web3.js provides two packages to create user accounts, sign the transactions and perform other operations related to the user accounts. It says “web3.eth.accounts.create” on one hand and “web3.eth.personal.newAccount” on the other hand . Which one should be used ? Which one is more secure ?
web3.js 提供了两个packages用于创建账号,签署交易和执行一些与账号相关的操作。“web3.eth.accounts.create” 和 “web3.eth.personal.newAccount”。 应该使用哪一个? 哪一个更安全?
To be precise , both are secure and has to be used in the right context. What ever operations performed using web3.eth.accounts package should be performed on the local node, which means desktop wallets (like Mist, Ethereum Wallet) uses this package to create the accounts , saving the private keys , signing the transactions etc. on your local desktop or laptop itself. So because the operations are performed on the local, the private keys will not be sent to some other node on the network and they are particularly safe. This is the reason why the desktop wallets(like Mist, Ethereum Wallet) sync the entire block chain onto your local system and do not require to login until you are logged out because the information of your accounts is stored temporarily until and unless the entire data is cleared from the app folder.
确切地说,两者都是安全的,但是必须在正确的环境中使用。 在本地节点上执行任何的操作,应该使用web3.eth.accounts,这意味着本地桌面钱包(如Mist,Ethereum Wallet)会使用web3.eth.accounts创建帐户,保存私钥,签署交易等操作。 因此,由于操作是在本地执行的,所以私钥不会被发送到网络上的某个其他节点,所以它们特别安全。 这就是为什么桌面钱包(如Mist,Ethereum Wallet)需要将整个区块链同步到本地系统的原因,并且在登出之前不需要登录,因为您的帐户信息暂时存储在本地,除非整个数据被从应用程序文件夹中清除。
On the other hand , web3.eth.personal is used if you want to interact with another node’s accounts, which means what ever passwords you send will be used by some other node altogether which is the reason, this package is not used to create user accounts or store the private keys, rather this package will be used only to use the node itself. For example , lets consider this scenario where an app like steam.it has to send tokens to users whenever some one votes on his post. So all it needs to be done is that , I need to interact with the node’s account which has a lot of steam tokens and I have to transfer them to the user public addresses. In this case I am not creating a new address or a wallet , but just using the already created account on the server to transfer the tokens.
另一方面,如果您想与另一个节点的帐户进行交互,则使用web3.eth.personal,这意味着您发送的任何密码将被其他节点完全使用,这就是为什么web3.eth.personal不用于创建account或保存私钥,而且仅用于使用节点本身。 另外,让我们考虑一下像steam.it这样的应用程序必须在用户投票时发送tokens给用户的情况, 所需要做的是,我需要与具有大量steam tokens 的节点帐户进行交互,并且我必须将它们转移到用户公共地址。 在这种情况下,我不会创建新地址或钱包,而只是使用服务器上已创建的帐户来传输tokens。
网友评论