Bitcoin Forum
October 17, 2018, 06:45:28 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Core secondary password  (Read 1316 times)
Gabrics
Jr. Member
*
Offline Offline

Activity: 47
Merit: 4


View Profile
July 16, 2017, 01:13:56 PM
 #1

Hi,

I really miss a secondary password from Core. Right now you can start up the app and it just shows all your addresses and balances. You can't spend any (assuming your encrypted your wallet), but you can still see.

This is pretty bad IMHO. It opens up an avenue for "3rd party" to extort you knowing how much you have by simply firing up the exe (I know you can encrypt the drive, etc. but this should be in the client).

It would be great to add an optional secondary password.

How it would work:
When you fire up the app it would ask for your password, which should be different than the main password. This should be an "independent" 2nd encryption layer before the app even starts. Because of this "at the beginning decryption" the new feature should not impact the codebase "at all".

One more thing:
This layer should also give us plausible deniability. Basically encrypting X wallets and showing only that which matches the password entered. This could also be used to separate your coins (and avoid mistakes), but still keep them in one place.

We may put up a bounty to implement this? I would offer a "quarter" to anyone who implements this in core's codebase (0.25BTC to be clear ~$500 at present time;))

Am I the only one missing this? If you like the idea and can offer some bounty here, please do.

Counter arguments are also welcome Wink

Cheers,
1539758728
Hero Member
*
Offline Offline

Posts: 1539758728

View Profile Personal Message (Offline)

Ignore
1539758728
Reply with quote  #2

1539758728
Report to moderator
1539758728
Hero Member
*
Offline Offline

Posts: 1539758728

View Profile Personal Message (Offline)

Ignore
1539758728
Reply with quote  #2

1539758728
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539758728
Hero Member
*
Offline Offline

Posts: 1539758728

View Profile Personal Message (Offline)

Ignore
1539758728
Reply with quote  #2

1539758728
Report to moderator
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2534
Merit: 1545



View Profile
July 16, 2017, 08:00:33 PM
 #2

Hi,

I really miss a secondary password from Core. Right now you can start up the app and it just shows all your addresses and balances. You can't spend any (assuming your encrypted your wallet), but you can still see.

This is pretty bad IMHO. It opens up an avenue for "3rd party" to extort you knowing how much you have by simply firing up the exe (I know you can encrypt the drive, etc. but this should be in the client).

You should use an encrypted disk.  If you do not, then there are a myriad other leaks that will expose what you were doing.  Having a second password would very likely increase the amount of funds lost though forgetting passwords.

Quote
This layer should also give us plausible deniability. Basically encrypting X wallets and showing only that which matches the password entered. This could also be used to separate your coins (and avoid mistakes), but still keep them in one place.
And how would you explain the extra data in the wallet that doesn't decrypt?  It isn't so simple... plus with this comment you've gone from just an outer level of encryption to implementing multiple wallets in one file with a myriad of UI complications.

Bitcoin will not be compromised
TechPriest
Sr. Member
****
Offline Offline

Activity: 353
Merit: 255



View Profile
July 16, 2017, 10:57:00 PM
 #3

I really miss a secondary password from Core. Right now you can start up the app and it just shows all your addresses and balances. You can't spend any (assuming your encrypted your wallet), but you can still see.
The best way is to steal wallet.dat from your computer. If thief have access to your OC he will steal wallet.dat file, not run Core client  Smiley


We may put up a bounty to implement this? I would offer a "quarter" to anyone who implements this in core's codebase (0.25BTC to be clear ~$500 at present time;))
One way is to divide OC to "administrator" (with password) and "user". When system started it's uploaded as "user". Only "Administrator" has permission to run programs.

In science we trust!
HeRetiK
Hero Member
*****
Offline Offline

Activity: 896
Merit: 751


the forkings will continue until morale improves


View Profile
July 17, 2017, 12:20:20 PM
 #4

Hi,

I really miss a secondary password from Core. Right now you can start up the app and it just shows all your addresses and balances. You can't spend any (assuming your encrypted your wallet), but you can still see.

This is pretty bad IMHO. It opens up an avenue for "3rd party" to extort you knowing how much you have by simply firing up the exe (I know you can encrypt the drive, etc. but this should be in the client).

It would be great to add an optional secondary password.

Assuming you didn't get the idea from hardware wallets in the first place, you should look into Trezor and / or Ledger. Trezor already covers this use case, Ledger AFAIK as well (I have no firsthand experience with the latter, but at least according to their documentation they do).

Gabrics
Jr. Member
*
Offline Offline

Activity: 47
Merit: 4


View Profile
July 19, 2017, 06:33:30 PM
 #5

Thanks for the replies.

I do know and use encrypted disks. But that is more difficult for the average user than a secondary password would be (IMHO, for most users).

Having more lost/forgotten Bitcoins shouldn't be a problem because:
a) Secondary PW would be optional (hence "forgetting" basic users won't use it)
b) It could be the same as the real (just won't display balance without one)
c) REMEMBER your passwords Smiley

Hardware wallets:
I don't trust those. What if there is a kill switch implemented in the hardware? What if they go broke and you can't buy a new one? I don't like to depend on something not reproducible on any commodity hardware (or what depends on a server under someone else's control).

Plausible deniability
I agree, this is very hard to implement and will never be perfect. Wouldn't fool any "big players". But it would work for a robber or your wife Wink

I should probably re-think:
Why don't Core asks (can ask) for the one current password right at startup?
I mean the whole wallet should be encrypted including addresses and it simply won't work (or display balances) until the right password given  (still: there would be a need for PIN/password to confirm transfers and avoid mistakes, so _I think_ the system how we work with Core cries out for a two level PW system)?
HeRetiK
Hero Member
*****
Offline Offline

Activity: 896
Merit: 751


the forkings will continue until morale improves


View Profile
July 20, 2017, 12:06:15 AM
 #6

Hardware wallets:
I don't trust those. What if there is a kill switch implemented in the hardware? What if they go broke and you can't buy a new one? I don't like to depend on something not reproducible on any commodity hardware (or what depends on a server under someone else's control).

I know little about Ledger, but Trezor is fully open source both hardware and software [1] as well as recoverable without the actual hardware [2].

[1] https://github.com/trezor
[2] https://multibit.org/help/hd0.3/restore-hardware-wallet.html

Gabrics
Jr. Member
*
Offline Offline

Activity: 47
Merit: 4


View Profile
July 20, 2017, 12:56:16 AM
 #7

I checked out Trezor. Nice, but I still don't see how you can restore anything if no Trezor device available anymore.

I believe it won't solve the "balance visible without password' issue I wanted to "solve" wit this thread.

Trezor's documentation says:
"Even if the TREZOR is removed after use, the wallet and its addresses will still be viewable in watch-only mode. This way you can still view your balance, generate new addresses, and receive payments."

Is this only working until the Bitcoin client keeps running?
I mean after the Bitcoin client restarted it will need the Trezor key plugged in again and it won't show the balances?

if you have used Trezor please try and confirm if you can.
HeRetiK
Hero Member
*****
Offline Offline

Activity: 896
Merit: 751


the forkings will continue until morale improves


View Profile
July 20, 2017, 07:16:16 AM
 #8

I checked out Trezor. Nice, but I still don't see how you can restore anything if no Trezor device available anymore.

I believe it won't solve the "balance visible without password' issue I wanted to "solve" wit this thread.

Trezor's documentation says:
"Even if the TREZOR is removed after use, the wallet and its addresses will still be viewable in watch-only mode. This way you can still view your balance, generate new addresses, and receive payments."

Is this only working until the Bitcoin client keeps running?
I mean after the Bitcoin client restarted it will need the Trezor key plugged in again and it won't show the balances?

if you have used Trezor please try and confirm if you can.


1) You can restore a Trezor without hardware by importing the seed keywords into Multibit as stated above (meaning you can from then on use the Multibit wallet to access your funds).

2) You can have your client "forget" your Trezor whenever you unplug it, meaning it won't show balances until PIN and password are entered.

3) You can actually set up multiple secondary passwords, thus having multiple hidden accounts with your Trezor. See here: https://blog.trezor.io/hide-your-trezor-wallets-with-multiple-passphrases-f2e0834026eb

Gabrics
Jr. Member
*
Offline Offline

Activity: 47
Merit: 4


View Profile
July 28, 2017, 07:07:23 PM
 #9

That is really great! I mean the passphrase creating valid valets hence no way to know what is valid (or not).
Seems that everything I asked for IS possible with Trezor Smiley

Thanks for pointing to the right direction!
Mtoo
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
July 28, 2017, 08:13:06 PM
 #10

Thanks for let us take care
philipma1957
Legendary
*
Offline Offline

Activity: 2254
Merit: 1352


Avalon 841 rocks


View Profile
July 28, 2017, 08:22:32 PM
 #11

be like me and consider multiple trezor's get the three pack it is a discount.


I mine alt coins with https://simplemining.net...
I see BTC as the super highway and alt coins as taxis and trucks needed to move transactions.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!