Have bitcoind recommend a secure RPC password. Increase invalid password delay. #798

pull gmaxwell wants to merge 1 commits into bitcoin:master from gmaxwell:advertise-fixes changing 1 files +15 −6
  1. gmaxwell commented at 7:47 AM on February 5, 2012: contributor

    Help users avoid insecure configurations a bit by recommending a secure RPC password and increasing the incorrect password delay.

    This may open up a RPC DOS for users with exposed RPC ports and short passwords. Since users shouldn't have exposed RPC ports OR short passwords, the DOS risk is preferable to the compromise risk.

    Also logs the client IP address for incorrect attempts.

    With this patch running bitcoind when there is no configuration file now results in: [gmaxwell@helmholtz src]$ ./bitcoind Error: To use bitcoind, you must set a rpcpassword in the configuration file: /home/gmaxwell/.bitcoin/bitcoin.conf It is recommended you use the following random password: rpcuser=bitcoinrpc rpcpassword=HXt6c9zmw6jqW4jvh3pcHTGb7owrmNLUtaSVGvoT2Sho (you do not need to remember this password) If the file does not exist, create it with owner-readable-only file permissions.

    Previously it just advised rpcpassword=<password> which probably gets filled in with insecure normal password like values.

    I think ideally bitcoin would just autocreate the file with a random authentication string like this— but I thought this change was more minimal. Thoughts?

  2. Have bitcoind recommend a secure RPC password. Increase invalid password delay.
    Help users avoid insecure configurations a bit by recommending a
secure RPC password and increasing the incorrect password delay.

This may open up a RPC DOS for users with exposed RPC ports and
short passwords. Since users shouldn't have exposed RPC ports OR
short passwords, the DOS risk is preferable to the compromise
risk.

Also logs the client IP address for incorrect attempts.
    9d33dc71cf
  3. gmaxwell closed this on Feb 5, 2012
  4. gmaxwell commented at 8:05 AM on February 5, 2012: contributor

    I fail at github, opening from the right branch.

  5. destenson referenced this in commit 773744ed16 on Jun 26, 2016
  6. ptschip referenced this in commit 7672e727cb on Oct 13, 2017
  7. Losangelosgenetics referenced this in commit c13a8035c2 on Mar 12, 2020
  8. Losangelosgenetics referenced this in commit b32369cb03 on Mar 12, 2020
  9. Losangelosgenetics referenced this in commit 294902a401 on Mar 12, 2020
  10. sipa referenced this in commit 5d5bef0862 on Aug 28, 2020
  11. sipa referenced this in commit 62da1445ac on Sep 4, 2020
  12. sipa referenced this in commit f0c6824af2 on Sep 5, 2020
  13. sipa referenced this in commit b9c1a76481 on Sep 11, 2020
  14. DrahtBot locked this on Sep 8, 2021
Contributors
gmaxwell
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-18 21:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me