Enhancement: Mnemonic seeds and keys are not handled securely #54
Assignees
Labels
enhancement
New feature or request
fast-track
Enhancements that need treated as important, just behind bugs in priority.
under investigation
Comments
who-biz
changed the title
who-biz
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since our mnemonic seed is a representation of the private spendkey, we should take better care to ensure that it is not trivially read from some plain-text source. This issue was raised by a member of our Telegram chat.
We should be using some secure storage mechanism (like that which libhydrogen provides for stored representations of passwords, for example) to protect users from phishing attacks.
We should also avoid displaying the key as a default behavior. Giving users a choice to display key, or even using something like GPGme to securely store the key in a file, or something, would probably be better.
The text was updated successfully, but these errors were encountered: