hush/doc/security.md

# Security Overview

This document is a very high overview related to the security of Hush, with links to other resources.

## SECURITY AUDIT

Hush itself has not had a 3rd party code audit, but our upstream fork, Zcash, has. More details on that here:

https://z.cash/blog/audit-results.html

# KNOWN SECURITY ISSUES

Each release contains a `./doc/security-warnings.md` document describing security
issues known to affect that release. You can find the most recent version of
this document [here](https://github.com/MyHush/hush/blob/master/doc/security-warnings.md)

Note that this link points to the "in development" version of the file, so it
may have more recent findings than the version released with your software. (It
might also have issues that are only relevant for the upcoming release which
don't affect the current release or older software.)

# What if myhush.org get hacked?

In the event the Hush website is down or hacked, please also check these
twitter handles: @dukeleto and @MyHushTeam. The Hush protocol has an
alert system and currently a small set of people control the keys to issue
alerts. These will be sent to all nodes, if necessary in an emergency situation.

Additionally, you can contact Duke Leto via GPG keys from [Keybase](https://keybase.io/dukeleto), corresponding to

    F16219F4C23F91112E9C734A8DFCBF8E5A4D8019
    https://keybase.io/dukeleto/pgp_keys.asc

# What if all the Hush core devs turn evil?

If we are sufficiently hacked, or if we collectively turn evil, the above
resources will not be sufficient to protect you. Luckily, the Hush network is
growing into a larger and more resilient decentralized community everyday.
Add an overview security document, so we can link to it from our extended hushd version string 7 years ago			`# Security Overview`

			`This document is a very high overview related to the security of Hush, with links to other resources.`

			`## SECURITY AUDIT`

			`Hush itself has not had a 3rd party code audit, but our upstream fork, Zcash, has. More details on that here:`

			`https://z.cash/blog/audit-results.html`

			`# KNOWN SECURITY ISSUES`

			Each release contains a `./doc/security-warnings.md` document describing security
			`issues known to affect that release. You can find the most recent version of`
			`this document [here](https://github.com/MyHush/hush/blob/master/doc/security-warnings.md)`

			`Note that this link points to the "in development" version of the file, so it`
			`may have more recent findings than the version released with your software. (It`
			`might also have issues that are only relevant for the upcoming release which`
			`don't affect the current release or older software.)`

			`# What if myhush.org get hacked?`

			`In the event the Hush website is down or hacked, please also check these`
update security doc 5 years ago			`twitter handles: @dukeleto and @MyHushTeam. The Hush protocol has an`
Add an overview security document, so we can link to it from our extended hushd version string 7 years ago			`alert system and currently a small set of people control the keys to issue`
			`alerts. These will be sent to all nodes, if necessary in an emergency situation.`

update security doc 5 years ago			`Additionally, you can contact Duke Leto via GPG keys from [Keybase](https://keybase.io/dukeleto), corresponding to`

			`F16219F4C23F91112E9C734A8DFCBF8E5A4D8019`
			`https://keybase.io/dukeleto/pgp_keys.asc`

Add an overview security document, so we can link to it from our extended hushd version string 7 years ago			`# What if all the Hush core devs turn evil?`

			`If we are sufficiently hacked, or if we collectively turn evil, the above`
			`resources will not be sufficient to protect you. Luckily, the Hush network is`
			`growing into a larger and more resilient decentralized community everyday.`