Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] keystore.db protection #206

Open
EdiWang opened this issue Nov 29, 2019 · 1 comment
Open

[Security] keystore.db protection #206

EdiWang opened this issue Nov 29, 2019 · 1 comment

Comments

@EdiWang
Copy link

EdiWang commented Nov 29, 2019

keystore.db is not well protected. It can be copied to another computer and opened with OWallet without any authentication.

For example, A wants to steal B's wallet, just copy keystore.db from B's computer to A, and B's wallet will show up in A's OWallet application.

Recommend Fix:
Encrypt keystore.db with a specific key generated by each computer's signature. Make sure it can only be read on the very computer who created it.
@MickWang
Copy link
Collaborator

MickWang commented Jul 8, 2020

We designed it for users' convenience. And B can not access A's wallet if B does not have the passwords.
We will consider to increase protection for OWallet in the future. Thanks for your issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EdiWang @MickWang