search

feather-wallet / feather

A free and open-source Monero desktop wallet.
https://featherwallet.org
BSD 3-Clause "New" or "Revised" License
345 stars 51 forks source link

Hide (obscure) seed phrase when restoring a wallet #81

Open maltfield opened 1 year ago

maltfield commented 1 year ago

This ticket is a feature request to have the Feather Wallet obscure the characters typed-in when the user is entering their seed phrase to restore a wallet.

Why?

For security reasons, I have wallets in cold storage and only access them occasionally on a stateless session (eg in live distribution like TAILS or a "disposable VM" in QubesOS). Whenever I need to make a transaction from these wallets in cold storage, I need to restore the wallet.

My wallet seed phrases are stored in an offline, encrypted password database. So restoring the wallet in feather means decrypting the password database and copy/pasting the seed phrase into feather's input field.

Here's the problem: If I'm working in an office, then I always have to leave my desk and go lock myself in a single-occupancy room with my back to a wall. Sometimes I work from cafes. Sometimes I work in common spaces.

With the current implementation of the Feather Wallets's seed phrase input field, a single smartphone picture taken by someone else in the room during a restore could compromise all of the wallet's funds.

Secret Inputs should be obscured, per standards

The Web Hypertext Application Technology Working Group says the following about password input fields in their HTML Standard

The user agent should obscure the value so that people other than the user cannot see it.

As we're all used-to in web browsers, the default when typing a password is to obscure the input. Why would Feather deviate from that standard?

Solution

By default, Feather should not display any secret keys (like the seed phrase) on the screen. If a "display seed phrase" feature were to be implemented, then there should be a button with an "eye" icon that, when clicked, would de-obsecure the input field.

This would allow someone to restore their wallet in an office or other public or semi-public setting without giving away their seed phrase to anyone watching their screen

maltfield commented 1 year ago

See also https://github.com/spesmilo/electrum/issues/8157

tobtoht commented 10 months ago

Partially resolved. Since 2.6.0, you can click "Hide seed" to obscure the seed entry when restoring a wallet.

maltfield commented 10 months ago

@tobtoht fantastic, thank you!

How similar is the feather codebase to electurm? I wonder if we published links to your diffs in feather that implement this to the electrum ticket, they might be able to implement this feature as well?

Electrum said they'll accept a PR if someone implements the "obscure seed" feature on wallet restore. So anything we can do to lower the barrier of entry will be a boon for bitcoin/electrum users.