[JOURNAL] Week 02 (Pradyuman)

[pradyuman-verma]

Name: Pradyuman Verma Topic: Week 2 Journal

What I learned:

• This week, I learned about double-spent attack and chain reorg; we also demonstrated this attack in local regtest mode. You can check out my blog.
• Checked the bcoin configuration file and, successfully ran multiple nodes on a different port and connecting them.
• Used different commands with their parameters, e.g. bcoin --network=regtest has many helpful parameters --log-level=info, --max-inbound, --max-outbound, --selfish.

Questions: Q1. What is api-key, and why it is used? -> It is a secret key used by RPC. It is required to access all endpoints. Otherwise, you will get a 401 unauthorised error is returned. The API key is set either in wallet.conf or the --api-key argument at launch. It is a general configuration not mandatory to use. Q2. What is a Wallet token? -> Every individual wallet has its security token, a 32-byte hash calculated from the wallet master key. A wallet is always created with a corresponding token. The token is returned when a wallet is created or from the bwallet-cli info API endpoint. When wallet-auth is set to true, the token must be sent in the query string or JSON body for any requests regarding that wallet. Requests with incorrect tokens are rejected with a 403 Forbidden error. Q3. What is wallet-auth? -> Without wallet-auth: true, other applications on your system could theoretically access your wallet through the HTTP server without any authentication barriers. wallet-auth: true requires a wallet's token to be submitted with every request, which add extra security.

[pinheadmz]

Great work, thanks for submitting!