I feel very uncomfortable putting my password in a plain text file for the minting process. It isn't very secure and making another account is inconvenient plus transferring MSCoins I mint from a specific minting account to a main account costs transaction fees I don't want to pay. I believe I have come up with a better system than storing the account password in a plain text file. The answer is setting up minting permissions and a separate minting password.
Here is what I mean, we set up "Minting Permissions" as account properties. These would include whatwhat options such as what coins are acceptable to mint for that account, how many should be attempted each mint, and for advanced users, settings such as only allowing computers with a specific IP address to mint under that account and the minimum amount of NXT the account needs to have in order for minting to be permitted.
An account may optionally set up a special minting password which will be required for someone to be able to mint with that account. This password would work only for minting transactions and nothing else. A special option should be avalible to allow the minting client to remember the password (either the account password if no minting password has been set up, or if it has, the minting password) and ask for it when the client is first set up so that the password never has to be stored in a plain text file... Especially if the main password is used!
I am aware that a minting password would take up more storage space in the account database but the security benefits are tremendous! First of all, if someone steals the main password, they can steal everything in the account! If they steal the minting password, all they can do is mint coins which they cannot even access without the main password! This can drain the NXT supply of the account owner but doesn't really benefit the attacker in any way. Further, with additional account settings I mentioned before, they can only mint for coins that the user wants to mint anyways and can only drain the user down to the minimum supply of NXT that the user specified.
For this reason, the minting password hash doesn't have to have the same length as the users password hash as there is an additional security net which makes it so that, if anything, the attacker just helps the user mint faster which could even benefit the user!
Also, if the attacker gets the minting password from the user and the user doesn't appreciate the minting help, they can use their main password to change their minting password whenever they wish which would suddenly block out the attackers attempts to mint for the user.
There should be an option to allow people to mint on your account using only your RS Address. This would allow people to essentially donate their minting power to the user if the user wants it. With the account options the require a minimum amount of units per mint and allow the user to specify which MSCoins are permitted to be minted, the account owner would not need to worry about people wasting their NXT by not minting enough per NXT or minting undesired coins with their NXT.
Let me know what you guys think!
Author
Topic: A better way to handle minting passwords. (Read 906 times)