Replying to Avatar waxwing

I agree that an unencrypted wallet is a defensible *option* - e.g. Electrum iirc allow you to not set a password (many wallet don't allow it). But I can't see a rational reason to just not offer the option? It's not like the user is warned that their mnemonic is sitting in plaintext on disk.
Avatar
waxwing 3d ago

Also, on reflection, I don't really agree with the characterization "only defends against a narrow set of attacks". To me, it's a broad and significant set of attacks that are defended against with encryption at rest: the most likely way to get your secrets stolen is for someone to get access to your physical hardware (stolen laptop; evil maid attack), or perhaps getting access to backups of your filesystem. True that someone actually taking control remotely is a big risk too, especially on Windows, but that is such a catastrophic failure mode that nothing matters .. not a good excuse to have zero defences imo - people regularly assume some level of security at least on MacOS and Linux and they should be able to, I think. A desktop is not a phone.

Anyway all arguable I guess. But not giving the option or any warning - I don't see a justification of it, really.

Reply to this note

Please Login to reply.

Discussion

Avatar
Leo Wandersleb 3d ago 💬 1

Arguably an evil maid knows your keys and at rest, the full disk should be encrypted, not only some mnemonic. The FAQ would be a good place to describe the threat models.

Avatar
/dev/fd0 3d ago

It's not too difficult to provide an option for encrypted mnemonic.

Avatar
pythcoiner 3d ago

PR are welcome

Avatar
Édouard 3d ago

The justification: we implemented it to have a quick test wallet creation and revovery. And since we kept it as legacy option. Should we remove it completly ? Add password or yubikey decryption ? We work on so many things in parallele...

Avatar
waxwing 2d ago

Right, understood. I think it's enough to just document the choice, though personally I think desktop wallets should always have an encryption option, I do understand that Liana is principally targeting HW signing, right.