Currently Umbrel stores the seed phrase in plain-text inside the file /data/umbrel-os/home/umbrel/umbrel/app-data/lightning/data/lightning/state.json which is a concern. Should anyone have physical access to the hardware running the node could just mount the Filesystem and have easier access to the funds on-chain.
Can this be improved by storing the seed phrase in a AES-256 encrypted file which may use Umbrel password to unlock it, so in the case the node is stolen the owner has some time to access the funds and transfer elsewhere from that wallet ? Some Hot Wallets use similar techniques in order to store seed phrases on users computer
For reference one technique used is based on 7-zip encryption which uses AES-256 but that may be others.
Currently Umbrel stores the seed phrase in plain-text inside the file
/data/umbrel-os/home/umbrel/umbrel/app-data/lightning/data/lightning/state.jsonwhich is a concern. Should anyone have physical access to the hardware running the node could just mount the Filesystem and have easier access to the funds on-chain.Can this be improved by storing the seed phrase in a AES-256 encrypted file which may use Umbrel password to unlock it, so in the case the node is stolen the owner has some time to access the funds and transfer elsewhere from that wallet ? Some Hot Wallets use similar techniques in order to store seed phrases on users computer
For reference one technique used is based on 7-zip encryption which uses AES-256 but that may be others.