-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: lock application #72
Comments
Came here to ask for this. I've setup feather to lock itself after some minutes (File -> Settings -> Privacy -> Lock wallet on inactivity of X minutes), but I'd like to request a new feature with the ability to lock feather immediately, ideally with a hotkey like Ctrl+L. Also, I don't know if this is already the case, but it would be ideal if the wallet could continue to sync with the blockchain in the background while locked -- it just wouldn't display anything in the UI (of course not allow sending funds) without the password being entered. |
this...
...and this...
...are antithetical. a "fake locking" (blanking the UI) would leave keys in the memory and thus your privacy and funds at risk of being taken by an intruder, which is exactly why you would want to have a lock function. scanning the blockchain for transactions that concern your wallet is very quick, you won't have to wait for too long at startup if your wallet is not open all the time. this is especially true if you run a full node locally. |
Some folks need to use Tor and have ISPs that routinely spike to ~30% packet loss several times per hour, so unfortunately it's not so quick for some users.
That's fair, and I'm grateful for the attention to this. Can you please just update the UI to make it clear that sync has stopped when it's locked? I wasn't sure if I had to unlock it to continue the sync or not. Just a note on the "lock screen" saying that "sync is currently stopped while locked" would be fine. |
Immediate locking (Ctrl+L) is implemented in: e5a61c6 Note: Synchronization continues in the background. Feather can't currently protect against an attacker dumping process memory to extract private keys or wallet passwords. I'm interested in supporting this threat model, but I need a better understanding of Qt's memory model to determine if this is feasible. |
@tobtoht does this mean that when Feather currently auto-locks, private keys and the wallet password can similarly be dumped from the memory? also, why is the password stored in the memory? |
Yes.
It's cached in After analyzing VM memory dumps, I can only find secret key material where it is expected. It looks like Qt isn't spraying sensitive information all over the place, which is good. Here is what needs to happen to move towards better security against memory attacks:
Note: all of the above can only protect against an attacker learning your secret spend key from a memory dump. It can still be used to learn your secret view key, transaction metadata, contacts, etc. It will also not protect against an attacker that has access to your machine without you knowing it. If you enter your password after the system is compromised, they will obviously be able to learn the secret spend key. Related ideas:
Trade-offs:
* with monero-project/monero/pull/8619 I don't see any real downsides to encrypting the spendkey on lock, so this should become the default behavior after these changes are implemented. I would like to point out that a generic solution exists for the snatch-and-run attack scenario that these measures help protect against: https://www.buskill.in. Its author happens to participate in this thread ;) |
:) Ah, distinct spend and view keys allows sync while locked. I <3 Monero! Since it seems that sync is not blocked with lock, can we also make that clear to the user in the UI? Can we have a message on the lockscreen that says "wallet is locked. sync is ongoing." or something? |
Small comment: in monero-project/monero#8619, I simply wipe the spend key from memory when the wallet locks instead of encrypting it, and then when the user inputs their password to unlock the wallet, it'll re-read the encrypted key from disk and decrypt it.
|
please provide a way to lock the wallet (without having to close the wallet, that is).
The text was updated successfully, but these errors were encountered: