[bisq-network/bisq] When wallet password is enabled private keys are still accessible and BSQ / BTC funds can be sent without the need to enter password (#5276)

sqrrm notifications at github.com
Mon Apr 5 10:37:07 CEST 2021


I don't think there has been any public discussions on this. There are different threat models at work here. One is the simple case where someone with access to an unlocked UI can send funds, that can easily be managed by requiring a password before funds are sent. This is the main case described in this issue.

The other is the handling of keys in memory and what keys need to be available to handle trades. We could improve here but it's tricky since some keys need to be available for open offers and trades while others would not be needed. This is what I was thinking about but you're right that handling the first case is important and quite easy to do.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/issues/5276#issuecomment-813275949
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20210405/ecc3721f/attachment.htm>


More information about the bisq-github mailing list