Hush Full Node software. We were censored from Github, this is where all development happens now.
https://hush.is
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 lines
997 B
27 lines
997 B
8 years ago
|
Security Warnings
|
||
|
|
====================
|
||
|
|
|
||
|
|
Security Audit
|
||
|
|
--------------
|
||
|
|
|
||
|
|
Zcash has not yet been subjected to a formal third-party security review. This
|
||
|
|
section will be updated with links to security audit reports in the future.
|
||
|
|
|
||
|
|
Side-Channel Attacks
|
||
|
|
--------------------
|
||
|
|
|
||
|
|
This implementation of Zcash is not resistant to side-channel attacks. You
|
||
|
|
should assume other unprivileged users running on the same hardware as your
|
||
|
|
`zcashd` process will be able to:
|
||
|
|
|
||
|
|
- Determine which note your are spending by observing cache side-channels as you
|
||
|
|
perform a JoinSplit operation. This is due to probable side-channel leakage in
|
||
|
|
the libsnark proving machinery.
|
||
|
|
|
||
|
|
- Determine which notes you own by observing cache side-channel information
|
||
|
|
leakage from the incremental witnesses as they are updated with new notes.
|
||
|
|
|
||
|
|
You should ensure no other users have the ability to execute code (even
|
||
|
|
unprivileged) on the hardware your `zcashd` process runs on until these
|
||
|
|
vulnerabilities are fully analyzed and fixed.
|