When using bitcoind and unlocking wallet.dat from the command prompt, with the current implementation the passphrase will be stored plaintext in the command buffer on many operating systems. The command-line implementation should be changed such that an unlock command may (optionally) be issued without specifying the passphrase and have the user prompted for the passphrase from within the application so that it does not enter the buffer.
-
enmaku commented at 5:13 PM on October 3, 2011: contributor
-
alexwaters commented at 5:47 PM on October 3, 2011: contributor
Gavin discussed the whack-a-mole security issues with sensitive data being stored in memory, and I think this falls into that category. IMO this is more of a problem outside the scope of Bitcoin, but still important to be mindful of. Regardless, obscuring this data could slow down or prevent a potential attack.
Can you propose how we could prevent this?
-
tcatm commented at 5:49 PM on October 3, 2011: none
One simple solution would be to prefix the command with a space. This prevents most shells from saving it the user's history:
$ [space]bitcoind command args...It'll still show up in the process list, though.
-
enmaku commented at 5:53 PM on October 3, 2011: contributor
Right now I'm doing this in Python:
from jsonrpc import ServiceProxy access = ServiceProxy("http://127.0.0.1:8332") pwd = raw_input("Enter wallet passphrase: ") access.walletpassphrase(pwd, 60)
So all that shows up in my buffer is "walletunlock.py" but it should be possible to simply run "bitcoind walletpassphrase" and have it prompt you to enter the passphrase rather than demand it as a command line argument.
On Mon, Oct 3, 2011 at 10:49 AM, Nils Schneider < reply@reply.github.com>wrote:
One simple solution would be to prefix the command with a space. This prevents most shells from saving it the user's history:
$ [space]bitcoind command args...It'll still show up in the process list, though.
Reply to this email directly or view it on GitHub: #548 (comment)
-
TheBlueMatt commented at 8:14 PM on October 3, 2011: member
This was brought up before wallet encryption was merged and the decision was that this falls well outside of the scope of wallet encryption but falls more in the scope of making the rpc client more of a shell instead of calling individual commands.
-
gavinandresen commented at 8:50 PM on October 3, 2011: contributor
walletunlock.py would be a nifty addition to the contrib/ directory. Can you turn it into a pull request?
-
-
alexwaters commented at 11:30 PM on October 3, 2011: contributor
Nice! Closing this issue to consolidate on the above mentioned pull request.
- alexwaters closed this on Oct 3, 2011
- ptschip referenced this in commit d49f49d485 on May 12, 2017
- kallewoof referenced this in commit c1c4757937 on Oct 4, 2019
- Losangelosgenetics referenced this in commit 22dc49d957 on Mar 12, 2020
- MarcoFalke locked this on Sep 8, 2021
