Have bitcoind recommend a secure RPC password. Increase invalid password delay. #799

pull gmaxwell wants to merge 1 commits into bitcoin:master from gmaxwell:rpcpassword changing 1 files +16 −7
  1. gmaxwell commented at 8:07 AM on February 5, 2012: contributor

    Help users avoid insecure configurations a bit by recommending a secure RPC password and increasing the incorrect password delay.

    This may open up a RPC DOS for users with exposed RPC ports and short passwords. Since users shouldn't have exposed RPC ports OR short passwords, the DOS risk is preferable to the compromise risk.

    Also logs the client IP address for incorrect attempts.

    With this patch running bitcoind when there is no configuration file now results in: [gmaxwell@helmholtz src]$ ./bitcoind Error: To use bitcoind, you must set a rpcpassword in the configuration file: /home/gmaxwell/.bitcoin/bitcoin.conf It is recommended you use the following random password: rpcuser=bitcoinrpc rpcpassword=HXt6c9zmw6jqW4jvh3pcHTGb7owrmNLUtaSVGvoT2Sho (you do not need to remember this password) If the file does not exist, create it with owner-readable-only file permissions.

    Previously it just advised rpcpassword= which probably gets filled in with insecure normal password like values.

    I think ideally bitcoin would just autocreate the file with a random authentication string like this— but I thought this change was more minimal. Thoughts?

  2. Have bitcoind recommend a secure RPC password. Increase invalid password delay.
    Help users avoid insecure configurations a bit by recommending a
secure RPC password and increasing the incorrect password delay.

This may open up a RPC DOS for users with exposed RPC ports and
short passwords. Since users shouldn't have exposed RPC ports OR
short passwords, the DOS risk is preferable to the compromise
risk.

Also logs the client IP address for incorrect attempts.
    b04f301c8e
  3. laanwj commented at 8:42 AM on February 5, 2012: member

    Good idea

  4. luke-jr commented at 2:56 PM on February 6, 2012: member

    Code looks good to me

  5. gavinandresen merged this on Feb 6, 2012
  6. gavinandresen closed this on Feb 6, 2012
  7. mcorlett commented at 12:52 PM on February 7, 2012: none

    Won't entropy turn out to be a problem?

  8. destenson referenced this in commit 16671cdf9a on Jun 26, 2016
  9. ptschip referenced this in commit 7e370f3283 on Oct 20, 2017
  10. Losangelosgenetics referenced this in commit 2bb3e662f1 on Mar 12, 2020
  11. Losangelosgenetics referenced this in commit d056d746b6 on Mar 12, 2020
  12. Losangelosgenetics referenced this in commit 05c9a69183 on Mar 12, 2020
  13. Losangelosgenetics referenced this in commit 6292db9ae8 on Mar 12, 2020
  14. Losangelosgenetics referenced this in commit d2451c061c on Mar 12, 2020
  15. Losangelosgenetics referenced this in commit 4d6514d988 on Mar 12, 2020
  16. sipa referenced this in commit b9c1a76481 on Sep 11, 2020
  17. DrahtBot locked this on Sep 8, 2021
Contributors
gmaxwelllaanwjluke-jrmcorlett
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-18 21:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me