Context: I'm fairly new to web3, and as we all know it's developing quite regularly. I'm working towards a "sign in with Metamask"-type functionality using web3@1.0.0-beta.46.
Most of the docs/discussions online I've seen recommend using web3.eth.personal.sign over the other signing methods (at least for the purpose of signing a message to prove ownership of an address), but all examples I've seen online seem to ignore the third argument, password, which is described in the docs as "The password of the account to sign data with."
Up until 1.0.0-beta.38, the password argument could be left undefined, but with 38 now throws Invalid Arguments length: expected: 3, given: 2.
Looking at the docs, they provide an example: https://web3js.readthedocs.io/en/1.0/web3-eth-personal.html#sign
web3.eth.personal.sign("Hello world", "0x11f4d0A3c12e86B4b5F39B213F7E19D048276DAe", "test password!")
.then(console.log);
It seems silly to simply pass in a static string. There's gotta be something here I'm not getting.
Can someone clarify what the point of the password argument is? Is it to be used like a challenge or a salt? Should I pass in my nonce, instead of adding it to the message string? Am I way off?
I'll keep digging, but could use some guidance. Thanks.
edit: changing the password value doesn't change the signature.
