web3.js provides two packages to create user accounts, sign the transactions and perform other operations related to the user accounts. It says “web3.eth.accounts.create” on one hand and “web3.eth.personal.newAccount” on the other hand . Which one should be used ? Which one is more secure ?

web3.js 提供了兩個packages用于創(chuàng)建賬號，簽署交易和執(zhí)行一些與賬號相關的操作。“web3.eth.accounts.create” 和 “web3.eth.personal.newAccount”。 應該使用哪一個？ 哪一個更安全？

To be precise , both are secure and has to be used in the right context. What ever operations performed using web3.eth.accounts package should be performed on the local node, which means desktop wallets (like Mist, Ethereum Wallet) uses this package to create the accounts , saving the private keys , signing the transactions etc. on your local desktop or laptop itself. So because the operations are performed on the local, the private keys will not be sent to some other node on the network and they are particularly safe. This is the reason why the desktop wallets(like Mist, Ethereum Wallet) sync the entire block chain onto your local system and do not require to login until you are logged out because the information of your accounts is stored temporarily until and unless the entire data is cleared from the app folder.

確切地說，兩者都是安全的，但是必須在正確的環(huán)境中使用。 在本地節(jié)點上執(zhí)行任何的操作，應該使用web3.eth.accounts，這意味著本地桌面錢包（如Mist，Ethereum Wallet）會使用web3.eth.accounts創(chuàng)建帳戶，保存私鑰，簽署交易等操作。 因此，由于操作是在本地執(zhí)行的，所以私鑰不會被發(fā)送到網(wǎng)絡上的某個其他節(jié)點，所以它們特別安全。 這就是為什么桌面錢包（如Mist，Ethereum Wallet）需要將整個區(qū)塊鏈同步到本地系統(tǒng)的原因，并且在登出之前不需要登錄，因為您的帳戶信息暫時存儲在本地，除非整個數(shù)據(jù)被從應用程序文件夾中清除。

On the other hand , web3.eth.personal is used if you want to interact with another node’s accounts, which means what ever passwords you send will be used by some other node altogether which is the reason, this package is not used to create user accounts or store the private keys, rather this package will be used only to use the node itself. For example , lets consider this scenario where an app like steam.it has to send tokens to users whenever some one votes on his post. So all it needs to be done is that , I need to interact with the node’s account which has a lot of steam tokens and I have to transfer them to the user public addresses. In this case I am not creating a new address or a wallet , but just using the already created account on the server to transfer the tokens.

另一方面，如果您想與另一個節(jié)點的帳戶進行交互，則使用web3.eth.personal，這意味著您發(fā)送的任何密碼將被其他節(jié)點完全使用，這就是為什么web3.eth.personal不用于創(chuàng)建account或保存私鑰，而且僅用于使用節(jié)點本身。 另外，讓我們考慮一下像steam.it這樣的應用程序必須在用戶投票時發(fā)送tokens給用戶的情況， 所需要做的是，我需要與具有大量steam tokens 的節(jié)點帳戶進行交互，并且我必須將它們轉移到用戶公共地址。 在這種情況下，我不會創(chuàng)建新地址或錢包，而只是使用服務器上已創(chuàng)建的帳戶來傳輸tokens。