Proposal: Remove seed and password from full node config

[realhagie]

for security reasons I would propose to remove the seed and the password from the config file.

If there is a zero day exploit in java / waves an attacker could get access to the wave daemon / waves user. as waves user he get access to the wallet, the seed and the password via the config.file

From my understanding the wallet is created using the seed. the Seed may be used to recover the wallet but with a wallet in place there is no need to have the seed anymore.

The process of encrypting and unlocking the wallet should be moved to runtime which could be triggered by a new action "/wallet/encrypt" and "/wallet/unlock" similar to well known qt-wallets. The encrypted wallet could remain in memory.

If the seed is needed for address generation it could also be stored in the encrypted wallet.

seed and password in cleartext in a (on default install) world readable file should be avoided.

regards

[qtipwax]

Ran across this in other cryptos. A temporary solution is to delete the seed and password from the config file after the node is running. Of course if for some reason the node is stopped, the seed and password has to be added to the config file before starting.

[username1565]

Hello!
As you can see here, in the configuration file for node, in the section wallet, can be specified the following parameters:

1. Pathway for the file wallet.dat with encrypted seed for address of the node.
2. password to encrypt the seed.
3. Seed, as base58 encoded string.
   You can encode mnemonic passphrase from your address -> to base58 encoded seed <- from text, using some base58 converter.

So, while base58 seed and password there is specified in your node.conf,
your wallet.dat can be restored from this data, even if this file will be damaged or corrupted.
But, if you afraid that someone can copy this data on VPS, from your node.conf,
and then access to your node address,
you can just, yourself, comment or delete this strings:
password and base58 seed, but after the creation the file wallet.dat (after first running).

In this case, you need to enter password manually, for each running of the WAVES FULL NODE, because wallet.dat, contains ENCRYPTED by PASSWORD, seed,
or priv from the main address, and addresses, on the node.
Be careful with keyboard layout, and consecutive of symbols,
because nothing no display, while you entering that password.
This action is your "/wallet/unlock", after each running the node.

And according this definition private key or seed must be in memory, for working node,
to validate transaction, and generate new blocks, and sign this.

Also, addresses on the node, you can see here http://127.0.0.1:6869/addresses
and you can generate this addresses, or delete this, after you running you node.
http://127.0.0.1:6869/api-docs/index.html

[viraladmin]

This is an old request, but there isn't really any suggestions on how to secure this, Pretty much its just start the node and then delete sensitive information... which obviously means needing the wallet data every time you want to restart... not an optimal solution.

I would propose a change in the way that mining works. My suggestion is something like this:

A node that generates its own wallet address and private key that is stored in memory but not shared with the node owner.

A node owner adds their private wallet address (a unique address not attached to their node) to their config file.

A new transaction type (mining_transaction) that has a zero send fee.

Upon a successful rolled block, the node automatically sends the transaction to the node owners private wallet using the new transaction type 0 thus no added fees.

In this case if anyone ever hacked the node server or if some hosting employee decides its time to steel crypto and quit their job there is nothing in the node config - just a single address with no keys, passwords, or details.

Just an idea that I hope might add some ideas behind this very old suggestion.