Too many actions requiring passphrase

[mister-game]

So many actions require you to enter your passphrase. this leads to the temptation to shorten or simplify the passphrase, which compromises the main purpose which is to protect funds. Only "send money to an outside address ( not your own) is necessary.

Unnecessary things protected by passphrase ..Generate new address ( I don't care if someone breaks into my house, unlocks my computer, unlocks my wallet, and generates an address) ..Start masternode ( waiting for remote activation) ..Masternode (Tab) select node: masternode Information prob many more that i don't use personally

[AzrielJale]

Many of these are very important to be under passphrase. Start Masternode for example, its a broadcast of special code that well, allows for masternode to start i assume, we dont want for anyone to hijack the broadcast, copy the wallet you have and impersonate your wallet, and keep turning on/off your masternode, that would be a fatal flaw.

While i assume even if the code to start/stop masternode would be hijacked. its still useless for hacker since he also needs to know passphrase, which passphrase obviously never gets broadcasted, you punch it in it never leaves your wallet, only public key gets broadcasted.

Alot seems like its overdoing things, some maybe is possible to simplify,just remember some things would be crucial to keep the way its programmed .

[AzrielJale]

Making your wallat remmber your passphrase forever would be possible i think, if you are reeeeeeally confident in your security game, both your physical PC and virtual.

As long as hacker wont get to you, that option would be something that you would benefit from, but on mass scale, its just not very good idea to implement, one one hand, someone who isnt tech savy keeps their wallet always open, and remembering password, so its their fault if they get funds stolen, but on other hand, we dont want 40% of community to lose funds this way, taht kills the coin.

Maybe a special build just for tech savyy people XD

[mister-game]

Imagine everything in your house had a password.  A password to turn on lights, a password to open the fridge. A password to turn on the t.v. What would happen.  First you would make all the passwords the same and as simple as possible. , Like 123.But what if all the passwords had to be the same, including the lock to your front door.  Now you can’t use 123 anymore.  On the other hand to make your front door secure, you can’t use fjqioewoewnvnqoeihq.  Because you’d have to enter that everytime you turn on a light.That is exactly the situation in the wallet.  I had to make my password less secure because I had to restart many masternodes, after the wallet update. ( and my wallet crashes if left unlocked ).I really don’t care if someone steals my wallet.dat , cracks the password and generates an address or starts my masternodes.  That’s like calling the police if someone broke into your house and turned on a light, then left.   Sent from Mail for Windows 10 From: AzrielJaleSent: Wednesday, December 4, 2019 4:42 PMTo: dogecash/dogecashCc: mister-game; AuthorSubject: Re: [dogecash/dogecash] Too many actions requiring passphrase (#35) Making your wallat remmber your passphrase forever would be possible i think, if you are reeeeeeally confident in your security game, both your physical PC and virtual.As long as hacker wont get to you, that option would be something that you would benefit from, but on mass scale, its just not very good idea to implement, one one hand, someone who isnt tech savy keeps their wallet always open, and remembering password, so its their fault if they get funds stolen, but on other hand, we dont want 40% of community to lose funds this way, taht kills the coin.Maybe a special build just for tech savyy people XD—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe. 

[mister-game]

Looks like I answered your last one first. I imagine in the hackers world it is fairly easy to scan your computer, find all the files that are named "wallet.dat" and upload them to his server. I guarantee if he spends several hours trying to brute force your password and succeeds, he is NOT going to start my masternodes. He is NOT going to generate more receiving addresses. He will send your coins to his wallet, and End of Story.

The same with a thief in your house. They want to get in AND out as quickly as possible. Steal your laptop, maybe check for jewelery, they aren't going to open your TV remote and subscribe you to premium channels.

On Wed, Dec 4, 2019 at 4:39 PM AzrielJale notifications@github.com wrote:

Many of these are very important to be under passphrase. Start Masternode for example, its a broadcast of special code that well, allows for masternode to start i assume, we dont want for anyone to hijack the broadcast, copy the wallet you have and impersonate your wallet, and keep turning on/off your masternode, that would be a fatal flaw.

While i assume even if the code to start/stop masternode would be hijacked. its still useless for hacker since he also needs to know passphrase, which passphrase obviously never gets broadcasted, you punch it in it never leaves your wallet, only public key gets broadcasted.

Alot seems like its overdoing things, some maybe is possible to simplify,just remember some things would be crucial to keep the way its programmed .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dogecash/dogecash/issues/35?email_source=notifications&email_token=AN3OTCZ27KV7RJ6HI7TGQMDQW5UDTA5CNFSM4JTJJYNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF4FULY#issuecomment-561535535, or unsubscribe https://github.com/notifications/unsubscribe-auth/AN3OTC6RLRTY72AQ6CD35BLQW5UDTANCNFSM4JTJJYNA .

[mister-game]

and besides, the greatest threat to your password is a keylogger or a clipboard copier, so the less times you enter it, the more secure you are

On Wed, Dec 4, 2019 at 4:42 PM AzrielJale notifications@github.com wrote:

Making your wallat remmber your passphrase forever would be possible i think, if you are reeeeeeally confident in your security game, both your physical PC and virtual.

As long as hacker wont get to you, that option would be something that you would benefit from, but on mass scale, its just not very good idea to implement, one one hand, someone who isnt tech savy keeps their wallet always open, and remembering password, so its their fault if they get funds stolen, but on other hand, we dont want 40% of community to lose funds this way, taht kills the coin.

Maybe a special build just for tech savyy people XD

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dogecash/dogecash/issues/35?email_source=notifications&email_token=AN3OTC2W5NCN5UYTM4GNWE3QW5UQHA5CNFSM4JTJJYNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF4F45A#issuecomment-561536628, or unsubscribe https://github.com/notifications/unsubscribe-auth/AN3OTC4UTTQD4EIYJEPKUA3QW5UQHANCNFSM4JTJJYNA .

[Liquid369]

Would you prefer to keep this issue open or issue #45

[mister-game]

I'll check 45, whatever's easiest