doc: Explain what the wallet password does #18085

issue maflcko openend this issue on February 6, 2020
  1. maflcko commented at 7:49 pm on February 6, 2020: member

    It would be nice to better explain what the wallet password does. For example we could expalin, that

    • it is not the seed
    • it does not protect against a 5$ wrench
    • it might protect against a stranger walking up to an unlocked screen with a Bitcoin Core wallet running
    • it doesn’t encrypt metadata or pubkeys
    • it results in loss of funds if the password is too complex and forgotten
  2. maflcko added the label Feature on Feb 6, 2020
  3. maflcko added the label Brainstorming on Feb 6, 2020
  4. maflcko added the label Docs on Feb 6, 2020
  5. jonasschnelli commented at 8:34 pm on February 6, 2020: contributor

    A possible (imagined) use case where things would go wrong with the current concept/info:

    • Bob installs Core, IBDs
    • Bob creates a new receiving address with the label “xxx money”
    • Bob buys a few “item” online and uses “pretty honest” labels
    • Bob then decides to encrypt the wallet since he used words that are not meant to be read by his wife Alice
    • Bob closes the wallet and shutdown Core
    • Bob sleeps well since he knows the wallet is encrypted
    • Alice opens “Bitcoin” (Bitcoin Core), inspects the applications,… and no longer talks to Bob

    Another user-story where things can go wrong:

    • Bob installs Core, IBDs
    • Bob encrypts the wallet (doesn’t read the warning blablas)
    • Bob stack sats over 2-3 years
    • Bob totally forgot that he initially encrypted the wallet since it uses keypools
    • Bob finally wants to send some of his Bitcoins to a Alice
    • Bob is surprised by the password request (he started the application many times and didn’t get asked for a password)
    • Bob no longer remembers the password and loses his fortune forever
    • A possible option could be to encrypt not only the keys (or the seed later) but also the metadata (derived addresses, scripts, labels, transactions) and request the passphrase at startup.
    • To avoid keeping the private-key encryption key for loo long in memory, we could KDF a different key for metadata that stays the whole session in memory (leading to too different timeouts, one for spends, one for the loaded wallet)
    • In general, the doctrine could be that the persistent content (wallet.dat) must always completely encrypted. After entering the passphrase, it deflates/decrypts metadata, keypools, descriptors into memory only.
    • A password re-entry when spends happen could still be made (eventually with the short inmemory timespan KDF-ed key)
    • Enter the passphrase more often (at startup / load-time of a wallet plus additional timeout) prevents from lost funds through lost passphrase.
  6. Bosch-0 commented at 4:49 am on September 8, 2020: none

    A possible option could be to encrypt not only the keys (or the seed later) but also the metadata (derived addresses, scripts, labels, transactions) and request the passphrase at startup.

    This would be an improvement on the current GUI UX and improve privacy in some niche scenarios (such as jonas’s first scenario). Most wallets I know of also currently do this so would be more familiar to new users / easier to onboard them.

    Another suggestion could be a reminder the to re-enter their password using spaced repetition to prevent uses forgetting / miss placing their password - signal private messenger does this well.

    Signal includes a built-in reminder feature that uses spaced repetition. To help you memorize your PIN, Signal will periodically ask you to confirm it. These reminders occur at the following intervals after the feature is first enabled: 12 Hours 1 Day 3 Days 7 Days 14 Days

    CC @GBKS @johnsBeharry

  7. GBKS commented at 8:50 am on September 8, 2020: none

    I’m also familiar with the requirement of having to enter the password when starting the application and again for making transfers.

    One thing that would be fantastic is integration with password managers. I’d like to use Keychain to store credentials and Touch ID (Face ID, etc) to identify myself (as appropriate). Wonder if that’s easily possible as each OS might go about this differently, but I think this would be great to have as people probably already rely on these system utilities.

    Encrypting all personal/local data seems logical.

    The spaced repetition reminder is interesting. I am curious how effective it’s been for Signal.

  8. willcl-ark added the label good first issue on Sep 21, 2023
  9. maflcko commented at 4:25 pm on September 21, 2023: member

    Seems like a good first issue

    Useful skills:

    • Knowledge about the wallet
    • Compiling Bitcoin Core and using the RPC
    • Writing documentation

    Want to work on this issue?

    For guidance on contributing, please read CONTRIBUTING.md before opening your pull request.

  10. jkyiv commented at 11:12 pm on November 7, 2023: none
    Where in the existing documentation can one read about bitcoin core’s use of keypools? That’s the one part of the story scenarios (@jonasschnelli 2nd story) that I don’t yet understand. Thanks!
  11. kouloumos commented at 7:46 am on November 8, 2023: contributor

    Where in the existing documentation can one read about bitcoin core’s use of keypools? That’s the one part of the story scenarios (@jonasschnelli 2nd story) that I don’t yet understand. Thanks!

    The comments at the relevant class provide context about keypools https://github.com/bitcoin/bitcoin/blob/82ea4e787c791acbc85fd3043dd6bae038cba4f2/src/wallet/scriptpubkeyman.h#L55-L108

    Also, if you want to get a quick understanding of the wallet’s inner workings (including encryption, use of passphrase, etc.) you can read the Wallet chapter of the Onboarding to Bitcoin Core guide.

  12. Thanos107 commented at 5:55 pm on December 17, 2023: none

    This is my first real contribution and I would like to contribute to the Blockchain/Bitcoin Space.

    I just wanted to ask if I have to create a new Readme file in the Docs folder or change an existing file.

  13. S3RK commented at 7:56 am on December 18, 2023: contributor
    @Thanos107 #28974 already addresses this issue. Maybe you want to take a look at another one?
  14. achow101 closed this on Apr 23, 2024
  15. achow101 referenced this in commit 4aa18cea82 on Apr 23, 2024


maflcko jonasschnelli Bosch-0 GBKS jkyiv kouloumos Thanos107 S3RK

Labels
Feature Brainstorming Docs good first issue

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-21 15:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me