jahway603
/
hush3
forked from hush/hush3
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Update security doc, fuck sprout

minor
Duke Leto 4 years ago
parent
c8f9ec1620
commit
f7ae064845
2 changed files with 7 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 0
      doc/beefy-HUSH3.conf
  2. 16
      doc/security-warnings.md

0
doc/beefy-node-reference-komodo.conf → doc/beefy-HUSH3.conf
View File

16
doc/security-warnings.md
View File

@ -3,27 +3,25 @@
## Security Audits ## Security Audits
Hush has not been subjected to a formal third-party security review! But the Hush has not been subjected to a formal third-party security review! But the
Zcash source code has. For security some of the Zcash and Komodo source code it is based on has.
announcements, audit results and other general security information, see
https://z.cash/support/security.html
Hush does our best to integrate fixes and recommendations from Zcash audits Hush does our best to integrate fixes and recommendations from upstream audits
to our own code, such as audits on ZecWallet that apply to SilentDragon. to our own code, such as audits on ZecWallet that apply to SilentDragon.
Hush also reports many new bugs and issues to upstream Zcash and many other Hush used to report many new bugs and CVEs to upstream Zcash and Komodo but
Zcash Protocol coins. those relations have broken down.
Additionally, Hush itself finds many CVE's and things-that-should-be-CVE's Additionally, Hush itself finds many CVE's and things-that-should-be-CVE's
in Zcash internals. Since Zcash community treats Hush people so poorly, we in Zcash internals. Since Zcash community treats Hush people so poorly, we
keep these bugs and fixes to ourselves. If you want to know some of them, keep these bugs and fixes to ourselves. If you want to know some of them,
let us know and bring your wallet. let us know and bring your wallet. Public information available at
<a href="https://attackingzcash.com">attackingzcash.com</a>
## Wallet Encryption ## Wallet Encryption
Wallet encryption is disabled, for several reasons: Wallet encryption is disabled, for several reasons:
- Encrypted wallets are unable to correctly detect shielded spends (due to the - Encrypted wallets are unable to correctly detect shielded spends (due to the
nature of unlinkability of JoinSplits) and can incorrectly show larger nature of unlinkability of ShieldedSpends) and can incorrectly show larger
available shielded balances until the next time the wallet is unlocked. This available shielded balances until the next time the wallet is unlocked. This
problem was not limited to failing to recognize the spend; it was possible for problem was not limited to failing to recognize the spend; it was possible for
the shown balance to increase by the amount of change from a spend, without the shown balance to increase by the amount of change from a spend, without

Write Preview
Loading…
Cancel
Save