Email Private key about burner-wallet HOT 5 OPEN

Dibs on this issue.

I am going to focus on the functionality over styling until we get some more concrete designs.

from burner-wallet.

I think this is one which is worth having a security/convenience tradeoff discussion before going ahead with.

Even password protected keyfiles are not what I'd consider "secure". They are brute forceable, and only as good as a great password. Relevant SO question

Please bear in mind that the 14 years and other results are all theoretical. The real lesson learned: The KDF is negligible if you want to know the real security of your wallet. If you pick a password like "1234" while lower/uppercase, numbers and special chars are allowed neither the KDF nor the AES will help you and your wallet cannot be considered secure

I think the process of exporting the private key should come with some friction and some education about what it means to secure such a thing. The Burner Wallet is very far towards convenience on the security/convenience spectrum, which is awesome. However once the person decides to export the private key, they should be entering a much more secure, responsible world.

One idea on how to facilitate this is to provide the person with the seed phrase, instructing them to either transcribe directly into their other wallet application, or to write it down on paper. I really do think we should have some messaging/education here as well, warning them of the perils of properly securing a private key. This will require some design thought.

from burner-wallet.

I think the process of exporting the private key should come with some friction and some education about what it means to secure such a thing. The Burner Wallet is very far towards convenience on the security/convenience spectrum, which is awesome. However once the person decides to export the private key, they should be entering a much more secure, responsible world.

I disagree with this. Exporting the private key should be easy, since until a user exports it they are vulnerable to loss of the wallet.

I'm making the assumption that it's much more likely that a user will lose funds by losing the private key (incognito mode, etc), than by having it stolen.

If this is the case, then putting barriers in the way of backing up the private key is opposite of what we want to do. Making it harder to back up the wallet makes it more likely that a user will lose funds.

I don't really like the idea of emailing either though because it seems cumbersome. I think that we should just polish the flow around copying the private key. Then, the user can put it somewhere in their phone. Many users will paste it into a todo or text it to themselves. This is not ideal. But if the wallet is securing a small amount, who cares? A security-literate user will paste the private key into a password manager, which I believe is one of the best ways to secure it.

from burner-wallet.

A security-literate user will paste the private key into a password manager, which I believe is one of the best ways to secure it.

This might be exactly what we try to enforce? Is there a way to strongly suggest that a PM is used to store the key?

In the end a wallet is just a high-order password manage for private keys... Thus should the aim of the burner wallet be to at some level manage those keys safely for the user? Installed software wallets are expected to do this, maybe the web-only wallets would not need to do this... But I suspect the app handling this vs. passing it to the user is a better way to go long term.

from burner-wallet.

This issue and #170 address the same problem and should be combined.

from burner-wallet.