HomePhabricator

[electrum] clear the wallet password from memory when no longer needed

Description

[electrum] clear the wallet password from memory when no longer needed

Summary:
The avalanche proof editor and delegation editor keep a copy of the wallet password so that the user is not prompted too often for the password (when signing proofs & delegations, signing coins...)

This diff changes the data structure used to cache the password to a mutable type and overwrites the password with 0s when the widget is no longer referenced, to avoid exposing the password to malware. In practice, this happens when the application is closed.

The scope of this diff is limited to the password cached by the various widgets inheriting CachedWalletPasswordWidget. It does not fix all the other places in the codebase that store the wallet password or a private key in a local var (all direct or indirect callsites for keystore.get_private_key, all main_window methods that use the @protected decorator, all the callsites that directly use PasswordDialog...)

Test Plan:
Run Electrum ABC in verbose mode, open an encrypted wallet, open the proof editor, the delegation editor and the auxiliary keys dialog from the main windows menu. From the delegation editor, open the auxiliary keys dialog using the button.From the proof editor, generate a proof then open the delegation editor from the button in the proof editor, then open the auxiliary keys tool from the button in the delegation widget. Close everything, check for the following messages in the terminal:

[AuxiliaryKeysWidget] Zeroing cached password in memory
[AuxiliaryKeysWidget] Zeroing cached password in memory
[AvaProofEditor] Zeroing cached password in memory
[AvaDelegationWidget] Zeroing cached password in memory
[AuxiliaryKeysWidget] Zeroing cached password in memory

Note that the delegation editor has only one log line, because the one opened from the main window's menu did not ask for a password directly (the password was prompted only when opening its child auxiliary key widget). The second delegation editor that was opened via the proof editor received the password through its __init__ method, so it cleared the memory and printed a log line.

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Subscribers: Fabien, bytesofman

Differential Revision: https://reviews.bitcoinabc.org/D14729

Details

Provenance
PiRKAuthored on Nov 2 2023, 11:07
PiRKPushed on Nov 3 2023, 15:10
Reviewer
Restricted Project
Differential Revision
D14729: [electrum] clear the wallet password from memory when no longer needed
Parents
rABC6954c1d261ed: [Cashtab][Alias] Check Alias function
Branches
Unknown
Tags
Unknown