My question is, is it completely safe to create an account with real funds in Brownie without hardware wallet, only with a password? Is there a possibility the private key stored like that could be compromised somehow? And where does it stored on the computer?
In addition I have an issue: I use Trust Wallet installed on an empty smartphone as the main wallet with actual funds. As it does not allow to get the private key directly, I created a local account in Brownie from a seed phrase (for a new test Trust Wallet account), printed a private key in the console and thus created an account – is it a safe way, or is there another better one?
Best Answer
Keystore files are encrypted JSON files stored in your local machine. You can access them in
~/.brownie/accountson Linux/MAC OS (C:\Users\<User>\Appdata/Roaming/brownie/accountson Windows). These files are encrypted usingaes-128-ctr. (use give a password to encrypt your private key). You can find more information regarding them here.If you look at this answer question, which is regarding the security of
aes-128-ctr, you will see that the security of encryptedjsonfiles depends on the passwrod you use.