show CompactSeedQR when pressing "View Seed.."
AndySchroder opened this issue · 12 comments
For a keystore of type "Software Wallet" we have a "View Seed.." button under Settings. When pressing this button the BIP39 seed Mnemonic Words are shown.
Would really like to see a CompactSeedQR (https://github.com/SeedSigner/seedsigner/blob/dev/docs/seed_qr/README.md?ref=southernbitcoiner.com#compactseedqr-specification) here in addition to the word list.
I'm not sure if there are any reasons to also give the user the option to show a Standard SeedQR (https://github.com/SeedSigner/seedsigner/blob/dev/docs/seed_qr/README.md?ref=southernbitcoiner.com#standard-seedqr-specification). Would like some other peoples' opinions on that.
What would be the use case for this?
I am generally cautious with any functionality that can further expose a seed.
For making backups that can be more easily be recovered and for using with other stateless devices where the seed is recovered on each use. Sparrow wallet has the ability to import these via the camera, so why can't it display them? Using sparrow wallet on a machine that boots off a very cheap USB disk or SD card you may want to destroy that disk after each use, effectively making sparrow stateless as well. In that case you would want to be able to recover the seed via QR instead of having to type it in.
If you are concerned about this, it may make sense to have another button you press after "View Seed.." to show the CompactSeedQR. I've often thought that after pressing "View Seed.." it might even make sense to have a prompt "Are you sure you want to show the seed phrase" before actually displaying it, so maybe adding that too would help with some of your concerns.
For making backups that can be more easily be recovered
It seems to me that the only way to make a backup would be make some kind of a copy. Since I'm sure we agree this should not be a digital copy, I can only see a series of displays to aid in creating a paper QR copy. Not I think a strong need if the seed is already in a hot wallet, see below.
and for using with other stateless devices where the seed is recovered on each use
If the seed is already in a hot wallet, this use case seems rare.
For making backups that can be more easily be recovered
It seems to me that the only way to make a backup would be make some kind of a copy. Since I'm sure we agree this should not be a digital copy, I can only see a series of displays to aid in creating a paper QR copy. Not I think a strong need if the seed is already in a hot wallet, see below.
and for using with other stateless devices where the seed is recovered on each use
If the seed is already in a hot wallet, this use case seems rare.
Not if the seed is created in an offline version of sparrow wallet.
@seedhammer (https://seedhammer.com/get-started/load-seed-and-wallet#input) is another application where we'd want to expose the CompactSeedQR so that we don't need to fuss with the joystick and could go straight to metal.
@seedhammer (https://seedhammer.com/get-started/load-seed-and-wallet#input) is another application where we'd want to expose the CompactSeedQR so that we don't need to fuss with the joystick and could go straight to metal.
It is funny we are mentioned just now. I had this need recently, believe it or not, but only for a test (since running a hot wallet is nothing desirable with real funds).
While I agree with @craigraw to keep things simple, and that hot wallets in general are rare, I see nothing lost in showing already exposed data on same screen.
@seedhammer (https://seedhammer.com/get-started/load-seed-and-wallet#input) is another application where we'd want to expose the CompactSeedQR so that we don't need to fuss with the joystick and could go straight to metal.
It is funny we are mentioned just now. I had this need recently, believe it or not, but only for a test (since running a hot wallet is nothing desirable with real funds).
While I agree with @craigraw to keep things simple, and that hot wallets in general are rare, I see nothing lost in showing already exposed data on same screen.
Keep in mind I am not talking about a hot wallet here. Just as a seed signer can be built with no wifi, ethernet, or cellular, sparrow wallet can be run on a machine with no wifi, ethernet, or cellular.
I see nothing lost in showing already exposed data on same screen
What if someone is tempted to take a photo of the CompactSeedQR with their phone? Maybe an obvious footgun to us, but I could see it happen given the lack of other ways to create a convenient backup of a QR. At least, I think this may need a warning displayed first.
Apart from a standard SeedQR (which I actually prefer over CompactSeedQR) there is also BC ur:seed to consider.
What if someone is tempted to take a photo of the CompactSeedQR with their phone?
What if someone is tempted to take a photo of the seed words? I don't see any excess risk in showing info in different formats. I acknowledge that people are inclined to point their camera at QR codes - so a warning is a good idea.
CompactSeedQR may not be necessary since sparrow wallet is usually running on a fairly large screen, but I do think it is the most efficient of the formats, right? Since it is not critical on space efficiency, I think any format that is widely supported by @seedhammer, @SeedSigner, etc. would be great.
I agree the QR code is a bit more of a risk, but what about making it smaller? People can take a photo of the seed words or the QR code. Both are at risk, the main question is which one more reliably encodes the data with the resolution that the screen provides (and enables an onlooker to decipher it)? A smaller QR code can still work and avoid this concern a bit.
I would argue that the warning/confirmation should be there now for just showing the seed phrase in text format.
Another thing you can do in addition to some warning pop ups is require the wallet password to be reentered if you have the wallet encrypted. That is a more intentional confirmation that someone has to think about a bit longer about whether they want the seed revealed.
However, I think that in the end, the user really should always be careful when doing anything with displaying a seed phrase, and that is their responsibility to be in a private place.
Ok, I have added a button to display the SeedQR on the seed display dialog. Before it is shown, a warning dialog will be displayed. 3c631fa.
Tested in version 1.8.5, this is working good as expected!