Skip to content

Decryption/password does not check password validity #2

Description

@Anynomouss

I tested the decrypt tool with a Solflare wallet. It decrypts with any password.
Is there no internal check if the password is correct?

Not sure how Solflare exactly implemented it, but I assume the keystore file contains a hash of at least a part of the key to check integrity and check if decryption with a password is successful. For example in an Ethereum keystore, a
MAC - message authentication code (MAC) is used to check the message integrity after it is decrypted (to know whether the wallet decryption password was correct or not).

How does Solana check the integrity of a keystore? I did notice the keystore contains the user Token account address, perhaps that is used to check integrity?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions