fiatjaf / sparko

c-lightning RPC over HTTP with fine-grained permissions, SSE and spark-wallet support
38 stars 12 forks source link

Don't log secrets in cleartext #10

Open Legogris opened 3 years ago

Legogris commented 3 years ago

Thanks for your work on this @fiatjaf ! Having an integrated wallet with lightningd is great.

When setting this up, I have some thoughts on how to improve the security story for sparko.

This one I hope is obvious:

Following up in #11

fiatjaf commented 3 years ago

Logging a hash is confusing, it's better to not log anything.

But following up on #11 I think this works if we add a new optional option, sparko-keyhashes=, that will work just like sparko-keys=, but for people who don't want to type the key on their config file, they can just type a hash.

And on memory we will just store the hashes. For sparko-keys we hash them all. For sparko-keyhashes we just use the hash the user has provided.

Then when someone does a call attempt we hash the key they sent and check against the key hashes we have in memory. What do you think?