Discussion protecting voting with a pin/passphrase

desrever 2015-02-21 21:17:34 UTC #1

I believe that shareholders should have a way to prevent submitting votes (and subscribing to feeds) if someone gain access to the machine where the client is hosted, physically or virtually. There is no such thing to date tdbomk .

Is there someone else that wishes to see an “unlock wallet for voting” feature?

creon 2015-02-21 21:21:33 UTC #2

I was also wondering why there is no need to unlock the wallet when calling setvote or setdatafeed. I think right now malware could easily change the voting of a client.

There is absolutely no problem in implementing this. Just write it in the string table of the wallet.dat and its as safe as private keys. Every change (but only a change) of the datafeed URL or the current voting will require a temporary full unlock of the wallet.

JordanLee 2015-02-21 21:44:06 UTC #3

Right now you can’t vote without the wallet passphrase. While it is true that you can configure the vote without the wallet passphrase, minting requires it. So you can’t push your vote to the blockchain without entering the passphrase.

We can consider requiring the passphrase every time data feeds are changed or perhaps even when manual vote configuration occurs, although it is not clear users would prefer that. I would like some feedback on the question of whether the added hassle is worth the additional security.

I would like to increase security by porting the ability to enter the passphrase in an on screen keyboard not visible to the OS, like what is currently in Peerunity.

creon 2015-02-21 21:57:51 UTC #4

If malware / a person with access to the computer changes the voting in a wallet that is unlocked for staking only then the wallet will push those votes to the blockchain without “entering the passphrase”. In my opinion it is sensible data and should be secured. The possible consequences of a virus that can be triggered from a central point to collectively change the voting of running Nu stakers are devastating.

EDIT: I should say that this is not an immediate issue since the general interest of hacker groups in the Nu network is small. But in long-term these things will be very important.

Cybnate 2015-02-22 00:26:43 UTC #5

I don’t think it is worth to implement immediate changes and worth the users’ hassle. As @creon already said, the general interest in Nu is relatively small. A wallet notification (and logging) that a datafeed changed might be adequate.

That would be good to have as just another protection against keylogging and relatively simple as the code is already available.