forked from ethereum/EIPs
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[EIP] Security Warning #1
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Recommendation to display a security warning, if users engage in unsafe IPC, e.g. by using a general-purpose QR code reader rather than the integrated one.
ligi
reviewed
May 14, 2018
@@ -40,6 +40,10 @@ Where all of the key + value pairs are optional, allowing for maximum flexibilit | |||
`name` (optional) is a name ofthe private key - e.g. "paper wallet" | |||
`type` (optional) is the type of key (STRING) - Defaults to ECDSA | |||
|
|||
### Security Warning | |||
|
|||
Since private keys are highly sensitive information, it is considerably safer if input (via QR code, keyboard etc.) is handled directly by the target application, rather than going through some IPC mechanism (e.g. the Intent mechanism in Android OS), trusting third-party applications (such as a QR code reader) with the private key. Thus, it is **recommended** to display a security warning, whenever the application receives a private key through IPC messaging, warning the user about the risks associated with using a third-party application to input private keys. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Just not sure about the mention of keyboard here. Keyboard opens a big can of worms on android and I also do not think humans should enter their private keys via keyboard. Let's discuss this in person later.
👍 thanks |
ligi
pushed a commit
that referenced
this pull request
Jan 17, 2019
* Proposed EIP for address and ERC20 transfer rules * Update eip-X.md Updating creation date * Update eip-X.md (#1) * Update eip-X.md * Update eip-X.md * Update eip-X.md Rule -> IRule consistently fix missing links improve abstract * Update eip-X.md typos small improvements adds implementation section
ligi
pushed a commit
that referenced
this pull request
Feb 10, 2023
* added EIP draft for private key encapsulation * minor updates to spec: intake function shall return the Ethereum address of the private key * added test vector #1 * minor formatting * minor edits * added test vector #2 and #3, added signature verification data to #1 * changed signature to against byte values * added test vector generator * renamed file to assigned EIP number * fixed file header * updated default value for salt * fixed offending links etc. * fixed typo Co-authored-by: xinbenlv <zzn@zzn.im> * updated based on review comments * replaced json formatting with none for better rendering * fixed grammar Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar Co-authored-by: xinbenlv <zzn@zzn.im> * revision suggestions taken with gratitudes Co-authored-by: xinbenlv <zzn@zzn.im> * revision suggestions taken with gratitudes Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar Co-authored-by: xinbenlv <zzn@zzn.im> * revision suggestions taken with gratitudes Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar as suggested Co-authored-by: xinbenlv <zzn@zzn.im> * revision suggestions taken with gratitudes Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar as suggested Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar as suggested Co-authored-by: xinbenlv <zzn@zzn.im> * fixed grammar as suggested * fixed based on grammarly.com suggestions * Update EIPS/eip-6051.md Co-authored-by: Pandapip1 <45835846+Pandapip1@users.noreply.github.com> * Update EIPS/eip-6051.md Co-authored-by: Pandapip1 <45835846+Pandapip1@users.noreply.github.com> * Update EIPS/eip-6051.md Co-authored-by: Pandapip1 <45835846+Pandapip1@users.noreply.github.com> * replacing bold fonts with links as suggested * fixed dead links * fixed markdown linter errors Co-authored-by: xinbenlv <zzn@zzn.im> Co-authored-by: Pandapip1 <45835846+Pandapip1@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Recommendation to display a security warning, if users engage in unsafe IPC, e.g. by using a general-purpose QR code reader rather than the integrated one.