Skip to content

Enhancement: Mnemonic seeds and keys are not handled securely  #54

New issue
New issue
Open
Open
Enhancement: Mnemonic seeds and keys are not handled securely #54
Assignees
who-biz
Labels
enhancementNew feature or requestfast-trackEnhancements that need treated as important, just behind bugs in priority.under investigation
@who-biz

Description

@who-biz
who-biz
opened on May 16, 2019

Since our mnemonic seed is a representation of the private spendkey, we should take better care to ensure that it is not trivially read from some plain-text source. This issue was raised by a member of our Telegram chat.

We should be using some secure storage mechanism (like that which libhydrogen provides for stored representations of passwords, for example) to protect users from phishing attacks.

We should also avoid displaying the key as a default behavior. Giving users a choice to display key, or even using something like GPGme to securely store the key in a file, or something, would probably be better.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestfast-trackEnhancements that need treated as important, just behind bugs in priority.under investigation

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions