search

danielmcclure / bitcoinj

Automatically exported from code.google.com/p/bitcoinj
Apache License 2.0
0 stars 1 forks source link

Wallet should have a password hint feature #574

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
I restored one of my wallets from an old backup and discovered none of the 
passwords I tried worked. I've had a few over time and presumably I forgot 
which one matches that wallet :( I should get the money back soon once my old 
laptop is finished being repaired but this still sucks.

Passwords are just inherently awful. People reuse the same password everywhere, 
etc. We can help a little bit by allowing a hint field to remind people what 
the password looks like. Should be an easy addition.

Original issue reported on code.google.com by mh.in.en...@gmail.com on 30 Jul 2014 at 7:35

GoogleCodeExporter commented 9 years ago 
Instead of a password hint field, why not put in full password recovery ?

We've coded this up in MBHD so it would be an easy lift.

We use the BIP39 seed phrase to generate an AES encryption key and then store 
the encrypted password in our wallet config. We pad short passwords so that we 
don't leak their existence (from the length of the encrypted password).
(Note we cannot put the encrypted password directly in our wallets as we AES 
encrypt all files - including the wallet - with the password).

On the UI we have an option to recover the password. User types in seed, the 
AES key is created, password decrypted and shown to user.

It's saved my bacon a couple of times already.

The code is in RestorePasswordReportPanelView#recoverPassword

Original comment by jimburto...@gmail.com on 30 Jul 2014 at 8:01

GoogleCodeExporter commented 9 years ago 
For completeness, just wanted to mention that in MBHD we also have an 'backup 
AES key' which is derived from the seed and used to encrypt backups. 

When you change a password you also want to change the encrypted copy you use 
for recovery.
Thus there is a bit of fiddling around because we don't store the seed directly.

If you have a look in the MBHD code at  WalletService#changeWalletPassword you 
get the details.

I can explain it more if you choose to implement it.

Original comment by jimburto...@gmail.com on 31 Jul 2014 at 2:56