it still is just security through obscurity as the private keys have to be decrypted anyway for PoS to work. One just has to extract them from the process memory and then steal the YACs. Tho it could be useful if you have the RPC interface exposed (which you shouldn't anyway :P).
Since YAC inderitated POS code from PPC through NVC, I guess the private key is constantly in the memory as long as you are minting POS. This is not only related to POS because when you decrypt a wallet of any crpto all private keys are in plain text stored somewhere in the memory. But POS coins tends to have the keys decrypted all the time according to above quote.
I haven’t tracked how secure the operating system protects private processes’ memory in the last, well, 15 years or more. Can someone confirm that for a hacker to access private memory takes more effort than to plant a Trojan horse and copy your keystroke?
Can someone confirm that for a hacker to access private memory takes more effort than to plant a Trojan horse and copy your keystroke?
I don’t know the answer, but it doesn’t take more than a trojan and a keylogger to steal the entire wallet.dat file + password of any coin. That is probably way easier to do than reading a private key from memory.
Can someone confirm that for a hacker to access private memory takes more effort than to plant a Trojan horse and copy your keystroke?
I don’t know the answer, but it doesn’t take more than a trojan and a keylogger to steal the entire wallet.dat file + password of any coin. That is probably way easier to do than reading a private key from memory.[/quote]
That is probably right. Except if the Trojan can come in, comb the memory for private keys, then stop running, it has a better chance to survive than sitting there all the time waiting for key strokes.