Add basic wallet encryption

[hivewallet]

https://en.bitcoin.it/wiki/Wallet_encryption https://en.bitcoin.it/wiki/Securing_your_wallet http://www.reddit.com/r/Bitcoin/comments/1cuwzm/multibit_v059_released_includes_wallet_encryption/ https://bitcointalk.org/index.php?topic=17240.0

[nschum]

TODO:

• Actually create an encrypted wallet (once we have a password from #47)
• Create a way of changing the password.
• Verify everything is wiped by looking a the memory
• See if we can migrate unprotected wallets easily.
• Decrypt when encrypting (to make sure everything works)

[nschum]

https://github.com/zorgiepoo/Bit-Slicer confirms the password stays in memory, though. I'll have to track it down.

[nschum]

Hmm... it looks like just typing in the NSTextField sometimes leaves the password somewhere in memory. :( Not even 1Password seems to manago to wipe the master password from memory.

[mackuba]

Not even 1Password seems to manago to wipe the master password from memory.

Lol, seriously?... Ok, that's a bit unexpected...

Would it be much work to write some kind of delegate to the NSTextField that intercepts all key presses, writes them to a clearable storage and makes sure they don't end up in the NSTextField (or send them there as asterisks or something, so that the dots still appear in the UI)?

[mackuba]

FYI, you can make todo lists in issues/comments like this :)

• [x] foo
• [ ] bar

[nschum]

I've tried some more tricks like sending fake input events to the field, but I definitely can't deterministically overwrite all copies.

Hacking around with the text field might work, but it comes with an huge risk: If the user does something we didn't think of and don't handle correctly (like typing a composed character or using the cursor keys), we could encrypt the wallet with a wrong password. I don't think that's a risk we should take.

I think the only way to go would be to create a text input field from scratch. Given the limited protection we get from this (anybody who can read memory probably can do everything else), I don't think that should be a priority. But it's curious that apparently nobody else has done that.

[nschum]

As discussed, closing this for now, since this seems to be the best we can do at the moment.