Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wallet doesn't zero private keys. #294

Open
kayabaNerve opened this issue Mar 14, 2021 · 0 comments
Open

Wallet doesn't zero private keys. #294

kayabaNerve opened this issue Mar 14, 2021 · 0 comments
Labels
feature New feature or request

Comments

@kayabaNerve
Copy link
Member

I experimented a bit with this while working with the Wallet RPC; we can clear the HD Wallets, the HTTP request, and have the RPC route take in a password which is then by passed by pointer, cleared when it unlocks the wallet. The problem is the password remains in the parsed JSON.

I'm creating an issue instead of fixing this as part of the new RPC as I'm not sure how to handle this comprehensively thanks to the JSON, as well as due to the annoyances involved with it. We may end up with a security model of "the password is there to stop disk theft; not memory theft, though it may help with that". Even if we adopt such a policy, we should still zero when possible (as it would help somewhat, if not most of the way).
@kayabaNerve kayabaNerve added the feature New feature or request label Mar 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New feature or request
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kayabaNerve