Support changing master password #1981
Comments
|
Something I ran into here while implementing this, lnd only allows password changes while it's in a locked state. Changing the password automatically unlocks lnd and for future unlocks you'd only need the new password, but it's not possible to change the password of a running lnd instance without stopping it and starting it back up into its locked state. Is it fine to replicate this behavior for xud? I can't really think of a simple way to stop and start lnd within xud to implement the password change, so that may be our only practical option, but I wanted to make sure it made sense to others. One option would be to save the old password in the database and attempt to change the password for lnd on the next time xud starts up, but that is certainly more complex. One other minor question is what we should do if xud isn't able to change the password for all configured lnds - do we just error the request to change the password? That's our approach for wallet creation, so I figure it makes sense to do the same here lest we wind up with differing passwords between lnd and xud. |
Yes, that's how it should be. Rather a failed password change than differing passwords and unlock errors = unusable lnds later.
Can lnd+xud just continue running without restart? The next start will require the new password, same for xud. Does anything speak against that? |
|
When discussing this, it became clear that the lnd restart is needed in order to get lnd into
Let me know what I missed @sangaman |
This part seems challenging. For one thing we may be in the middle of a swap such that we can't safely stop lnd on short notice without causing a swap to fail. But assuming we do, should we wait a fixed amount of time for lnds to come online and fail the call if they're not all up in time? At a minimum it would disrupt market making activity which xob I'm warming up more to the idea of saving the old password in the database (encrypted) along with which lnds still need their password changed, and trying to change them the next time(s) we unlock xud with the new password. |
This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets. Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd. Closes #1981.
This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets. Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd. Closes #1981.
This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets. Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd. Closes #1981.
This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets. Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd. Closes #1981.
This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets. Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd. Closes #1981.
This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets. Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd. Closes #1981.
This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets. Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd. Closes #1981.
This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets. Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd. Closes #1981.
* feat(db): migration framework This introduces a framework for tracking a database's version and migrating from one version to the next when the database schema needs to be modified. The migrations consist of an array of methods that each are responsible for upgrading from a particular version, and they are run in sequence when we detect that the current database version is lower than the latest version. * feat(db): migration to db v1 * refactor: cryptoUtils * test: cryptoUtils * feat: change master password This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets. Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd. Closes #1981.
This is needed for ExchangeUnion/xud-ui#39 - we are setting a default password in XUD EXPLORER the user "creating" the password is actually "changing" the password.
The text was updated successfully, but these errors were encountered: