Author Topic: client opened without password  (Read 1994 times)

0 Members and 1 Guest are viewing this topic.

Offline Riverhead

The client is is supposed to be at the lock screen until a password is put in, much like booting your computer when "require password to login" is set.


The issue of this thread is a bug and I suspect we'll not see this behavior in future versions.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
as stated so often ... this is cutting edge tech ..

anyway .. the backend .. (behind the gui) has a pretty clear sparation of LOCKED and UNLOCKED

if LOCKED you can see the account names, transactions, maket oders etc ... but cannot access funds (or rescan for incoming funds)
if UNLOCKED you can refresh balances and access funds ..

maybe the devs can consider an encrypted wallet ... such that you need a read-only password AND ADDITIONALLY an access-funds password

Offline davidpbrown

It's either meant to do one approach or the other. If it's BTC like and open until action, then do that; otherwise ensure that client is locked and doesn't just appear to be most of the time. I don't mind either approach, although I think there's advantage having confirmation of password at the moment of action rather than having it open and with risk for a preferred amount of time. If it's open and available to action, then the user needs to use other screenlocks to secure the client's capability, which perhaps is odd.
฿://1CBxm54Ah5hiYxiUtD7JGYRXykT5Z6ZuMc

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Quote
It's funny what we get used to. Every other crypto wallet out there displays everything and only requires a password when you want to do a transaction. BitSharesX brought us a lock screen and now we can't live without it :D.

What does the lock serves? please explain.

Quote
once you can open the GUI and read the wallet file .. the guys also can see you account names and balances (as fas as syned)

That is an issue of securing the computer from third parties ... and a tradeoff between usablility and security ...
You (synced) transactions can be read without private keys .. spending will not work though

You mean that someone else can see what I am doing? no privacy? and if someone has the abilities and see that i have huge amounts can just hack my pc and get my balances?

IF someone has PYHSICAL access to your computer he can see your wallet / transactions and balance (at least up to the time you last unlocked the wallet)
The privkeys are locked with encryption ..

that is EXACTLY the same with all other crypto currencies where users have physical access to you computer and can simply copy the wallet.dat file ..
the btc address in there are also NOT encrypted .. just the priv keys ..

so: make sure that you use your computer alone ... if you are concerned about privacy

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
Quote
It's funny what we get used to. Every other crypto wallet out there displays everything and only requires a password when you want to do a transaction. BitSharesX brought us a lock screen and now we can't live without it :D.

What does the lock serves? please explain.

Quote
once you can open the GUI and read the wallet file .. the guys also can see you account names and balances (as fas as syned)

That is an issue of securing the computer from third parties ... and a tradeoff between usablility and security ...
You (synced) transactions can be read without private keys .. spending will not work though

You mean that someone else can see what I am doing? no privacy? and if someone has the abilities and see that i have huge amounts can just hack my pc and get my balances?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
once you can open the GUI and read the wallet file .. the guys also can see you account names and balances (as fas as syned)

That is an issue of securing the computer from third parties ... and a tradeoff between usablility and security ...
You (synced) transactions can be read without private keys .. spending will not work though

Offline Riverhead

It's funny what we get used to. Every other crypto wallet out there displays everything and only requires a password when you want to do a transaction. BitSharesX brought us a lock screen and now we can't live without it :D.


Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
same with me (I can't imagine we could ever to manage to sent funds :P)
but annoying of course...


PS +some third partys could see our account names !!!
      Privacy issue and so maybe undirect a security issue   :-\
« Last Edit: August 26, 2014, 11:49:05 am by liondani »

Offline davidpbrown

I had that in the previous version too but if you try to do anything it does jump to the unlock screen. Still it shouldn't happen, as there might be detail visible that properly should be locked from view.
฿://1CBxm54Ah5hiYxiUtD7JGYRXykT5Z6ZuMc

Offline Riverhead

I had the same experience. When I first installed 0.4.8-a it would open to my screen like I was logged in but I had put a password in yet. Since it needs our password to decrypt the private key to sign transactions I suspect it was more of a visual bug than a serious security flaw. Still, was confusing.

Offline vegolino

  • Sr. Member
  • ****
  • Posts: 450
  • Reality is Information
    • View Profile
After downloading 0.4.8-a my client opened without asking for password and started downloading blockchain. After a while it just turned itself off and screen appeared where I need to put in a password. I inputed a password and it opened back and finish downloading blockchain.
It is all fine now, but I thought to mention it.