Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UZl0I-0007Yv-4U for bitcoin-development@lists.sourceforge.net; Tue, 07 May 2013 16:44:38 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of theagricolas.org designates 199.119.226.154 as permitted sender) client-ip=199.119.226.154; envelope-from=craig@theagricolas.org; helo=mail.theagricolas.org; Received: from theagricolas.org ([199.119.226.154] helo=mail.theagricolas.org) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1UZl0H-0000D9-2p for bitcoin-development@lists.sourceforge.net; Tue, 07 May 2013 16:44:38 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.theagricolas.org (Postfix) with ESMTP id E963C4FC8057; Tue, 7 May 2013 12:45:06 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at theagricolas.org Received: from mail.theagricolas.org ([127.0.0.1]) by localhost (kimble.theagricolas.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id KuIAJogYM2YU; Tue, 7 May 2013 12:45:05 -0400 (EDT) Received: from localhost (c-75-69-34-85.hsd1.vt.comcast.net [75.69.34.85]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: craig@theagricolas.org) by mail.theagricolas.org (Postfix) with ESMTPSA id 42F2D4FC8055; Tue, 7 May 2013 12:45:05 -0400 (EDT) Date: Tue, 7 May 2013 12:44:25 -0400 From: Craig B Agricola To: Adam Back Message-ID: <20130507164425.GN24376@theagricolas.org> References: <20130507121641.GA11770@netbook.cypherspace.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130507121641.GA11770@netbook.cypherspace.org> User-Agent: Mutt/1.5.20 (2009-06-14) X-Spam-Score: -2.8 (--) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record -1.3 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1UZl0H-0000D9-2p Cc: Bitcoin-Dev Subject: Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 May 2013 16:44:38 -0000 BTW, Adam, I suspect you might be using the console in the GUI, and that might be under Windows for all I know, but I usually do it this way on the command line under Linux: echo -n "Password: ";bitcoind walletpassphrase `stty -echo;read p;echo $p;stty echo` 60; echo This uses the JSON API to unlock the wallet (for 60 seconds; which is the "60" at the end), and should work for either the GUI (if you start it with the -server flag) or the headless bitcoind. It keeps the password that you type off the console, and also keeps it out of the history file. The only issue with it is that it will show up in the process tree as an argument of the command for the period of time that the JSON API is being prepared and sent, which should be fairly short. This might be a concern if you are on a multi-user system (you probably shouldn't be doing this anyway), or worry that spyware might be monitoring for passwords (though if you are worried about spyware, you should already be concerned about keyloggers, so...) I doubt this will work (without significant modifications) on Windows without Cygwin, though. -Craig On Tue, May 07, 2013 at 02:16:41PM +0200, Adam Back wrote: > Hi > > Three minor security/other issues: > > 1. please a way to unlock the wallet without displaying wallet password in > console screen (console unlock wallet, to import priv key); or