dscotese
commented
2 years ago https://github.com/TomFrost/Cryptex has been incorporated into the password branch.
Closed dscotese closed 2 years ago
dscotese
commented
2 years ago https://github.com/TomFrost/Cryptex has been incorporated into the password branch.
The key and secret used to trade on the exchange (currently Kraken) are store in cleartext at this time. This allows anyone with access to the machine where the bot runs to gain the same access to the exchange account that the bot uses. A simple way to mitigate this potential problem is to encrypt that file with a password.
The plan is to store a javascript object in that file instead of the space-delimited two values that are currently in there. If the user chooses a password and it is used as the key to encrypt the javascript object, attempts to decrypt it with anything but the password will either fail or produce something that is not a properly formatted string representation of a javascript object. Thus, no password validation is necessary. If the user forgets their password, they simply have to re-enter their API keys and other info stored in that file.
What is a good encryption method for this application?