Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Have bitcoind recommend a secure RPC password. Increase invalid password delay. #798

Closed
wants to merge 1 commit into from
Closed

Conversation

gmaxwell
Copy link
Contributor

@gmaxwell gmaxwell commented Feb 5, 2012

Help users avoid insecure configurations a bit by recommending a
secure RPC password and increasing the incorrect password delay.

This may open up a RPC DOS for users with exposed RPC ports and
short passwords. Since users shouldn't have exposed RPC ports OR
short passwords, the DOS risk is preferable to the compromise
risk.

Also logs the client IP address for incorrect attempts.

With this patch running bitcoind when there is no configuration file now results in:
[gmaxwell@helmholtz src]$ ./bitcoind
Error: To use bitcoind, you must set a rpcpassword in the configuration file:
/home/gmaxwell/.bitcoin/bitcoin.conf
It is recommended you use the following random password:
rpcuser=bitcoinrpc
rpcpassword=HXt6c9zmw6jqW4jvh3pcHTGb7owrmNLUtaSVGvoT2Sho
(you do not need to remember this password)
If the file does not exist, create it with owner-readable-only file permissions.

Previously it just advised rpcpassword= which probably gets filled in with insecure normal password like values.

I think ideally bitcoin would just autocreate the file with a random authentication string like this— but I thought this change was more minimal. Thoughts?

…ord delay.

Help users avoid insecure configurations a bit by recommending a
secure RPC password and increasing the incorrect password delay.

This may open up a RPC DOS for users with exposed RPC ports and
short passwords. Since users shouldn't have exposed RPC ports OR
short passwords, the DOS risk is preferable to the compromise
risk.

Also logs the client IP address for incorrect attempts.
@gmaxwell gmaxwell closed this Feb 5, 2012
@gmaxwell
Copy link
Contributor Author

gmaxwell commented Feb 5, 2012

I fail at github, opening from the right branch.

destenson pushed a commit to destenson/bitcoin--bitcoin that referenced this pull request Jun 26, 2016
ptschip pushed a commit to ptschip/bitcoin that referenced this pull request Oct 13, 2017
add buip055fork.h to header list in Makefile.am
Losangelosgenetics pushed a commit to Losangelosgenetics/bitcoin that referenced this pull request Mar 12, 2020
Losangelosgenetics pushed a commit to Losangelosgenetics/bitcoin that referenced this pull request Mar 12, 2020
Losangelosgenetics pushed a commit to Losangelosgenetics/bitcoin that referenced this pull request Mar 12, 2020
sipa added a commit to sipa/bitcoin that referenced this pull request Aug 28, 2020
2ebf20f30b f update test vectors
79da28a01d f use evenness as tie breaker for R
fc8ffb8550 f add 0 to nonce function tag according to updated spec
d623ff03f0 valgrind_ctime_test: Add schnorrsig_sign
cc998b5422 schnorrsig: Add taproot test case
c7d8a81e1b schnorrsig: Add benchmark for sign and verify
dea212b86b schnorrsig: Add BIP-340 compatible signing and verification
f977c8602b schnorrsig: Add BIP-340 nonce function
bb48fe50cb schnorrsig: Init empty experimental module
eb93995ca8 Allow initializing tagged sha256
2e809e0eaa extrakeys: Add keypair_xonly_tweak_add
5b4c32fcee extrakeys: Add keypair struct with create, pub and pub_xonly
b60d714e41 Separate helper functions for pubkey_create and seckey_tweak_add
3824ff5107 extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test
4c0e791f7f Separate helper function for ec_pubkey_tweak_add
88cca701ea extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey
47e6618 extrakeys: Init empty experimental module
3e08b02 Make the secp256k1_declassify argument constant
670cdd3 Merge bitcoin#798: Check assumptions on integer implementation at compile time
7c06899 Compile-time check assumptions on integer types
02b6c87 Add support for (signed) __int128
979961c Merge bitcoin#787: Use preprocessor macros instead of autoconf to detect endianness
887bd1f Merge bitcoin#793: Make scalar/field choice depend on C-detected __int128 availability
0dccf98 Use preprocessor macros instead of autoconf to detect endianness
b2c8c42 Merge bitcoin#795: Avoid linking libcrypto in the valgrind ct test.
57d3a3c Avoid linking libcrypto in the valgrind ct test.
79f1f7a Autodetect __int128 availability on the C side
0d7727f Add SECP256K1_FE_STORAGE_CONST_GET to 5x52 field
805082d Merge bitcoin#696: Run a Travis test on s390x (big endian)
3929536 Test travis s390x (big endian)
6034a04 Merge bitcoin#778: secp256k1_gej_double_nonzero supports infinity
f609159 Merge bitcoin#779: travis: Fix argument quoting for ./configure
9e49a9b travis: Fix argument quoting for ./configure
18d3632 secp256k1_gej_double_nonzero supports infinity
214cb3c Merge bitcoin#772: Improve constant-timeness on PowerPC
40412b1 Merge bitcoin#774: tests: Abort if malloc() fails during context cloning tests
2e1b9e0 tests: Abort if malloc() fails during context cloning tests
67a429f Suppress a harmless variable-time optimization by clang in _int_cmov
5b19633 Remove redundant "? 1 : 0" after comparisons in scalar code
3e5cfc5 Merge bitcoin#741: Remove unnecessary sign variable from wnaf_const
66bb932 Merge bitcoin#773: Fix some compile problems on weird/old compilers.
1309c03 Fix some compile problems on weird/old compilers.
2309c7d Merge bitcoin#769: Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
22e578b Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
3f4a5a1 Merge bitcoin#765: remove dead store in ecdsa_signature_parse_der_lax
f00d657 remove dead store in ecdsa_signature_parse_der_lax
dbd41db Merge bitcoin#759: Fix uninitialized variables in ecmult_multi test
2e7fc5b Fix uninitialized variables in ecmult_multi test
37dba32 Remove unnecessary sign variable from wnaf_const
6bb0b77 Fix test_constant_wnaf for -1 and add a test for it.

git-subtree-dir: src/secp256k1
git-subtree-split: 2ebf20f30b733a940e3aacf2e6bf756f1ffc74d9
sipa added a commit to sipa/bitcoin that referenced this pull request Sep 4, 2020
fb442254ef valgrind_ctime_test: Add schnorrsig_sign
e2d6f21b1c schnorrsig: Add taproot test case
00779cd965 schnorrsig: Add benchmark for sign and verify
53b0417865 schnorrsig: Add BIP-340 compatible signing and verification
929daeda9c schnorrsig: Add BIP-340 nonce function
bb48fe50cb schnorrsig: Init empty experimental module
eb93995ca8 Allow initializing tagged sha256
2e809e0eaa extrakeys: Add keypair_xonly_tweak_add
5b4c32fcee extrakeys: Add keypair struct with create, pub and pub_xonly
b60d714e41 Separate helper functions for pubkey_create and seckey_tweak_add
3824ff5107 extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test
4c0e791f7f Separate helper function for ec_pubkey_tweak_add
88cca701ea extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey
47e6618 extrakeys: Init empty experimental module
3e08b02 Make the secp256k1_declassify argument constant
670cdd3 Merge bitcoin#798: Check assumptions on integer implementation at compile time
7c06899 Compile-time check assumptions on integer types
02b6c87 Add support for (signed) __int128
979961c Merge bitcoin#787: Use preprocessor macros instead of autoconf to detect endianness
887bd1f Merge bitcoin#793: Make scalar/field choice depend on C-detected __int128 availability
0dccf98 Use preprocessor macros instead of autoconf to detect endianness
b2c8c42 Merge bitcoin#795: Avoid linking libcrypto in the valgrind ct test.
57d3a3c Avoid linking libcrypto in the valgrind ct test.
79f1f7a Autodetect __int128 availability on the C side
0d7727f Add SECP256K1_FE_STORAGE_CONST_GET to 5x52 field
805082d Merge bitcoin#696: Run a Travis test on s390x (big endian)
3929536 Test travis s390x (big endian)
6034a04 Merge bitcoin#778: secp256k1_gej_double_nonzero supports infinity
f609159 Merge bitcoin#779: travis: Fix argument quoting for ./configure
9e49a9b travis: Fix argument quoting for ./configure
18d3632 secp256k1_gej_double_nonzero supports infinity
214cb3c Merge bitcoin#772: Improve constant-timeness on PowerPC
40412b1 Merge bitcoin#774: tests: Abort if malloc() fails during context cloning tests
2e1b9e0 tests: Abort if malloc() fails during context cloning tests
67a429f Suppress a harmless variable-time optimization by clang in _int_cmov
5b19633 Remove redundant "? 1 : 0" after comparisons in scalar code
3e5cfc5 Merge bitcoin#741: Remove unnecessary sign variable from wnaf_const
66bb932 Merge bitcoin#773: Fix some compile problems on weird/old compilers.
1309c03 Fix some compile problems on weird/old compilers.
2309c7d Merge bitcoin#769: Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
22e578b Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
3f4a5a1 Merge bitcoin#765: remove dead store in ecdsa_signature_parse_der_lax
f00d657 remove dead store in ecdsa_signature_parse_der_lax
dbd41db Merge bitcoin#759: Fix uninitialized variables in ecmult_multi test
2e7fc5b Fix uninitialized variables in ecmult_multi test
37dba32 Remove unnecessary sign variable from wnaf_const
6bb0b77 Fix test_constant_wnaf for -1 and add a test for it.

git-subtree-dir: src/secp256k1
git-subtree-split: fb442254ef88d6bfcfe76cf25236ebda02bad795
sipa added a commit to sipa/bitcoin that referenced this pull request Sep 5, 2020
79785f0f56 f add test for signing with an invalid keypair
b6bc83107a f improve doc of secp256k1_keypair_xonly_tweak_add
307dfbf665 f clarify that you want to use a different secret if keypair_create fails
ab1b9b0616 f replace mention of 32-byte public key with 32-byte sequence
fb442254ef valgrind_ctime_test: Add schnorrsig_sign
e2d6f21b1c schnorrsig: Add taproot test case
00779cd965 schnorrsig: Add benchmark for sign and verify
53b0417865 schnorrsig: Add BIP-340 compatible signing and verification
929daeda9c schnorrsig: Add BIP-340 nonce function
bb48fe50cb schnorrsig: Init empty experimental module
eb93995ca8 Allow initializing tagged sha256
2e809e0eaa extrakeys: Add keypair_xonly_tweak_add
5b4c32fcee extrakeys: Add keypair struct with create, pub and pub_xonly
b60d714e41 Separate helper functions for pubkey_create and seckey_tweak_add
3824ff5107 extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test
4c0e791f7f Separate helper function for ec_pubkey_tweak_add
88cca701ea extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey
47e6618 extrakeys: Init empty experimental module
3e08b02 Make the secp256k1_declassify argument constant
670cdd3 Merge bitcoin#798: Check assumptions on integer implementation at compile time
7c06899 Compile-time check assumptions on integer types
02b6c87 Add support for (signed) __int128
979961c Merge bitcoin#787: Use preprocessor macros instead of autoconf to detect endianness
887bd1f Merge bitcoin#793: Make scalar/field choice depend on C-detected __int128 availability
0dccf98 Use preprocessor macros instead of autoconf to detect endianness
b2c8c42 Merge bitcoin#795: Avoid linking libcrypto in the valgrind ct test.
57d3a3c Avoid linking libcrypto in the valgrind ct test.
79f1f7a Autodetect __int128 availability on the C side
0d7727f Add SECP256K1_FE_STORAGE_CONST_GET to 5x52 field
805082d Merge bitcoin#696: Run a Travis test on s390x (big endian)
3929536 Test travis s390x (big endian)
6034a04 Merge bitcoin#778: secp256k1_gej_double_nonzero supports infinity
f609159 Merge bitcoin#779: travis: Fix argument quoting for ./configure
9e49a9b travis: Fix argument quoting for ./configure
18d3632 secp256k1_gej_double_nonzero supports infinity
214cb3c Merge bitcoin#772: Improve constant-timeness on PowerPC
40412b1 Merge bitcoin#774: tests: Abort if malloc() fails during context cloning tests
2e1b9e0 tests: Abort if malloc() fails during context cloning tests
67a429f Suppress a harmless variable-time optimization by clang in _int_cmov
5b19633 Remove redundant "? 1 : 0" after comparisons in scalar code
3e5cfc5 Merge bitcoin#741: Remove unnecessary sign variable from wnaf_const
66bb932 Merge bitcoin#773: Fix some compile problems on weird/old compilers.
1309c03 Fix some compile problems on weird/old compilers.
2309c7d Merge bitcoin#769: Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
22e578b Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
3f4a5a1 Merge bitcoin#765: remove dead store in ecdsa_signature_parse_der_lax
f00d657 remove dead store in ecdsa_signature_parse_der_lax
dbd41db Merge bitcoin#759: Fix uninitialized variables in ecmult_multi test
2e7fc5b Fix uninitialized variables in ecmult_multi test
37dba32 Remove unnecessary sign variable from wnaf_const
6bb0b77 Fix test_constant_wnaf for -1 and add a test for it.

git-subtree-dir: src/secp256k1
git-subtree-split: 79785f0f56d2d1ba8c7c746c489eb270eeb31bb1
sipa added a commit to sipa/bitcoin that referenced this pull request Sep 11, 2020
8ab24e8 Merge bitcoin#558: Add schnorrsig module which implements BIP-340 compliant signatures
f3733c5 Merge bitcoin#797: Fix Jacobi benchmarks and other benchmark improvements
cb5524a Add benchmark for secp256k1_ge_set_gej_var
5c6af60 Make jacobi benchmarks vary inputs
d0fdd5f Randomize the Z coordinates in bench_internal
c7a3424 Rename bench_internal variables
875d68b Merge bitcoin#699: Initialize field elements when resulting in infinity
54caf2e Merge bitcoin#799: Add fallback LE/BE for architectures with known endianness + SHA256 selftest
f431b3f valgrind_ctime_test: Add schnorrsig_sign
16ffa9d schnorrsig: Add taproot test case
8dfd53e schnorrsig: Add benchmark for sign and verify
4e43520 schnorrsig: Add BIP-340 compatible signing and verification
7332d2d schnorrsig: Add BIP-340 nonce function
7a703fd schnorrsig: Init empty experimental module
eabd9bc Allow initializing tagged sha256
6fcb5b8 extrakeys: Add keypair_xonly_tweak_add
5825446 extrakeys: Add keypair struct with create, pub and pub_xonly
f001034 Separate helper functions for pubkey_create and seckey_tweak_add
910d9c2 extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test
176bfb1 Separate helper function for ec_pubkey_tweak_add
4cd2ee4 extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey
f49c989 Merge bitcoin#806: Trivial: Add test logs to gitignore
aabf00c Merge bitcoin#648: Prevent ints from wrapping around in scratch space functions
f5adab1 Merge bitcoin#805: Remove the extremely outdated TODO file.
bceefd6 Add test logs to gitignore
1c32519 Remove the extremely outdated TODO file.
47e6618 extrakeys: Init empty experimental module
3e08b02 Make the secp256k1_declassify argument constant
8bc6aef Add SHA256 selftest
670cdd3 Merge bitcoin#798: Check assumptions on integer implementation at compile time
5e5fb28 Use additional system macros to figure out endianness
7c06899 Compile-time check assumptions on integer types
02b6c87 Add support for (signed) __int128
979961c Merge bitcoin#787: Use preprocessor macros instead of autoconf to detect endianness
887bd1f Merge bitcoin#793: Make scalar/field choice depend on C-detected __int128 availability
0dccf98 Use preprocessor macros instead of autoconf to detect endianness
b2c8c42 Merge bitcoin#795: Avoid linking libcrypto in the valgrind ct test.
57d3a3c Avoid linking libcrypto in the valgrind ct test.
79f1f7a Autodetect __int128 availability on the C side
0d7727f Add SECP256K1_FE_STORAGE_CONST_GET to 5x52 field
805082d Merge bitcoin#696: Run a Travis test on s390x (big endian)
3929536 Test travis s390x (big endian)
6034a04 Merge bitcoin#778: secp256k1_gej_double_nonzero supports infinity
f609159 Merge bitcoin#779: travis: Fix argument quoting for ./configure
9e49a9b travis: Fix argument quoting for ./configure
18d3632 secp256k1_gej_double_nonzero supports infinity
214cb3c Merge bitcoin#772: Improve constant-timeness on PowerPC
40412b1 Merge bitcoin#774: tests: Abort if malloc() fails during context cloning tests
2e1b9e0 tests: Abort if malloc() fails during context cloning tests
67a429f Suppress a harmless variable-time optimization by clang in _int_cmov
5b19633 Remove redundant "? 1 : 0" after comparisons in scalar code
3e5cfc5 Merge bitcoin#741: Remove unnecessary sign variable from wnaf_const
66bb932 Merge bitcoin#773: Fix some compile problems on weird/old compilers.
1309c03 Fix some compile problems on weird/old compilers.
2309c7d Merge bitcoin#769: Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
22e578b Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
3f4a5a1 Merge bitcoin#765: remove dead store in ecdsa_signature_parse_der_lax
f00d657 remove dead store in ecdsa_signature_parse_der_lax
dbd41db Merge bitcoin#759: Fix uninitialized variables in ecmult_multi test
2e7fc5b Fix uninitialized variables in ecmult_multi test
37dba32 Remove unnecessary sign variable from wnaf_const
6bb0b77 Fix test_constant_wnaf for -1 and add a test for it.
47a7b83 Clear field elements when writing infinity
61d1ecb Added test with additions resulting in infinity
60f7f2d Don't assume that ALIGNMENT > 1 in tests
ada6361 Use ROUND_TO_ALIGN in scratch_create
8ecc6ce Add check preventing rounding to alignment from wrapping around in scratch_alloc
4edaf06 Add check preventing integer multiplication wrapping around in scratch_max_allocation

git-subtree-dir: src/secp256k1
git-subtree-split: 8ab24e8
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant