Hello guys, so with the V1.2.10 Chia Release, Chia implemented the additional Passphrase. I already selected my 24 Words in the following Format: Example: "Computer,Apple,Pineapple,…" I put in those 24 words and hit save. After i opened up Chia on my 2nd Computer i was asked to select a new Passphrase again. So now my Question:
- What is this new Passphrase for? Is it only for the Local Computer or really a additional security for my Key over the Blockchain? - Why did i need to select and save the Passphrase again on my 2nd Computer, even though i already selected the additional Passphrase on my Full Node?
Okay, so it makes sense to me, thats why i had to select those Passphrases on 2 different machines.
Im still slightly more concerned that someone just get my 24 words for the mnemonic key, than someone would hack into my computer and get my keys.
Dont get me wrong, every type of additional protection is good, but i would love to see an update where i can additionally protect my 24 words from my mnemonic =)
From what people reported, once you enter that password, and let Chia run, you can access everything (mnemonics included) as before, either from CLI or from UI. If that is correct, then this password is mainly a pain in the behind that doesn’t solve anything, but put the checkmark ‘done’ behind this ticket.
When this issue was brought up few months ago (when people started to get hacked), everyone was pointing to how other decent software work - you can do whatever is available while the software is up, but when you want to access your private profile, you need to provide that password each and every time. If that password is not implemented like that, there is really no point of having it.
The second request for the password was that in case you want to make a transaction, you will need to supply your password each time you do that. This should basically stop most of the malware that got your mnemonics from emptying your wallet. Although, due to blockchain design, it may be difficult to do (still worth it, IMO).
hmm ok well that’s not very helpful then need to look into this. haven’t upgraded myself actually.
Agreed that it should be like you describe, password needed to open the app and view private info, password needed again to make transactions. Actual data stored encrypted until password unlocks it.
What it also means that the password cannot be local. If it is local, but I have your mnemonics (as it currently can be done), then I just add your mnemonics to my installation, add a new local password, and voila, I am in control.
That’s exactly what I mean right there.
Makes no sense to me.
The whole key should be secured by an own selected phrase of words to make transactions or even add the mnemonic to another machine.
"We have some great improvements in this release: We launched our migration of keys to a common encrypted keyring.yaml file, and we secure this with an optional passphrase in both GUI and CLI. We’ve added a passphrase hint in case you forget your passphrase. "
need to look into this. haven’t upgraded myself actually.