OWallet icon indicating copy to clipboard operation
OWallet copied to clipboard

Published 20 hours ago verified publisher icon ontio

[Security] keystore.db protection

Open EdiWang opened this issue 5 years ago • 1 comments

keystore.db is not well protected. It can be copied to another computer and opened with OWallet without any authentication.

For example, A wants to steal B's wallet, just copy keystore.db from B's computer to A, and B's wallet will show up in A's OWallet application.

Recommend Fix: Encrypt keystore.db with a specific key generated by each computer's signature. Make sure it can only be read on the very computer who created it.

EdiWang avatar Nov 29 '19 13:11 EdiWang

We designed it for users' convenience. And B can not access A's wallet if B does not have the passwords. We will consider to increase protection for OWallet in the future. Thanks for your issue.

MickWang avatar Jul 08 '20 11:07 MickWang