I'm wondering whether this is a good idea, I can see both sides here. Allowing wallets with no password is convenient, but security is usually not convenient. If we do allow passwordless wallets (I'm personally against it, as the group of people with bad security practices and the group of people who will likely be using the GUI wallet will heavily overlap), I would be inclined to display a warning to the user that this is insecure, and have them explicitly agree that this is what they want.
Alternatively, I proposed a Stealth Wallet scheme for simplewallet in bitmonero here. If we use a stealthwallet scheme by default (eventually), no password on the base wallet would be less of a problem.
Edit: People in IRC brought up a good point, in asking where password enforcement would stop, if we enforced a password. If someone does enter no password though, I think a prominent warning (and explicitly agreeing that you know the risks) would be a good idea. The stealth wallet scheme would work with a blank password, so it wouldn't have any effects on plausible deniability.
I'm wondering whether this is a good idea, I can see both sides here. Allowing wallets with no password is convenient, but security is usually not convenient. If we do allow passwordless wallets (I'm personally against it, as the group of people with bad security practices and the group of people who will likely be using the GUI wallet will heavily overlap), I would be inclined to display a warning to the user that this is insecure, and have them explicitly agree that this is what they want.
Alternatively, I proposed a Stealth Wallet scheme for simplewallet in bitmonero here. If we use a stealthwallet scheme by default (eventually), no password on the base wallet would be less of a problem.
Edit: People in IRC brought up a good point, in asking where password enforcement would stop, if we enforced a password. If someone does enter no password though, I think a prominent warning (and explicitly agreeing that you know the risks) would be a good idea. The stealth wallet scheme would work with a blank password, so it wouldn't have any effects on plausible deniability.