From d85e58f43589494ec89fa9a5f224b3fe0e0dd336 Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Tue, 4 Sep 2018 18:42:40 -0700 Subject: [PATCH 1/9] config: rename noencryptwallet to noseedbackup This commit renames the confusing noencryptwallet flag to noseedbackup, since this highlights the more crucial information of the flags behavior to the user. The description has also been capitalized to urge the user think twice about what they're doing. --- config.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config.go b/config.go index 32a5403d..4dcd98de 100644 --- a/config.go +++ b/config.go @@ -45,7 +45,7 @@ const ( defaultPeerPort = 9735 defaultRPCHost = "localhost" defaultMaxPendingChannels = 1 - defaultNoEncryptWallet = false + defaultNoSeedBackup = false defaultTrickleDelay = 30 * 1000 defaultInactiveChanTimeout = 20 * time.Minute defaultMaxLogFiles = 3 @@ -222,7 +222,7 @@ type config struct { NoNetBootstrap bool `long:"nobootstrap" description:"If true, then automatic network bootstrapping will not be attempted."` - NoEncryptWallet bool `long:"noencryptwallet" description:"If set, wallet will be encrypted using the default passphrase."` + NoSeedBackup bool `long:"noseedbackup" description:"If true, NO SEED WILL BE EXPOSED AND THE WALLET WILL BE ENCRYPTED USING THE DEFAULT PASSPHRASE -- EVER. THIS FLAG IS ONLY FOR TESTING AND IS BEING DEPRECATED."` TrickleDelay int `long:"trickledelay" description:"Time in milliseconds between each release of announcements to the network"` InactiveChanTimeout time.Duration `long:"inactivechantimeout" description:"If a channel has been inactive for the set time, send a ChannelUpdate disabling it."` @@ -288,7 +288,7 @@ func loadConfig() (*config, error) { RPCHost: defaultRPCHost, }, MaxPendingChannels: defaultMaxPendingChannels, - NoEncryptWallet: defaultNoEncryptWallet, + NoSeedBackup: defaultNoSeedBackup, Autopilot: &autoPilotConfig{ MaxChannels: 5, Allocation: 0.6, From d11212dd61a9ca034de8b999de5c7d35ec647bde Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Tue, 4 Sep 2018 18:53:37 -0700 Subject: [PATCH 2/9] cmd/lncli/commands: change noencryptwallet -> noseedbackup --- cmd/lncli/commands.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/lncli/commands.go b/cmd/lncli/commands.go index 8d852ed8..db8a7e93 100644 --- a/cmd/lncli/commands.go +++ b/cmd/lncli/commands.go @@ -1332,7 +1332,7 @@ var unlockCommand = cli.Command{ The unlock command is used to decrypt lnd's wallet state in order to start up. This command MUST be run after booting up lnd before it's able to carry out its duties. An exception is if a user is running with - --noencryptwallet, then a default passphrase will be used. + --noseedbackup, then a default passphrase will be used. `, Flags: []cli.Flag{ cli.IntFlag{ @@ -1400,8 +1400,8 @@ var changePasswordCommand = cli.Command{ is successful. If one did not specify a password for their wallet (running lnd with - --noencryptwallet), one must restart their daemon without - --noencryptwallet and use this command. The "current password" field + --noseedbackup), one must restart their daemon without + --noseedbackup and use this command. The "current password" field should be left empty. `, Action: actionDecorator(changePassword), From 7c4abd24186037894834db0b7fde1531a307d07d Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Tue, 4 Sep 2018 18:49:37 -0700 Subject: [PATCH 3/9] lntest/node: change noencryptwallet to noseedbackup --- lntest/node.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lntest/node.go b/lntest/node.go index aa965568..43a555a9 100644 --- a/lntest/node.go +++ b/lntest/node.go @@ -168,7 +168,7 @@ func (cfg nodeConfig) genArgs() []string { args = append(args, fmt.Sprintf("--trickledelay=%v", trickleDelay)) if !cfg.HasSeed { - args = append(args, "--noencryptwallet") + args = append(args, "--noseedbackup") } if cfg.ExtraArgs != nil { From fb3ace9b28d93519723aeaf8ee25bdecb04a404d Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Tue, 4 Sep 2018 18:53:14 -0700 Subject: [PATCH 4/9] lnd: use default enc pw when noseedbackup is passed --- lnd.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lnd.go b/lnd.go index aea8689a..8d15ee7c 100644 --- a/lnd.go +++ b/lnd.go @@ -210,9 +210,9 @@ func lndMain() error { ) // We wait until the user provides a password over RPC. In case lnd is - // started with the --noencryptwallet flag, we use the default password + // started with the --noseedbackup flag, we use the default password // for wallet encryption. - if !cfg.NoEncryptWallet { + if !cfg.NoSeedBackup { walletInitParams, err := waitForWalletPassword( cfg.RPCListeners, cfg.RESTListeners, serverOpts, proxyOpts, tlsConf, From d75a01ec83f0940cd5165a039b4aecca249c45b7 Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Tue, 4 Sep 2018 18:54:32 -0700 Subject: [PATCH 5/9] walletunlocker/service: change noencryptwallet reference to noseedbackup --- walletunlocker/service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/walletunlocker/service.go b/walletunlocker/service.go index c3fd45f2..5efc211b 100644 --- a/walletunlocker/service.go +++ b/walletunlocker/service.go @@ -309,7 +309,7 @@ func (u *UnlockerService) ChangePassword(ctx context.Context, privatePw := in.CurrentPassword // If the current password is blank, we'll assume the user is coming - // from a --noencryptwallet state, so we'll use the default passwords. + // from a --noseedbackup state, so we'll use the default passwords. if len(in.CurrentPassword) == 0 { publicPw = lnwallet.DefaultPublicPassphrase privatePw = lnwallet.DefaultPrivatePassphrase From e47412be3a5cb80867f697e0da55f11f713ca867 Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Tue, 4 Sep 2018 18:45:46 -0700 Subject: [PATCH 6/9] docs/INSTALL: remove noencryptwallet from install docs We will be slowly phasing this out, though abruptly discontinuing support would be a more extensive change. For now, we will ensure that this feature is not recommended to users setting up a new wallet. --- docs/INSTALL.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index c99af043..f7a4737c 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -291,12 +291,6 @@ lnd --bitcoin.active --bitcoin.testnet --debuglevel=debug --bitcoin.node=bitcoin `lnd` plus any application that consumes the RPC could cause `lnd` to miss crucial updates from the backend. -#### Disabling Wallet Encryption - -To disable encryption of the wallet files, pass the `--noencryptwallet` argument -to `lnd`. Obviously beware the security implications of running an unencrypted -wallet - this argument must only be used for testing purposes. - #### Macaroons `lnd`'s authentication system is called **macaroons**, which are decentralized From 8e017465c09e893690aa7ef639f4767972d24fc7 Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Tue, 4 Sep 2018 18:55:28 -0700 Subject: [PATCH 7/9] macaroons/README: update noencryptwallet -> noseedbackup --- macaroons/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/macaroons/README.md b/macaroons/README.md index 87ab93bb..6de7d8c1 100644 --- a/macaroons/README.md +++ b/macaroons/README.md @@ -26,7 +26,7 @@ In this DB the following two key/value pairs are stored: * The root key is symmetrically encrypted with the derived secret key, using the `secretbox` method of the library [btcsuite/golangcrypto](https://github.com/btcsuite/golangcrypto). - * If the option `--noencryptwallet` is used, then the default passphrase + * If the option `--noseedbackup` is used, then the default passphrase `hello` is used to encrypt the root key. ## Generated macaroons From 13e4fe2104bc5a570218a4125d676a057a630cd3 Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Tue, 4 Sep 2018 18:53:59 -0700 Subject: [PATCH 8/9] docker/lnd/start-lnd.sh: pass noseedbackup instead of noencryptwallet --- docker/lnd/start-lnd.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/lnd/start-lnd.sh b/docker/lnd/start-lnd.sh index ed1b2462..d65c145d 100755 --- a/docker/lnd/start-lnd.sh +++ b/docker/lnd/start-lnd.sh @@ -50,7 +50,7 @@ if [[ "$CHAIN" == "litecoin" ]]; then fi exec lnd \ - --noencryptwallet \ + --noseedbackup \ --logdir="/data" \ "--$CHAIN.active" \ "--$CHAIN.$NETWORK" \ From 98518706b2b1b6a48dcfd280e28ededd666f14f9 Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Tue, 4 Sep 2018 18:54:17 -0700 Subject: [PATCH 9/9] sample-lnd.conf: remove noencryptwallet flag from sample --- sample-lnd.conf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/sample-lnd.conf b/sample-lnd.conf index c082a545..489e1988 100644 --- a/sample-lnd.conf +++ b/sample-lnd.conf @@ -133,11 +133,6 @@ ; network. ; nobootstrap=1 -; If set, your wallet will be encrypted with the default passphrase. This isn't -; recommend, as if an attacker gains access to your wallet file, they'll be able -; to decrypt it. This value is ONLY to be used in testing environments. -; noencryptwallet=1 - ; The alias your node will use, which can be up to 32 UTF-8 characters in ; length. ; alias=My Lightning ☇