D4nte
commented
4 years ago Please note that to tackle the added todo to flush the db, I need to extract the business logic from the network behaviour to allow it to be async.
I'll do that in a follow-up PR.
bors[bot]
As per my email on the mailing list, I was not convinced about our usage of swap id to derive the bitcoin transient keys.
After more thought on the matter, adding a condition of knowing the swap id to be able to derive the bitcoin transient keys is adding one more barrier towards facilitating ongoing swap recoveries when the database is lost.
The other barrier is knowing the other party's Bitcoin address and the secret hash.
While this PR does not allow recovery of ongoing swaps after DB loss, it does make it slightly easier. We also use a more standard way of generating keys (BIP32) than before.
Finally, one of the key change here is that the seed is not always store in memory in the
bitcoin::Wallet. Which means a bit less changes of leaking or cold boot attacks, do not it does not prevent them, it's just moving towards some better security practices.Some clean up of the network also done. Thanks @thomaseizinger for the fun and interesting pair programming session.