Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: why isn't this compatible with wallet.dat encryption? #1

Open
coolaj86 opened this issue Jun 21, 2023 · 0 comments
Open

doc: why isn't this compatible with wallet.dat encryption? #1

coolaj86 opened this issue Jun 21, 2023 · 0 comments

Comments

@coolaj86
Copy link
Member

If DASH is going to succeed at being Digital Cash, it needs to be easy to implement in more places with less concern for auditing and absolutely NO hard reliance on inherently insecure C/C++ code.

  1. AES-GCM and PBKDF2 are widely adopted across many programming languages as part of the standard library. They're also supported by WebCrypto (which means Bun and Node too).
  2. wallet.dat relies on EVP_BytesToKey (Digital EnVeloPe Encryption), which is proprietary to OpenSSL's crypto implementations.
  3. wallet.dat also uses the "outdated" AES-CBC, but this isn't actually an issue for the use case of local storage - if you're afraid that your non-transit storage is adversarial... you have much bigger problems that what AES-GCM can solve for you.

See also:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@coolaj86