Open mdpfeiffer opened 9 years ago
boxhock
commented
9 years ago Good points. Would it be able to place the key in paycoin.conf on first startup, then automatically move it to encrypted wallet.dat and delete it from paycoin.conf? Making it so it's saved and not necessary to place in paycoin.conf on next startup.
MitchellCash
commented
9 years ago Nice comment. I think the best focus would be to make the prime controllers more like the proposed micro-prime controllers.
I don't really see encrypting the .conf file as a good alternative. The .conf should be an easy to use file with basic configuration options not for a serious private key type situation. It's there for data directory, testnet etc. stuff that doesn't need to be secret.
IngCr3at1on
commented
9 years ago Yeah definitely won't be encrypting the conf file though to be fair it should only be readable by the user that created it...
The problem with adding it to the wallet.dat is there's no current way to remove it from the wallet.dat at a later time (even temporarily). I agree with @mitchellcash the best option IMHO is to leave it as is for now (until primes can be converted to address based).
Currently Prime Controller keys are activated by adding them to the paycoin.conf file. While the wallet itself can be locked and encrypted, the .conf file is plaintext. If a user employs a backup system like Dropbox that has any security holes, their PC key is also at risk.
At a minimum, new PC owners should be advised of the vulnerability and encouraged to exclude the file from backups, and to securely store a copy the key elsewhere (perhaps in a system like LastPass or 1Password). The new PC owner should also be advised that the device (laptop, desktop, rPi) containing the files should also be password secured and/or physically secured.
Eventually this vulnerability will be solved when Prime Controllers are structured more like micro-primes. So this is probably just a temporary security management issue, not necessarily in need of a solution, but in need of clear articulation of best practices.
I don't know if there's anything else to be done. Is it possible, for instance, to extend wallet encryption to include encryption of the paycoin.conf file?