The password is useless!

Consensys / eth-lightwallet

Lightweight JS Wallet for Node and the browser

MIT License

1.46k stars 501 forks source link

The password is useless! #199

Closed michealChin closed 6 years ago

michealChin commented 6 years ago

lightwallet.keystore.createVault({ password: password, seedPhrase: seed, hdPathString: "m/0'/0'/0'" }, function (err, ks) {..................

I found a very serious issue, for the method above, the password is useless, it doesn't care what value I assign to the password, seems the generated address only depends on the seedPhrase and hdPathString

coder5876 commented 6 years ago

@michealChin The password is not used in the sense of BIP32, the purpose is to locally encrypt the seed and private keys using the password, so changing the password don't change generated addresses.