Browser-laptop: private wallet data in ledger state files should be encrypted using password manager

Created on 29 Aug 2017  ·  15Comments  ·  Source: brave/browser-laptop

The wallet private key and passphrase are as sensitive as most passwords, so we should use the Brave password manager encryption key to encrypt them before saving to disk.

related: https://github.com/brave/browser-laptop/issues/8449

cc @darkdh @mrose17

featurrewards open-in-brave-core security
Source
picture diracdeltas
👍1

All 15 comments

@diracdeltas how would you rank this re: security? high/med/low?

alexwykoff picture alexwykoff on 12 Sep 2017

med

diracdeltas picture diracdeltas on 12 Sep 2017

Related #11419

hugobuddel picture hugobuddel on 11 Oct 2017

this shouldn't have been closed by the muon PR, it still needs to use the new api calls

bridiver picture bridiver on 29 Dec 2017

+1 Hi @alexwykoff I'd argue this is bordering on high on a med-high scale on the basis that it would better to have this fixed now when you don't have other important items and technologies built and avoiding complaints which won't be much considering a low user base coherently.

I'd also argue that it's best to also to have items encrypted as well in that preference area, where it would be nice to allow a feature in about:preferences#security where it would be appropriate to have a ‘PIN’ feature above ‘Data Privacy’ and under this you allow Security - Payments - Extensions (and future security orientated features/technologies) essentially making it invisible to guests and un-entered pin users (if that makes sense) once the password (pin) has been set for the browser.

Rather than having to type the entire post I created in the community, would you mind skimming though the information I pasted and either +1 or tell me why it's not doable or unnecessary, which I hope you won't say and request to change the title of this issue to a more suitable one. Thanks.

NumDeP picture NumDeP on 30 Dec 2017
1

Priority has increased a lot lol. Beware of spectre peeking in through a malicious piece of javascript.

tanevanwifferen picture tanevanwifferen on 5 Jan 2018

i think the priority has gone up from 'medium' to 'high' given the growth in ledger usage and the amount of value stored in Brave wallets. setting a milestone to 0.21.x for now, but maybe worth bumping to 0.20.x @darkdh @bsclifton wdyt?

diracdeltas picture diracdeltas on 12 Jan 2018
👍1

I think 0.21.x would be perfect 👍

bsclifton picture bsclifton on 15 Jan 2018

@diracdeltas @darkdh do we plan do this before 1.0?

NejcZdovc picture NejcZdovc on 6 Apr 2018

probably wait to just do this in chromium-fork

diracdeltas picture diracdeltas on 9 Apr 2018

^ unless @darkdh has cycles to do this before then

diracdeltas picture diracdeltas on 9 Apr 2018

prefer doing that in chromium-fork, thanks.

darkdh picture darkdh on 9 Apr 2018

added label post-v1

NejcZdovc picture NejcZdovc on 10 Apr 2018
😕1

@bsclifton was this ticket migrated to brave-browser? If not it needs to be.

bridiver picture bridiver on 13 Dec 2018
👍1

Created https://github.com/brave/brave-browser/issues/2555 to track in brave-core 😄 👍

bsclifton picture bsclifton on 13 Dec 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jkup picture jkup  ·  3Comments
bsclifton picture bsclifton  ·  3Comments
eljuno picture eljuno  ·  3Comments
luixxiul picture luixxiul  ·  3Comments
octohedron picture octohedron  ·  3Comments