Why is my password visible in the console and not hidden by asterisk?

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

Quote from: crypto21002 on October 11, 2018, 05:26:08 AM

When i want to dump my privkey i have to put in my password but why is it visible and not hidden by asterisk?

In what software? Bitcoin Core?

If you are talking about Bitcoin Core, the password is hidden once it is entered. It is not shown in the history. If you are talking about why it shows when you are typing the walletpassphrase command, that is because the console does not know what is your password and what isn't as it does not interpret whatever is written in that box. It only interprets once the command is entered.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: ?? on ??

Thanks for poiting to github, that's much better.

I am going to set up an never-going-online cheap computer just for these kind of things, i also have an no wi-fi printer just to be safe

If you go to https://www.bitaddress.org you'll see at the bottom of the page the link to gihub and to the zip archive. That's what I recommend.
About that computer, usually a Linux distribution that runs from pen drive may do the job, just make sure you install your printer. However, as others also said, the safest OS is the one you know best, so use your own diligence and stay safe.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: crypto21002 on October 11, 2018, 05:26:08 AM

When i want to dump my privkey i have to put in my password but why is it visible and not hidden by asterisk?, i mean if someone installed some malware he just can read my password so that's a risk.

If an malicious actor gets to install malware on your computer, he has full control over your PC.
This means once you open your wallet, the malware will be able to move all your funds out (assuming the malware is aimed at this task).

Even a keylogger would gain access to the password. Making it 'invisible' when typing doesn't add anything regarding security (except maybe that nobody can stand behind you to get the password).

Quote from: crypto21002 on October 11, 2018, 05:26:08 AM

Also those onlne paperwalletgenerators are a risk, what do you people think about that?

Do not use them.
Even if you use them offline, they might have a smaller key space.

The best would be to use a proper wallet (e.g. core or electrum) on an offline machine, generate a few private keys, write them down together with the addresses.
If you do this on a linux live system (usb live boot), after a shutdown all information will be gone .

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: crypto21002 on October 11, 2018, 05:26:08 AM

I figured out that i can also can dump my privkey while disconnected to the internet but does anybody does that?

First of all, you have to keep in mind that if the malware is there, it can send out info at a later point too.
Second, I guess that you can always unplug the network cable, stop the WiFi or so for disconnecting. Is that an issue?!

Quote from: crypto21002 on October 11, 2018, 05:26:08 AM

Also those onlne paperwalletgenerators are a risk, what do ypu people think about that?

The proper paper wallet generators also offer a link (gihub usually) where you can find, zipped, the whole website.
This allows you download, unpack and run that page locally, without internet, preferably on a safe enough operating system, and print that paper wallet(s) on your local printer.
If you are careful enough, this is one of the safest (and cheapest) methods for building yourself a wallet.

crypto21002

newbie

Activity: 12

Merit: 1

no no messagesno no messagesno no messages

Topic: Why is my password visible in the console and not hidden by asterisk? (Read 184 times)