Increasing asset security

[Delari]

Good afternoon, I would like to propose an idea, since the chia full node is constantly running, and, accordingly, remains unattended, within the framework of security I would like to propose to implement the functionality, before sending coins to another wallet - a pin code is needed, after three unsuccessful attempts, the entire balance is sent to the backup address.

[SlugFiller]

I started a longer discussion at #7830 but the gist of it is that protecting the GUI is only a fraction of what you need to secure your assets. Currently, it's possible to get your seed simply by opening a command line prompt in the client's folder, and running chia keys show. Your seed can be used to steal not only your current assets, but any additional assets farmed or sent to the same wallet.

More alarmingly than local access, a virus or trojan could use the RPC interface to make any sends it wants, without you even seeing it if you're not looking directly at the wallet, as well as simply pick your seed unencrypted from the drive.

Put simply, a pin for just the send operation is still far too little security.

[Delari]

why not release a fork that will allow growing and plotting with the same fingerprint but without wallet management, and the main wallet with management can be stored separately more securely, of the minuses - it will be necessary to synchronize the database on both machines - however, this is better than leaving the seed unattended

[SlugFiller]

I'm not sure if it's even possible to plot without the seed. This has been discussed with regards to cold wallets and offline transaction signing, but the EIP2333/4 key derivation method used by Chia makes it difficult to even check the wallet status without access to the seed, due to the difficulty of producing the wallet public keys. At least, for generating the plot NFT, wallet functionality is needed.

Since it's possible to plot with just NFT and farmer signatures, you can delegate plotting to an underprivileged machine, but this leaves farming a question. Obviously, you can run the farmer without the wallet via the command line, but it's unclear if the farmer can run without access to the seed. An individual harvester only needs the plots, but the farmer is a different beast.

You can try running a farmer and full node with no seed configured, and see if that works, but I have my doubts.