8000 walletpassphrase CLI / RPC not intuitive and unsafe to use · Issue #768 · Veil-Project/veil · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
walletpassphrase CLI / RPC not intuitive and unsafe to use #768
New issue
New issue
Open
Open
walletpassphrase CLI / RPC not intuitive and unsafe to use#768
Labels
Component: RPCRelated to the console commands themselves.Component: WalletRelating to keystore, tx creation, and balance trackingIssue Type: Change RequestThe way something is done in the application should be changed.Priority: 1 - LowNon-critical, low impact
Milestone
 
v2.0.0
@mimirmim

Description

@mimirmim
mimirmim
opened on Apr 5, 2020

When using walletpassphrase, it can be awkward. Switching between staking on and the moment you want to send some coins for instance isn't as intuitive as in the wallet. Further, the fact that you must enter your passphrase in plainttext is kind of a large issue in the CLI. I understand this issue persists in Bitcoin too. Also, if you unlock for staking only, I would imagine that the timeout value should by default be unlocked for an infinite amount of time. Who would want to come back every so often just to unlock their wallet only for staking when it times out?

If I have my wallet unlocked for staking only I should be prompted for my passphrase when sending coins. I should not have to unlock my wallet just for 60 seconds just to send coins, then re-lock it for staking only. Further, the prompt shouldn't expose my password if its the CLI. RPC is different as it's expected that you should use https. That may cause an issue as CLI and RPC share the same methods.

Example of steps taken to send coins then reunlock to allow for staking only:

# Initial enable staking some point in the past, must set long timeout so we don't stop staking soon
veil-cli walletpassphrase <password> true <long timeout>
# Unlock to send coins and set a short timeout incase I forget to relock
veil-cli walletpassphrase <password> false <short timeout>
# Send coins
veil-cli sendringcttoringct <address> <amount>
# Now lets reunlock with a long timeout for staking only
veil-cli walletpassphrase <password> true <long timeout>

Proposed change:

# Initial enable staking some point in the past, infinite timeout implied
veil-cli walletpassphrase <password> true
# Send coins and include password to unlock the wallet
veil-cli sendringcttoringct <address> <amount> <password>

Even better security conscious change:

# Initial enable staking some point in the past, infinite timeout implied
veil-cli walletpassphrase <password> true
# Send coins and include password to unlock the wallet
veil-cli sendringcttoringct <address> <amount>
Wallet password?
Password ⚩: *********************************

The last example would be best so that someone isn't able to extract a password and still can be fit into the CLI, perhaps.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Component: RPCRelated to the console commands themselves.Component: WalletRelating to keystore, tx creation, and balance trackingIssue Type: Change RequestThe way something is done in the application should be changed.Priority: 1 - LowNon-critical, low impact

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0