Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid printing xpubs in the logs #151

Open
0xmichalis opened this issue Apr 18, 2020 · 1 comment
Open

Avoid printing xpubs in the logs #151

0xmichalis opened this issue Apr 18, 2020 · 1 comment
Labels
enhancement New feature or request

Comments

@0xmichalis
Copy link

Some people seem to be (genuinely or not) worried about this and from a security standpoint it makes sense to do it. Either put every xpub log behind the debug flag, or mask/remove all instances altogether (maybe make this futureproof by making the project's Logger understand xpubs and always mask them).
@LaurentMT LaurentMT added the enhancement New feature or request label Apr 25, 2020
@LaurentMT
Copy link
Contributor

In terms of security, it seems likely that if an attacker is able to read these logs, he will also be ale to access the database that is storing the xpubs.

That being said, I see at least one benefit to the obfuscation of xpubs and addresses in the logs. It would allow users to share their logs (for support) without having to worry that these logs leak too much info about their wallet.

Possible solution: Logs only register the first and last characters of xpubs and addresses. It still leaks some info but it limits the leak while providing enough info for troubleshooting issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0xmichalis @LaurentMT