Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Backing up wallet to file creates recovery file in AppData #11419

Closed
hugobuddel opened this issue Oct 10, 2017 · 5 comments
Closed

Backing up wallet to file creates recovery file in AppData #11419

hugobuddel opened this issue Oct 10, 2017 · 5 comments
Assignees
@NejcZdovc
Labels
feature/rewards QA/checked-Linux QA/checked-macOS QA/checked-Win64 QA/test-plan-specified release-notes/include sec-low security
Milestone
0.22.x (Release C...

Comments

@hugobuddel
Copy link
Contributor

hugobuddel commented Oct 10, 2017
edited by srirambv
Loading

Testplan

see #13279

Description

The brave_wallet_recovery.txt file is stored in %appdata%\brave\ before offering it for saving.

The file's content contains this sentence "Save this key in a safe place, separate from your Brave browser.", so Brave acts against its own advice by saving this file in the profile.

Steps to Reproduce

  1. Go to about:preferences#payments
  2. Click the cogwheel
  3. Click 'Back up your wallet'
  4. Click 'Save recovery file...'

Actual result:
The file being stored in %appdata%\brave\ as well as the location specified by the user.

Expected result:
The file only being stored in the location indicated by the user.

Reproduces how often:
Each time.

Brave Version

about:brave info:

Brave 0.19.37
rev c6ee3b2
Muon 4.4.25
libchromiumcontent 61.0.3163.100
V8 6.1.534.41
Node.js 7.9.0
Update Channel Beta
OS Platform Microsoft Windows
OS Release 10.0.16296
OS Architecture x64

Reproducible on current live release:
This is the live beta release.

Additional Information

Technically, all information to get the wallet would already be available in %appdata%\brave\, but having the recovery file there seems a bit overdoing it.
@srirambv
Copy link
Collaborator

When you click on import recovery key, default location opened is %appdata%/brave so am guessing it the expected behaviour to allow user to store a copy in desired location apart from storing in the profile folder.

cc: @NejcZdovc

@hugobuddel
Copy link
Contributor Author

Maybe it is a non-issue at the moment, but I was assuming that the Brave wallet could somehow be encrypted (perhaps in the future). Especially since it will at some point it will be possible to move BAT from the wallet to elsewhere (which supposedly is not possible now). And then you don't want people to have access to your funds simply by copying a file (in a known location) from your computer.

@hugobuddel hugobuddel mentioned this issue Oct 11, 2017
Closed
@diracdeltas
Copy link
Member

diracdeltas commented Oct 11, 2017
edited
Loading

until #10705 is done, the Brave wallet recovery data is also stored in the session state file (unencrypted) in the appData directory, as you mentioned. so there seems to be no reason to have the recovery file also in the directory.

@bsclifton bsclifton added this to the Triage Backlog milestone Nov 27, 2017
@NejcZdovc NejcZdovc self-assigned this Feb 23, 2018
@NejcZdovc NejcZdovc modified the milestones: Triage Backlog, 0.21.x (Beta Channel) Feb 23, 2018
@NejcZdovc NejcZdovc mentioned this issue Feb 23, 2018
Merged
10 tasks
NejcZdovc added a commit to NejcZdovc/browser-laptop that referenced this issue Feb 23, 2018
@NejcZdovc
Fixes backup keys export/import; improves print flow
6c186ec 
Resolves brave#13274
Resolves brave#7512
Resolves brave#7511
Resolves brave#11419

Auditors:

Test Plan:
NejcZdovc added a commit to NejcZdovc/browser-laptop that referenced this issue Feb 23, 2018
@NejcZdovc
Fixes backup keys export/import; improves print flow
06e0ad2 
Resolves brave#13274
Resolves brave#7512
Resolves brave#7511
Resolves brave#11419

Auditors:

Test Plan:
@srirambv
Copy link
Collaborator

Verified on no recovery code file created in profile folder when building from source. Need to verify once on packaged build as well.

This was referenced Mar 22, 2018
Closed
Closed
Closed
@LaurenWags
Copy link
Member

LaurenWags commented Mar 22, 2018
edited by btlechowski
Loading

Verified on macOS 10.12.6 x64 using the following build:

  • 0.22.6 e6ff4ea
  • libchromiumcontent: 65.0.3325.162
  • muon: 5.1.0

Verified on Windows x64

  • 0.22.6 e6ff4ea
  • libchromiumcontent: 65.0.3325.162
  • muon: 5.1.0

Verified on Ubuntu 10.10 x64

  • 0.22.7 8bb7e77
  • libchromiumcontent: 65.0.3325.181
  • muon: 5.1.1

@kjozwiak kjozwiak mentioned this issue Mar 29, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@NejcZdovc NejcZdovc

Labels
feature/rewards QA/checked-Linux QA/checked-macOS QA/checked-Win64 QA/test-plan-specified release-notes/include sec-low security
Projects
None yet
Milestone
0.22.x (Release Channel)
Development

No branches or pull requests
9 participants
@diracdeltas @petemill @hugobuddel @luixxiul @bsclifton @NejcZdovc @srirambv @LaurenWags @btlechowski