When wallet password is enabled private keys are still accessible and BSQ / BTC funds can be sent without the need to enter password #5276
Comments
pazza83
changed the title
|
Hi are there any @bisq-network/bisq-devs able to take this on? Might be good to implement with #5152 |
|
I'll add this to my stack for the next cycle. @ripcurlx I'll take the assign |
|
This is not an easy issue to solve and as I mentioned in #5152 (comment) it has been discussed how to handle the wallet decryption in memory. Before we start implementing anything we need a good model. To take into account is that we might want to allow a remote app handling specific keys for a wallet to execute trades, but perhaps it shouldn't have access to the full wallet. |
|
Hi @sqrrm has this changed recently? The wiki refers to requiring your password to access the private keys: https://bisq.wiki/Manual_payout#Get_private_keys
Where is the discussion taking place about improving wallet security? What makes it not an easy issue to solve. Can't a password prompt just be added when the user presses Press Ctrl + j, alt +j or cmd + j? |
|
I don't think there has been any public discussions on this. There are different threat models at work here. One is the simple case where someone with access to an unlocked UI can send funds, that can easily be managed by requiring a password before funds are sent. This is the main case described in this issue. The other is the handling of keys in memory and what keys need to be available to handle trades. We could improve here but it's tricky since some keys need to be available for open offers and trades while others would not be needed. This is what I was thinking about but you're right that handling the first case is important and quite easy to do. |
|
Ok thanks for the information. I think protecting the private keys though a password prompt when pressing Ctrl + j, alt +j or cmd + j is a good first step. |
|
Hi @ripcurlx can this be approved for @wallclockbuilder to work on? |
He is already assigned to it. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This still needs to be implemented |
ghost
mentioned this issue
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This issue has been automatically closed because of inactivity. Feel free to reopen it if you think it is still relevant. |
Description
In Bisq when you enable a wallet password you can still access your private keys and send funds without needing your password.
This is not good for security.
Users might comfort knowing if they leave Bisq running while away from computer a password will still be required to send funds.
Version
v1.5.9
Steps to reproduce
Expected behaviour
When user has wallet password enabled password prompt is shown when doing the above 3 actions
Actual behaviour
When user has wallet password enabled no password prompt is shown when doing the above 3 actions. Funds can be send without password.
The text was updated successfully, but these errors were encountered: