Bitcoin Forum

Hi,

I really miss a secondary password from Core. Right now you can start up the app and it just shows all your addresses and balances. You can't spend any (assuming your encrypted your wallet), but you can still see.

This is pretty bad IMHO. It opens up an avenue for "3rd party" to extort you knowing how much you have by simply firing up the exe (I know you can encrypt the drive, etc. but this should be in the client).

It would be great to add an optional secondary password.

How it would work:
When you fire up the app it would ask for your password, which should be different than the main password. This should be an "independent" 2nd encryption layer before the app even starts. Because of this "at the beginning decryption" the new feature should not impact the codebase "at all".

One more thing:
This layer should also give us plausible deniability. Basically encrypting X wallets and showing only that which matches the password entered. This could also be used to separate your coins (and avoid mistakes), but still keep them in one place.

We may put up a bounty to implement this? I would offer a "quarter" to anyone who implements this in core's codebase (0.25BTC to be clear ~$500 at present time;))

Am I the only one missing this? If you like the idea and can offer some bounty here, please do.

Counter arguments are also welcome ;)

Cheers,

You should use an encrypted disk.  If you do not, then there are a myriad other leaks that will expose what you were doing.  Having a second password would very likely increase the amount of funds lost though forgetting passwords.

And how would you explain the extra data in the wallet that doesn't decrypt?  It isn't so simple... plus with this comment you've gone from just an outer level of encryption to implementing multiple wallets in one file with a myriad of UI complications.

The best way is to steal wallet.dat from your computer. If thief have access to your OC he will steal wallet.dat file, not run Core client  :)


One way is to divide OC to "administrator" (with password) and "user". When system started it's uploaded as "user". Only "Administrator" has permission to run programs.

Assuming you didn't get the idea from hardware wallets in the first place, you should look into Trezor and / or Ledger. Trezor already covers this use case, Ledger AFAIK as well (I have no firsthand experience with the latter, but at least according to their documentation they do).

Thanks for the replies.

I do know and use encrypted disks. But that is more difficult for the average user than a secondary password would be (IMHO, for most users).

Having more lost/forgotten Bitcoins shouldn't be a problem because:
a) Secondary PW would be optional (hence "forgetting" basic users won't use it)
b) It could be the same as the real (just won't display balance without one)
c) REMEMBER your passwords :)

Hardware wallets:
I don't trust those. What if there is a kill switch implemented in the hardware? What if they go broke and you can't buy a new one? I don't like to depend on something not reproducible on any commodity hardware (or what depends on a server under someone else's control).

Plausible deniability
I agree, this is very hard to implement and will never be perfect. Wouldn't fool any "big players". But it would work for a robber or your wife ;)

I should probably re-think:
Why don't Core asks (can ask) for the one current password right at startup?
I mean the whole wallet should be encrypted including addresses and it simply won't work (or display balances) until the right password given  (still: there would be a need for PIN/password to confirm transfers and avoid mistakes, so _I think_ the system how we work with Core cries out for a two level PW system)?

I know little about Ledger, but Trezor is fully open source both hardware and software [1] as well as recoverable without the actual hardware [2].

[1] https://github.com/trezor
[2] https://multibit.org/help/hd0.3/restore-hardware-wallet.html

I checked out Trezor. Nice, but I still don't see how you can restore anything if no Trezor device available anymore.

I believe it won't solve the "balance visible without password' issue I wanted to "solve" wit this thread.

Trezor's documentation says:
"Even if the TREZOR is removed after use, the wallet and its addresses will still be viewable in watch-only mode. This way you can still view your balance, generate new addresses, and receive payments."

Is this only working until the Bitcoin client keeps running?
I mean after the Bitcoin client restarted it will need the Trezor key plugged in again and it won't show the balances?

if you have used Trezor please try and confirm if you can.

1) You can restore a Trezor without hardware by importing the seed keywords into Multibit as stated above (meaning you can from then on use the Multibit wallet to access your funds).

2) You can have your client "forget" your Trezor whenever you unplug it, meaning it won't show balances until PIN and password are entered.

3) You can actually set up multiple secondary passwords, thus having multiple hidden accounts with your Trezor. See here: https://blog.trezor.io/hide-your-trezor-wallets-with-multiple-passphrases-f2e0834026eb

That is really great! I mean the passphrase creating valid valets hence no way to know what is valid (or not).
Seems that everything I asked for IS possible with Trezor :)

Thanks for pointing to the right direction!

Thanks for let us take care

be like me and consider multiple trezor's get the three pack it is a discount.