Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NCC-E005955-AQM] Private Keys May Be Written to Log Files #71

Closed
dconnolly opened this issue Mar 8, 2023 · 0 comments · Fixed by #70
Closed

[NCC-E005955-AQM] Private Keys May Be Written to Log Files #71

dconnolly opened this issue Mar 8, 2023 · 0 comments · Fixed by #70
Assignees
@dconnolly
Labels
C-audit Category: Issues arising from audit findings

Comments

@dconnolly
Copy link
Contributor

In our Debug impl for SigningKey, we should not print out the seed, s, and prefix fields: we don't want those to end up in logs.
@dconnolly dconnolly self-assigned this Mar 8, 2023
@dconnolly dconnolly mentioned this issue Mar 8, 2023
Merged
@mpguerra mpguerra mentioned this issue Mar 9, 2023
Closed
36 tasks
@mpguerra mpguerra added the C-audit Category: Issues arising from audit findings label Mar 9, 2023
@mpguerra mpguerra changed the title Do not log secret fields [ NCC-E005955-AQM] Private Keys May Be Written to Log Files Mar 16, 2023
@mpguerra mpguerra changed the title [ NCC-E005955-AQM] Private Keys May Be Written to Log Files [NCC-E005955-AQM] Private Keys May Be Written to Log Files Mar 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dconnolly dconnolly

Labels
C-audit Category: Issues arising from audit findings
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Do not log SigningKey seed, prefix, s, as part of impl Debug ZcashFoundation/ed25519-zebra
2 participants
@dconnolly @mpguerra