# Gavin Andresen
# 2011-05-18 00:15:01
# https://bitcointalk.org/index.php?topic=8728.msg126415#msg126415

Random thought RE: passwords and RPC: @p{par}

I was thinking a better way of handling the password might be a new RPC command: @p{par}

walletpassword @p{lt}password@s{gt} @p{lt}timeout@s{gt} @p{par}

... which would store @p{lt}password@s{gt} in memory for @p{lt}timeout@s{gt} seconds.  If you know your server is secure, you'd give a very long @p{lt}timeout@s{gt} at startup. @p{par}

That same @p{lt}timeout@s{gt} mechanism might be very handy in the GUI (somebody who knows more about password security might have something intelligent to say about the tradeoff between the risk of storing hashed-password in memory versus the convenience of not having to constantly re-enter it). @p{par}

A walletpasswordchange @p{lt}oldpassword@s{gt} @p{lt}newpassword@s{gt} seems like it would be very handy, too. @p{par}

Tacking @p{lt}password@s{gt} onto the beginning of RPC argument lists seems like the wrong thing to do. @p{brk}