When will wallet encryption be enabled in zcash-cli?

title says it all, have been wondering this for some time, I would like a password for wallet. I know XMR cli wallet has had this since day 1. What is stopping this from being enabled?

1 Like

I believe the answer you are looking for is, “Zcash has always given low priority to user experience,” at least as long as I have been aware of the project.

Check out this thread. The reasoning makes sense to me

1 Like

right but what about the worst case scenario where someone gets physical access to your actual device while you are logged in for example. then all they have to do is search your hard drive for a wallet and your money is gone. this is a simple feature that should be activated…

1 Like

When someone has physical access to your device, you can assume they can extract all your private keys from memory; at that point, they have full access to your computer and there’s not much you can do other than enable drive encryption and power it off when the computer is unattended.

If you’re worried about physical/remote access to a device, you should be using cold storage and sign your transactions.

Wallet file encryption would be a nice feature for cloud or USB drive backups, but that can be done out-of-band as a python script.

1 Like

I always found this argument strange. It seems that it would mean that I shouldn’t lock my door because it won’t stop a skilled lockpicker.

I’m not worried about an attacker getting physical access to my computer. I am worried that I’m going to forget, take my laptop to a coffee shop and connect to their WIFI.

5 Likes

How would having wallet encryption help with connecting to a coffee shop’s wi-fi? If by that, you mean connecting to it allows partial remote file access to your computer (bad network configuration or exploitation), then sure, wallet encryption would be a nice feature to have, provided the UX issues can be resolved with people forgetting passwords (maybe warn people, and offer to use OS auth such as a PIN).

Maybe this could be implemented with a Python script for CLI users?

If I connect to the web through coffee wifi and never use my wallet, I think it is ok. They could remotely steal my wallet and install a rootkit (if they know a remote exploit), but to decrypt it, they need to me to input the password.

At least I have time to realize I made a mistake and sweep the account.

There have been cases of people uploading their wallets to cloud storage and getting ripped off by poor cloud security. Or people taking their computer to a repair shop. I think an encrypted wallet would have stopped these thefts.

4 Likes

:+1: on uploading to cloud storage accidentally (especially as dark patterns are often used to get people to sync files to cloud storage); big reason for file encryption to be a necessity for password managers.