Description Of The Different Usernames, Passwords, And Passphrases

Discussion in 'Technical Support' started by davecgh, Feb 2, 2016.

  1. 2017/12/15 - Decred v1.1.2 released! → Release Notes  → Downloads
  1. davecgh

    davecgh Hero Member
    Developer Organizer

    Dec 31, 2015
    642
    788
    Male
    United States
    Many people have been asking and/or confused by the different usernames, passwords, and passphrases involved. I thought it would be a good idea to compile this information in one place for easy reference.

    In regards to dcrd, dcrwallet, and dcrctl there are effectively 2 usernames and 4 passwords/passphrases involved. It easiest to break these down into 3 categories as follows:
    1. One username/password pair is used for the dcrd RPC server authentication. Whenever you run dcrd with the --rpcuser (-u) and --rpcpass (-P) options, you are indicating that you would like for dcrd to run an RPC server that is protected by those credentials.
    2. Another username/password pair is used for the dcrwallet RPC server authentication. Whenever you run dcrwallet with the --username (-u) and --password (-P) options, you are indicating that you would like for dcrwallet to run an RPC server that is protected by those credentials and to connect to dcrd using the same credentials. It is possible to have different credentials for both servers, in which case you can use the --dcrdusername and --dcrdpassword parameters to configure wallet to connect to the dcrd RPC server using those different credentials.
    3. The wallet encryption public and private passphrases. These are the passphrases you entered when creating the wallet. The private encryption passphrase is required, however the public encryption passphrase is optional. If you chose to use public encryption, the public encryption passphrase is specified to dcrwallet with the --walletpass option. These encryption passphrases have to do with how the data on disk and in memory is encrypted. All private keys are encrypted via your private encryption passphrase, while public information is (optionally) encrypted via your public encryption passphrase. This is why the wallet requires you to unlock it with the private encryption passphrase in order to sign transactions (which is required in order to send funds, purchase tickets, and vote).
     
    Morphy, exp, evanjdevs and 9 others like this.
  2. Dyrk

    Dyrk Sr. Member
    Developer

    Jan 7, 2016
    518
    376
    Male
    Wonderland
    Hi @davecgh,
    how can I configure dcrctl to work without specifying -u and -P?
    for dcrd I created config file: /home/dyrk/.dcrd/dcrd.conf
    Code:
    rpcuser=dyrk
    rpcpass=123
    for dcrwallet I created config file: /home/dyrk/.dcrwallet/dcrwallet.conf
    Code:
    username=dyrk
    password=123
    And now both work as expected without -u and -P parameters in command line.
    But dcrctl still throws error "401 Unauthorized." and I didn't find config example for it in wiki.
     
  3. davecgh

    davecgh Hero Member
    Developer Organizer

    Dec 31, 2015
    642
    788
    Male
    United States
    @Dyrk

    Code:
    $ dcrctl -h
    ...
      -C, --configfile:  Path to configuration file
      (/home/davec/.dcrctl/dcrctl.conf)
      -u, --rpcuser:  RPC username
      -P, --rpcpass:  RPC password
    ...
    
    So, you create ~/.dcrctl/dcrctl.conf with:

    Code:
    rpcuser=dyrk
    rpcpass=123
    
     
    ClokworkGremlin and Dyrk like this.
  4. ClokworkGremlin

    ClokworkGremlin Sr. Member

    Jan 10, 2016
    535
    381
    Male
    Whatever I want.
    This is super useful to know, I'm going to go add it to my tutorial.
     
  5. zero

    zero Full Member

    Jan 1, 2016
    288
    121
    Male
    From what I understand, I think wallet passphrase is the most important since it's needed for unlocking our wallet and send funds to somewhere else.

    But can you explain me what would be the point of a passphrase for public data even on Mainnet?
     
  6. davecgh

    davecgh Hero Member
    Developer Organizer

    Dec 31, 2015
    642
    788
    Male
    United States
    I answered in another thread, but I'll copy it here for visibility as well.

    There are several pieces of "pseudo public" information which are still useful to protect against general public knowledge for the privacy conscious among us.

    For example, all addresses are generated deterministically, so each account has an extended public key associated with. If you don't have your local wallet database encrypting those extended public keys, anyone who got your wallet database would then easily be able to determine every address you have used and will ever use. With that information they could then determine your exact balances and track every single transaction involving you for as long as you continue using the same seed.

    Note that this doesn't mean they could actually steal your coins or anything as those details are encrypted by the private passphrase you are required to have.
     
    zero likes this.
  7. sambiohazard

    sambiohazard Sr. Member

    Jan 21, 2016
    844
    372
    he is the same user lol
    he asked same questions in anondran's thread as well :p
     
  8. davecgh

    davecgh Hero Member
    Developer Organizer

    Dec 31, 2015
    642
    788
    Male
    United States
    Aye, I was just posting it here for visibility purposes. People trying to understand the different usernames and passphrases will likely be looking at this thread, so I thought it would be useful to have it consolidated a little more.
     
  9. Alex

    Alex New Member

    Dec 21, 2015
    117
    2
    I not have user and pass, i have only 30 words, decred adress, decred id and HEX
    What to do to get the user and pass for all programs?
     
  10. davecgh

    davecgh Hero Member
    Developer Organizer

    Dec 31, 2015
    642
    788
    Male
    United States
    They can be anything you want them to be! They are your own personal usernames/passwords you want to use to protect your setup.
     
  11. Alex

    Alex New Member

    Dec 21, 2015
    117
    2
    no no, i about other, it create user password or i need know already user password?
     
  12. zero

    zero Full Member

    Jan 1, 2016
    288
    121
    Male
    Are there any characters we've better avoid on those passphrases for possible compatibility issues?

    Also can some please post the commands for changing the passphrases and maybe also the command to make a public passphrase afterwards? (If all these are possible)
     
  13. davecgh

    davecgh Hero Member
    Developer Organizer

    Dec 31, 2015
    642
    788
    Male
    United States
    As long as you enclose the password with quotes on the command line, there shouldn't be any issue except one -- if the password itself contains a quote, in that case you'd need to escape it (standard command line stuff).

    I should note that I recommend using config files to avoid these issues altogether. First, you don't have to worry about quoting or anything, and second, it won't be in your command line history.
     
    eshriek and zero like this.
  14. knurdtech

    knurdtech New Member

    Jan 16, 2016
    12
    6
    Male
    What are the security implications of using the same RPC server authentication passwords with dcrd and dcrwallet?
     
  15. davecgh

    davecgh Hero Member
    Developer Organizer

    Dec 31, 2015
    642
    788
    Male
    United States
    There is a lot less you can do with access to dcrd than you can to dcrwallet. The key point is that RPC access to dcrwallet, when the wallet is unlocked, can be used to spend coins.

    When they're both on the same machine, it probably doesn't matter all that much, but when you're running more secure setups where the wallet is on a separate machine than dcrd, you would pretty clearly not want to use the same credentials for both. Remember that dcrd has to be on an internet facing machine in order to stay synced to the network (download the block chain data, broadcast transactions, etc).

    On the other hand, the dcrwallet that contains your funds, for best security, should really not be on a system that has internet access as it's infinitely more difficult for someone to steal your coins if the wallet that contains them isn't even on a machine that is accessible via the internet. Obviously, if you are staking your coins, you will need at least one internet-facing dcrwallet instance. Thus, the most secure setup involves having one "cold" dcrwallet instance that is on a machine that is not internet accessible, and a second "hot" dcrwallet instance (using a different seed of course) to which the cold dcrwallet instance delegates voting right via the --ticketaddress parameter, both of which use different credentials. This setup is described on the wiki.
     
    knurdtech likes this.
  16. avirdoz

    avirdoz New Member

    Feb 5, 2016
    14
    2
    Male
    #16 avirdoz, Apr 9, 2016
    Last edited: Apr 9, 2016
    Wallet.db contain public and private keys, and if i dont use public encryption passphrase public keys stored as a plain text?
     
  17. davecgh

    davecgh Hero Member
    Developer Organizer

    Dec 31, 2015
    642
    788
    Male
    United States
    For all intents and purposes, yes. Technically it's stored encrypted too, but it's encrypted with a well-known and hard-coded password in the code if you don't specify it, so it's trivial for anyone to decrypt it using that information. Ergo, yes, it's effectively plain text in that case.
     

Share This Page