Browse Source
Document that wallet encryption is disabled
pull/4/head
Jack Grigg
8 years ago
No known key found for this signature in database
GPG Key ID: 6A6914DAFBEA00DA
1 changed files with
19 additions and
0 deletions
-
doc/security-warnings.md
|
|
@ -14,6 +14,25 @@ make proving keys generated on 64-bit systems unusable on 32-bit and big-endian |
|
|
|
systems. It's unclear if a warning will be issued in this case, or if the |
|
|
|
proving system will be silently compromised. |
|
|
|
|
|
|
|
Wallet Encryption |
|
|
|
----------------- |
|
|
|
|
|
|
|
Wallet encryption is disabled, for several reasons: |
|
|
|
|
|
|
|
- Encrypted wallets are unable to correctly detect shielded spends (due to the |
|
|
|
nature of unlinkability of JoinSplits) and will incorrectly show much larger |
|
|
|
available shielded balances until the next time the wallet is unlocked. |
|
|
|
|
|
|
|
- While encrypted wallets prevent spending of funds, they do not maintain the |
|
|
|
shielding properties of JoinSplits (due to the need to detect spends). That |
|
|
|
is, someone with access to an encrypted wallet.dat has full visibility of |
|
|
|
your entire transaction graph (other than newly-detected spends, which suffer |
|
|
|
from the earlier issue). |
|
|
|
|
|
|
|
You should use full-disk encryption (or encryption of your home directory) to |
|
|
|
protect your wallet at rest, and should assume (even unprivileged) users who are |
|
|
|
runnng on your OS can read your wallet.dat file. |
|
|
|
|
|
|
|
Side-Channel Attacks |
|
|
|
-------------------- |
|
|
|
|
|
|
|