Encrypt sensitive information upon Wasabi shutdown

MaxHillebrand commented 5 years ago

Problem

Wasabi is a privacy focused wallet, and it is succeeding on many fronts already. However, for every wallet, the master public key - the information needed for COMPLETE deanonymization of the transaction history - is in clear text within the .walletwasabi folder. An attacker would need access to the disk, and yes, when that is the case, we assume that everything is screwed, but we should do our best to defend as much as possible.

Solution

When the wallet is closed, encrypt the sensitive data [zpub, labels, anonset etc, probably everything other than wallet name and fingerprint] with the password the user set at wallet creation.

When loading a wallet, the password is required to decrypt this sensitive information, and then load the wallet.

Advantages

Better privacy, even if hard drive is compromised
Less risk of loss of funds, because password is required before an address can be generated
Much more...

nopara73 commented 5 years ago

https://github.com/zkSNACKs/Meta/issues/58 https://github.com/zkSNACKs/Meta/issues/39 https://github.com/zkSNACKs/Meta/issues/36

yahiheb commented 4 years ago

When the wallet is closed, encrypt the sensitive data [zpub, labels, anonset etc, probably everything other than wallet name and fingerprint] with the password the user set at wallet creation.

This is not possible because Wasabi doesn't store the user password (passphrase).

zkSNACKs / zIPs