How will Keyhotee guard the usage of private key for ID?

[HackFisher]

Is the password some fixed password using md5 stored on disk like Linux OS, or some Encrypt Interface could be customized by users?

I think it may be possible to add 2-factor auth if there is such encrypt interface, ex. using SMS or Google Authenticator. I still have no idea whether it is meaningless to do this.

For the bottom line and OS level, I know there are a lot of software with root/administrator authority to the OS, can hook to api call, and capture datas, including some anti-virus softwares. I don't whether we could to do something to avoid this?

Keyhotee asks you for your password when you start the program and will keep your private key in memory only.  On disk it is always encrypted.

In order to process incoming messages your private key needs to be 'live' at all times.  There is no way around that. 

With the wallet system you only need your private key for sending money.

Bottom line, you are relying on the physical security of your computer and OS while Keyhotee is open.    Any bright ideas on how to improve that?

[bytemaster]

Keyhotee asks you for your password when you start the program and will keep your private key in memory only.  On disk it is always encrypted.

In order to process incoming messages your private key needs to be 'live' at all times.  There is no way around that. 

With the wallet system you only need your private key for sending money.

Bottom line, you are relying on the physical security of your computer and OS while Keyhotee is open.    Any bright ideas on how to improve that?

[HackFisher]

As I understood, there is a private key related to Keyhotee ID, do I need to retrieve the private key each time I do an operation with Keyhotee?
Encryption of private key means need to provide the password each time of a operation/session, that reduce the easy of use, but if not, The risk could be very high if we must access private key very often, do Keyhotee have any good solution to this?

Besides, need to access private often means it is impossible to store the private key offline(cold storage), which is different with the case of Bitcoin, bitcoin  need private key only when you decide to start a transaction,  this is not very often.

And Bitcoin can easily tranfer coins in one wallet to another, but Keyhotee seems not easy to transfer the reputation and honer of one ID to another.

What should I do if my private key has potential risk to leak?

Here is a link from Chinese Forum asking the same question, refer:

keyhotee 发布在即，我有一个疑问。
就是keyhotee ID的私钥是否能够冷存储，而不影响每次的登录认证。

因为我始终担心私钥存储在联网的电脑上所面临的安全威胁。
私钥一旦泄漏，除了删除ID没有别的选择。而在连线电脑上，被木马入侵很难彻底杜绝。
不知道即将发布的keyhotee系统是否考虑了这个问题并给出了对策。