Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggestion 6: Only Save Encrypted Secrets to File #481

Open
mpguerra opened this issue Feb 18, 2025 · 0 comments · May be fixed by #494
Open

Suggestion 6: Only Save Encrypted Secrets to File #481

mpguerra opened this issue Feb 18, 2025 · 0 comments · May be fixed by #494
Milestone
FROST Demo Audit

Comments

@mpguerra
Copy link
Contributor

Location

frost-client/src/config.rs

Synopsis

The FROST client currently reads sensitive data from configurations, including secrets from a config file, which is not encrypted.

Mitigation

While unencrypted secrets might be acceptable for a demo version, we still recommend refraining from storing secrets in plaintext. A more appropriate approach would be to encrypt this data and prompt the user for a password during login.
@mpguerra mpguerra added this to the FROST Demo Audit milestone Feb 18, 2025
@mpguerra mpguerra moved this to Product Backlog in FROST Feb 18, 2025
@mpguerra mpguerra moved this from Product Backlog to Sprint Backlog in FROST Feb 18, 2025
@conradoplg conradoplg linked a pull request Feb 21, 2025 that will close this issue
Open
@mpguerra mpguerra linked a pull request Feb 25, 2025 that will close this issue
frost-client: add warning about unencrypted contents #494
Open
@mpguerra mpguerra moved this from Sprint Backlog to Review/QA in FROST Feb 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
FROST
Status: Review/QA
Milestone
FROST Demo Audit
Development

Successfully merging a pull request may close this issue.

frost-client: add warning about unencrypted contents ZcashFoundation/frost-zcash-demo
1 participant
@mpguerra