue was automatically closed because it has been flagged as stale and subsequently passed 7 days with no further activity.
Describe the request In case of some third-party software trying to use the CLI tool to access the users private keys, the CLI shouldn't show any sensitive information. There are many third-party plotting/mining tools may cause many users in a risk!