encryptwallet password entered in clear #15318

issue darosior openend this issue on February 1, 2019
  1. darosior commented at 5:38 pm on February 1, 2019: member

    When using the RPC command encryptwallet in the CLI, the password used to encrypt it has to be entered as an argument and thus can be retrieved with reverse-search for “encryptwallet”. I thought that the password for encryptwallet (as well as for walletpassphrase) should be asked interactively.

    I wanted to submit a PR to change CommandLineRPC (https://github.com/bitcoin/bitcoin/blob/b8b0b8ced7fa918ae00b697e5696b1950dfb714c/src/bitcoin-cli.cpp#L444 ) so that if encryptwallet or ẁalletpassphrasecommand is passed tobitcoin-cli`, it asks interactively for the password, is it the right way to do it ? Is there any reason why passwords are passed in clear in the CLI ?

  2. jonasschnelli commented at 11:54 pm on February 1, 2019: contributor
    Hasn’t that been implemented with bitcoin-cli’s -stdinrpcpass in #10997?
  3. jonasschnelli added the label Wallet on Feb 1, 2019
  4. darosior commented at 12:05 pm on February 2, 2019: member
    Yes, it has been and I did not see it. However should not the stdin way be imposed ?
  5. KanoczTomas commented at 4:42 pm on February 2, 2019: none
    I think explicitly imposing it if pass not given would be nice. It would add to user experience!
  6. darosior commented at 7:16 pm on February 2, 2019: member
    @jonasschnelli actually I was wrong -stdinrpcpass was only related to the RPC password.
  7. jonasschnelli commented at 9:17 pm on February 2, 2019: contributor

    Oh. Yes. Your right. I guess there is no solution for bitcoin-cli right now. But you can always use other RPC clients.

    Encryption could be implemented in wallet-tool.. Unlocking needs probably to go via RPC (eventually stdin function for walletpassphrase.. but meh).

  8. darosior commented at 10:58 am on February 3, 2019: member
    It was not for my personal use but to improve it. A PR would not be welcomed for this case ?
  9. darosior referenced this in commit dac84d2e44 on Feb 4, 2019
  10. darosior referenced this in commit 3e9a00e560 on Feb 5, 2019
  11. darosior referenced this in commit 20816de7ed on Feb 5, 2019
  12. darosior referenced this in commit 799c543778 on Feb 7, 2019
  13. darosior referenced this in commit c95d57d932 on Feb 11, 2019
  14. darosior referenced this in commit 1867f27c90 on Feb 12, 2019
  15. darosior referenced this in commit 3e9d5dfb9f on Feb 13, 2019
  16. darosior referenced this in commit 00b422bef1 on Feb 13, 2019
  17. adamjonas commented at 6:43 pm on April 24, 2020: member
    This was closed by https://github.com/bitcoin/bitcoin/pull/13716
  18. MarcoFalke closed this on Apr 24, 2020
  19. DrahtBot locked this on Feb 15, 2022


darosior jonasschnelli KanoczTomas adamjonas

Labels
Wallet

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-09-29 04:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me