Document that wallet encryption is disabled
This commit is contained in:
parent
1532cb75f3
commit
750d4e07dd
|
@ -14,6 +14,25 @@ make proving keys generated on 64-bit systems unusable on 32-bit and big-endian
|
|||
systems. It's unclear if a warning will be issued in this case, or if the
|
||||
proving system will be silently compromised.
|
||||
|
||||
Wallet Encryption
|
||||
-----------------
|
||||
|
||||
Wallet encryption is disabled, for several reasons:
|
||||
|
||||
- Encrypted wallets are unable to correctly detect shielded spends (due to the
|
||||
nature of unlinkability of JoinSplits) and will incorrectly show much larger
|
||||
available shielded balances until the next time the wallet is unlocked.
|
||||
|
||||
- While encrypted wallets prevent spending of funds, they do not maintain the
|
||||
shielding properties of JoinSplits (due to the need to detect spends). That
|
||||
is, someone with access to an encrypted wallet.dat has full visibility of
|
||||
your entire transaction graph (other than newly-detected spends, which suffer
|
||||
from the earlier issue).
|
||||
|
||||
You should use full-disk encryption (or encryption of your home directory) to
|
||||
protect your wallet at rest, and should assume (even unprivileged) users who are
|
||||
runnng on your OS can read your wallet.dat file.
|
||||
|
||||
Side-Channel Attacks
|
||||
--------------------
|
||||
|
||||
|
|
Loading…
Reference in New Issue