-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Review Chia private key & wallet security best practices - implement and document for Machinaris. #53
Comments
Is |
Thanks for the suggestion. Back in late May, when I last tested starting an existing fullnode without invoking However, based on your suggestion, I have just re-tested this scenario, with an empty mnemonic.txt, and now things are working? Farming is running and the wallet seems available. I need to test this further to determine exactly which conditions this works under. |
I see more problems...
So, the cold wallet can save my already farmed coins. But the future of the plots and future rewards are compromised. Am I wrong? I have also tried to open this question on official chia github.. |
Hi. Great points! Yes, you are absolutely correct. The value of plots is tied to the private key encoded in the mnemonic. For that reason, each person in this blockchain farming ecosystem must assess their own risk/reward position. For some, that will mean:
Only each individual can determine their own risk tolerance in pursuit of blockchain rewards by farming plots. Machinaris will continue to serve those interested in more than one blockchain in as secure a manner as possible. Hope this helps answer your question! |
I am not here to hate :-) I believe, there should be another way instead of sharing the keyphrase. What about not sharing the phrase but only map private keys needed for farming into the containers and keep unnecessary keys hidden? |
Yes, good suggestion. Like in the official Chia docker, it's possible to set the |
We inherited the
keys=/root/.chia/mnemonic.txt
behavior from the official Chia Docker, but there needs to be a better way to handle the private key and/or keyring.Some notes:
Some references:
I'm opening this thread and calling for discussion and assistance to find best practices and approaches. Any contributions of wiki documentation and code pull requests are welcomed. A "Security" discussion channel has also been opened our our Discord. Come share good ideas!
The text was updated successfully, but these errors were encountered: