Author

Topic: Why is my password visible in the console and not hidden by asterisk? (Read 184 times)

staff
Activity: 3458
Merit: 6793
Just writing some code
When i want to dump my privkey i have to put in my password but why is it visible and not hidden by asterisk?
In what software? Bitcoin Core?

If you are talking about Bitcoin Core, the password is hidden once it is entered. It is not shown in the history. If you are talking about why it shows when you are typing the walletpassphrase command, that is because the console does not know what is your password and what isn't as it does not interpret whatever is written in that box. It only interprets once the command is entered.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Thanks for poiting to github, that's much better.

I am going to set up an never-going-online cheap computer just for these kind of things, i also have an no wi-fi printer just to be safe Smiley


If you go to https://www.bitaddress.org you'll see at the bottom of the page the link to gihub and to the zip archive. That's what I recommend.
About that computer, usually a Linux distribution that runs from pen drive may do the job, just make sure you install your printer. However, as others also said, the safest OS is the one you know best, so use your own diligence and stay safe.
legendary
Activity: 1624
Merit: 2481
When i want to dump my privkey i have to put in my password but why is it visible and not hidden by asterisk?, i mean if someone installed some malware he just can read my password so that's a risk.

If an malicious actor gets to install malware on your computer, he has full control over your PC.
This means once you open your wallet, the malware will be able to move all your funds out (assuming the malware is aimed at this task).

Even a keylogger would gain access to the password. Making it 'invisible' when typing doesn't add anything regarding security (except maybe that nobody can stand behind you to get the password).



Also those onlne paperwalletgenerators are a risk, what do you people think about that?

Do not use them.
Even if you use them offline, they might have a smaller key space.

The best would be to use a proper wallet (e.g. core or electrum) on an offline machine, generate a few private keys, write them down together with the addresses.
If you do this on a linux live system (usb live boot), after a shutdown all information will be gone .
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I figured out that i can also can dump my privkey while disconnected to the internet but does anybody does that?

First of all, you have to keep in mind that if the malware is there, it can send out info at a later point too.
Second, I guess that you can always unplug the network cable, stop the WiFi or so for disconnecting. Is that an issue?!

Also those onlne paperwalletgenerators are a risk, what do ypu people think about that?

The proper paper wallet generators also offer a link (gihub usually) where you can find, zipped, the whole website.
This allows you download, unpack and run that page locally, without internet, preferably on a safe enough operating system, and print that paper wallet(s) on your local printer.
If you are careful enough, this is one of the safest (and cheapest) methods for building yourself a wallet.
newbie
Activity: 12
Merit: 1
no no messagesno no messagesno no messages
Jump to: