Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EIP] Security Warning #1

Merged
merged 1 commit into from
May 16, 2018
Merged

[EIP] Security Warning #1

merged 1 commit into from
May 16, 2018

Conversation

nagydani
Copy link

Recommendation to display a security warning, if users engage in unsafe IPC, e.g. by using a general-purpose QR code reader rather than the integrated one.

Recommendation to display a security warning, if users engage in unsafe IPC, e.g. by using a general-purpose QR code reader rather than the integrated one.
@@ -40,6 +40,10 @@ Where all of the key + value pairs are optional, allowing for maximum flexibilit
`name` (optional) is a name ofthe private key - e.g. "paper wallet"
`type` (optional) is the type of key (STRING) - Defaults to ECDSA

### Security Warning

Since private keys are highly sensitive information, it is considerably safer if input (via QR code, keyboard etc.) is handled directly by the target application, rather than going through some IPC mechanism (e.g. the Intent mechanism in Android OS), trusting third-party applications (such as a QR code reader) with the private key. Thus, it is **recommended** to display a security warning, whenever the application receives a private key through IPC messaging, warning the user about the risks associated with using a third-party application to input private keys.
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Just not sure about the mention of keyboard here. Keyboard opens a big can of worms on android and I also do not think humans should enter their private keys via keyboard. Let's discuss this in person later.

@ligi ligi merged commit 9ea398f into ligi:private_key_uris May 16, 2018
@ligi
Copy link
Owner

ligi commented May 16, 2018

👍 thanks

ligi pushed a commit that referenced this pull request Jan 17, 2019
* Proposed EIP for address and ERC20 transfer rules

* Update eip-X.md

Updating creation date

* Update eip-X.md (#1)

* Update eip-X.md

* Update eip-X.md

* Update eip-X.md

Rule -> IRule consistently
fix missing links
improve abstract

* Update eip-X.md

typos
small improvements
adds implementation section
ligi pushed a commit that referenced this pull request Feb 10, 2023
* added EIP draft for private key encapsulation

* minor updates to spec: intake function shall return the Ethereum address of the private key

* added test vector #1

* minor formatting

* minor edits

* added test vector #2 and #3, added signature verification data to #1

* changed signature to against byte values

* added test vector generator

* renamed file to assigned EIP number

* fixed file header

* updated default value for salt

* fixed offending links etc.

* fixed typo

Co-authored-by: xinbenlv <zzn@zzn.im>

* updated based on review comments

* replaced json formatting with none for better rendering

* fixed grammar

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar

Co-authored-by: xinbenlv <zzn@zzn.im>

* revision suggestions taken with gratitudes

Co-authored-by: xinbenlv <zzn@zzn.im>

* revision suggestions taken with gratitudes

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar

Co-authored-by: xinbenlv <zzn@zzn.im>

* revision suggestions taken with gratitudes

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar as suggested

Co-authored-by: xinbenlv <zzn@zzn.im>

* revision suggestions taken with gratitudes

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar as suggested

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar as suggested

Co-authored-by: xinbenlv <zzn@zzn.im>

* fixed grammar as suggested

* fixed based on grammarly.com suggestions

* Update EIPS/eip-6051.md

Co-authored-by: Pandapip1 <45835846+Pandapip1@users.noreply.github.com>

* Update EIPS/eip-6051.md

Co-authored-by: Pandapip1 <45835846+Pandapip1@users.noreply.github.com>

* Update EIPS/eip-6051.md

Co-authored-by: Pandapip1 <45835846+Pandapip1@users.noreply.github.com>

* replacing bold fonts with links as suggested

* fixed dead links

* fixed markdown linter errors

Co-authored-by: xinbenlv <zzn@zzn.im>
Co-authored-by: Pandapip1 <45835846+Pandapip1@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants