Review Chia private key & wallet security best practices - implement and document for Machinaris.

[guydavis]

We inherited the keys=/root/.chia/mnemonic.txt behavior from the official Chia Docker, but there needs to be a better way to handle the private key and/or keyring.

Some notes:

• When mode=plotter, we can now just pass farmer_pk and pool_pk, so that's good.
• When mode=harvester, we can import the farmer's ca and not require mnemonic.txt, so that's good.
• But when mode=[farmer|fullnode], we need a better approach to private key security. Currently, mnemonic.txt is required on first launch to initialize Chia services.
• Best practice is to change the payout address to a cold wallet so that coins do not accumulate in the main wallet used by Machinaris.

Some references:

• How To Create A Cold Wallet For Chia Coin and Chia Forks: great video tutorial by Digital Spaceport
• https://thechiaplot.net/secure-farming/

I'm opening this thread and calling for discussion and assistance to find best practices and approaches. Any contributions of wiki documentation and code pull requests are welcomed. A "Security" discussion channel has also been opened our our Discord. Come share good ideas!

[HitLuca]

Is mnemonic.txt needed more than once? Because having it deleted after startup would already be something

[guydavis]

Thanks for the suggestion. Back in late May, when I last tested starting an existing fullnode without invoking chia keys add, I was getting errors related to the wallet, perhaps due that Chia version.

However, based on your suggestion, I have just re-tested this scenario, with an empty mnemonic.txt, and now things are working? Farming is running and the wallet seems available. I need to test this further to determine exactly which conditions this works under.

[JakubSido]

I see more problems... If forks, or (sorry) machinaris get access to the phrase ... even if I use a cold wallet, there is still an issue with manipulation with: 1) plot NFT (pool change/self pooling) -- So the attacker can change pool or even change to self pooling 2) communicate with a pool and change payout address

So, the cold wallet can save my already farmed coins. But the future of the plots and future rewards are compromised.

Am I wrong? Are there any other options to solve those problems? A cold wallet is not sufficient I think

I have also tried to open this question on official chia github.. See https://github.com/Chia-Network/chia-blockchain/discussions/9007

[guydavis]

I see more problems... If forks, or (sorry) machinaris get access to the phrase ... even if I use a cold wallet, there is still an issue with manipulation with:

1. plot NFT (pool change/self pooling) -- So the attacker can change pool or even change to self pooling
2. communicate with a pool and change payout address So, the cold wallet can save my already farmed coins. But the future of the plots and future rewards are compromised.

Hi. Great points! Yes, you are absolutely correct. The value of plots is tied to the private key encoded in the mnemonic. For that reason, each person in this blockchain farming ecosystem must assess their own risk/reward position. For some, that will mean:

1. Only running the official software, without any 3rd party tools. They must also ensure their farming systems are not compromised by malware and remote exploits, as we all must do these days using Internet-connected systems.
2. OR not even running official farming software, instead using Flexfarmer to only harvest for example.
3. Others still will want to participate in the blockchain fork community, cross-farming the same plots to obtain those additional rewards. This, by definition, will expand the exposure surface for one's mnemonic key. Many will find that an acceptable trade-off, particularly when combined with a cold wallet.

Only each individual can determine their own risk tolerance in pursuit of blockchain rewards by farming plots. Machinaris will continue to serve those interested in more than one blockchain in as secure a manner as possible. Hope this helps answer your question!

[JakubSido]

I am not here to hate :-) I just really want to find some safe way to do it.

I believe, there should be another way instead of sharing the keyphrase. It should be possible to farm without a wallet sk.

What about not sharing the phrase but only map private keys needed for farming into the containers and keep unnecessary keys hidden?

[guydavis]

Yes, good suggestion. Like in the official Chia docker, it's possible to set the keys environment variable to persistent. Then no mnemonic is required, but all key import and management is responsibility of the advanced user.