are there any updates here ?
I find the thought quite disturbing that dozens (maybe much, much more) of users could potentially create accounts with geth each and every day that are generated with a different password compared to the password the user set. This is horrible and this should be address pretty quickly.
I mean this isn’t a rare situation at all. At least all windows binary (and the master source code) are affected by this bug. This problem kind of affects every windows user if they didn’t set an international keyboard layout (i.e. only the English United States International layout seems to be an exception for some reason, which might be only used by very few users) and used non-ASCII characters within their password.
As already mentioned, this problem also leads to other problems like the user can’t use this keystore file with 3rd party tools like mycrypto/myetherwallet (because they don’t mangle the password input in the same way the geth-liner-combination does) and you also can’t use mist UI etc if the key was generated with geth beforehand (because the password, when we look at this specific bug, only gets screwed-up by the geth-liner combo).
I think there is absolutely no plausible reason to wait until even more (hundreds/thousands?) of keystore files are generated «incorrectly» (with wrong password)… I reported the problem about 3 months ago and it seems the users noticed some strange behaviour even much, much earlier (though nobody seemed to identify the main cause before I opened this issue). Why risk that even more keystore files are incorrectly generated ? This should be escalated and handled very responsible and by considering all aspects of the changes (like I already mentioned: what if the keystore file was generated with the mangled password, but in upcomming versions geth uses the «correct» password input? both versions of the password — mangled/raw — must be tested, on each and every platform).
You might have more numbers/stats available than I have, but my guess is that there are a lot of windows geth downloads and also a lot of users that do not use ASCII characters at all (their keyboard is non-english, uses non-latin characters in general !!!) and/or a lot of users try to set a difficult password with special characters/umlauts etc… all these cases lead to a INCORRECT keystore file, I you know that this happens since about 3 months and did nothing against it! This is a horrible fact and I find it very careless of you to not address problems like this with highest priority and uttermost diligence.
I mean … the exact problem was already carefully analyzed and reported and even the reason/fix was already proposed by me (i.e. update liner + test for mangled password) … the only thing missing is the code that checks both versions of the password to not risk that all old/affected keystore files are completely useless (and to not risk that not only they don’t work with 3th party software, but also do not work anymore with newer versions of geth… if the fix is not handling these special cases/keystore files).
I think somebody needs to escalate this problem if nothing happens within the next few days/weeks. Maybe we should at least let the ethereum twitter and reddit community ask what they think of this bug and how this was (not) addressed within a timely manner.
Finally, I just want to make sure that nobody gets this/me wrong: I’m not trying to blame somebody for this problem or accuse somebody of something… but thinking about hundreds/thousands of keystore files that are completely wrongly generated and the devs ignoring it for months makes me a little bit alerted and frustrated. I see no reason why devs do this to their users (maybe they just forget/ignored the issue, but I think it’s horrible enough that it can’t be simply ignored !).
Запись редактировалась последний раз: May 31, 2018, 11:48 am