@s{quotedtext}
@s{quotedtext}
I think that's the right way to think about it. And I think Jeff actually implementing a straw-man proposal is exactly the right thing to do.
So: I say we don't try to defend against (3), at least not right now. If you have root then you can install a keylogger, read memory, intercept any system call, etc etc etc. (I would like to see somebody implement a bitcoin client that required payment verification using a cell phone app or telephone call or PIN-sent-to-email and did all the magic key management to make that work securely, but I think that's beyond the scope of what we can reasonably do right now).
Defending against (1) and (2) would help with:
a) you forget to logout so attacker sits down at your computer, starts bitcoin and empties your wallet.
b) attacker gets a hold of a filesystem backup that is not encrypted.
c) sysadmin sets file permissions incorrectly so attacker on multi-user system can read your wallet.dat
d) attacker guesses or finds out your ssh password, logs in remotely and steals your wallet.dat.
It won't help with:
- sysadmin with root privileges is evil
- system compromised by rootkit/trojan/keylogger
RE: encrypt everything: I say maybe later. Just encrypt everything isn't trivial: users would have to wait a minute or two or ten for Berkeley DB to rewrite all of blkindex.dat (bottleneck will be disk I/O, not the encryption), and we have to deal with "my disk filled up when I changed my password, things are half-encrypted and half-not, what do I do now?" And I don't see a lot of value in encrypting all of wallet.dat; forget to shutdown bitcoin and an attacker that wants to know your public addresses can just open up the address book and take a screenshot.