sparko icon indicating copy to clipboard operation
sparko copied to clipboard
verified publisher icon fiatjaf

Don't log secrets in cleartext

Open Legogris opened this issue 4 years ago • 1 comments

Thanks for your work on this @fiatjaf ! Having an integrated wallet with lightningd is great.

When setting this up, I have some thoughts on how to improve the security story for sparko.

This one I hope is obvious:

  • login password omitted
  • omit generated access-key
  • access keys replaced with first characters of sha256 hash

Following up in #11

Legogris avatar Jan 20 '21 04:01 Legogris

Logging a hash is confusing, it's better to not log anything.

But following up on #11 I think this works if we add a new optional option, sparko-keyhashes=, that will work just like sparko-keys=, but for people who don't want to type the key on their config file, they can just type a hash.

And on memory we will just store the hashes. For sparko-keys we hash them all. For sparko-keyhashes we just use the hash the user has provided.

Then when someone does a call attempt we hash the key they sent and check against the key hashes we have in memory. What do you think?

fiatjaf avatar Jan 21 '21 00:01 fiatjaf