Suggestion: Hide All Private Info should use a Password Field #685
Comments
|
Man, I understand.. but the premise is wrong. It is easier for a malicious
software to have to access to the clipboard and steal your password in this
moment you copy than to read the screen. The recommendation would be to do
this totally offline and erase everything after copying.
…On Sat, Nov 23, 2024, 2:41 PM Tom Wieland ***@***.***> wrote:
Hi. This is a very valuable tool for offline seed generation for
air-gapped devices, however I think the "Hide all private info" serves no
practical purpose and it can be improved upon.
My security requirements require me to generate, save and retrieve both
the seed and private key information without exposing it as clear text.
For this purpose, I think all generate private information should use
Password Fields instead of Plain Text Fields. There should be a Copy button
to the right of each password field for copying the value to the clipboard.
Users can then copy the generate values, paste it in a password manager
(like keepass), copy it from there (again without revealing the value) and
paste it into the wallet app. This closes the loop and ensures no private
information can ever be viewed (or, say, recorded) by onlookers or hacked
devices or the like.
—
Reply to this email directly, view it on GitHub
<#685>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAVGNSTNEUOGEJVKNK7HF32CC42XAVCNFSM6AAAAABSLJK5RGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGY4DMMZUGEZTKNI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
Well, there is a reason that password managers do not reveal the password and instead show dots. It's the same for Cloud Environments with Environment Variables, Secrets and API keys. Since "Hide Private Info" hides the complete input field, it makes it unusable. By offering a password field with a copy button (like a password manager), it becomes very usable while keeping the private information a secret :) |
|
I made my own program. It satisfies my needs but only implements 24 word seed phrase and private key https://github.com/Industrial/crypto |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi. This is a very valuable tool for offline seed generation for air-gapped devices, however I think the "Hide all private info" serves no practical purpose and it can be improved upon.
My security requirements require me to generate, save and retrieve both the seed and private key information without exposing it as clear text.
For this purpose, I think all generate private information should use Password Fields instead of Plain Text Fields. There should be a Copy button to the right of each password field for copying the value to the clipboard.
Users can then copy the generate values, paste it in a password manager (like keepass), copy it from there (again without revealing the value) and paste it into the wallet app. This closes the loop and ensures no private information can ever be viewed (or, say, recorded) by onlookers or hacked devices or the like.
The text was updated successfully, but these errors were encountered: