protecting hsm_secret with passphrase at filesystem from steal but allowing non interactive lightningd startup #8960
Unanswered
p01nt3rgit
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
actually hsm_secret can be dumped by:
lightning-hsmtool getsecret /root/.lightning/bitcoin/hsm_secret
in case of not encrypted disks like using cheap linux appliances like orangepi, odroid, rasberrypi this exposes lightning walled seed thief
this is also a risk in the eventuality of other defacements that allow access to hsm_secret
it is possible to encrypt the hsm_secret with passphrase by
lightning-hsmtool generatehsm /root/.lightning/bitcoin/hsm_secret
and starting the node with --hsm-passphrase
however it seems that this doesn't allow non-interactive startup. This is annoying thing since using containers, at each restart it causes the node to fail because it require prompting with passphrase
is there a way for allowing non-interactive startup without rolling back to legacy hsm_secret ? Is it supposed that legacy will be deprecated and dismissed at some point ?
what's the best way to protect hsm_secret ?
Thanks in advance
Beta Was this translation helpful? Give feedback.
All reactions