Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private Keys in Log Files #208

Closed
faddat opened this issue Jun 28, 2020 · 3 comments
Closed

Private Keys in Log Files #208

faddat opened this issue Jun 28, 2020 · 3 comments

Comments

@faddat
Copy link
Contributor

faddat commented Jun 28, 2020

Currently, our log files include the seed to the node's wallet address:

❯ cat ~/mainnet_log
2020-06-28 11:03:55 INFO  [main] vsys.Application$ - Starting...
2020-06-28 11:03:56 INFO  [main] kamon.Kamon$Instance - Initializing Kamon...
2020-06-28 11:03:56 INFO  [lt-dispatcher-3] a.event.slf4j.Slf4jLogger - Slf4jLogger started
2020-06-28 11:03:56 INFO  [main] vsys.Application$ - VSYS Core v0.2.2 Blockchain Id: M
2020-06-28 11:03:56 INFO  [main] v.b.s.BlockchainUpdaterImpl - Constructing BlockchainUpdaterImpl, total blocks: 0, persisted: 0, topMemDiff: 0, bottomMemDiff: 0
2020-06-28 11:03:56 INFO  [main] v.b.s.BlockchainUpdaterImpl - State rebuild started, total blocks: 0, persisted: 0, topMemDiff: 0, bottomMemDiff: 0
2020-06-28 11:03:56 INFO  [main] v.b.s.BlockchainUpdaterImpl - State rebuild finished, total blocks: 0, persisted: 0, topMemDiff: 0, bottomMemDiff: 0
2020-06-28 11:03:57 INFO  [main] v.wallet.Wallet$WalletImpl - Your randomly generated seed is 5XbUuo4s6dYkyxkCh9Ee6CnFngSPVf1EHvL2RRAsdjdFa2TQ8SzgwBh1faK5hWE4t6wnung4TLC537kdGT8763do
2020-06-28 11:03:57 INFO  [main] vsys.Application$$anon$1 - Genesis block has been added to the state
2020-06-28 11:03:57 INFO  [main] v.wallet.Wallet$WalletImpl - Added account #1
2020-06-28 11:03:58 INFO  [main] vsys.Application$$anon$1 - REST API was bound on 0.0.0.0:9922

It's probably a good idea for this to not be logged, doesn't seem like best practices.
@ncying
Copy link
Member

ncying commented Jun 28, 2020

Some answers about this log.

  1. if one can access this log, it may easily access your wallet.dat file. in v systems, we use cold minting tech, in this case, we may not care about the node's private key since most of the node addresses have 0 balance. all rewards will be delivered to the cold reward address. please double-check the answer in Node Stability #194
  2. if the user still not like to print the seed in the log, they can use wallet generation to generate a wallet.dat file before start the node, it can also set a password for that .dat file(however, it may useless, in conf, the user still need extra conf for that password in order to get the private key to sign the blocks) https://github.com/virtualeconomy/v-wallet-generator
  3. similar to 2, if you do not ask the system to generate a random seed for you (set in conf directly), this log will not appear.

@faddat faddat mentioned this issue Jul 10, 2020
Open
@faddat
Copy link
Contributor Author

faddat commented Jul 11, 2020

@ncying

is #3 accomplished by removing the wallet section from the config file?

Thanks!

@faddat
Copy link
Contributor Author

faddat commented Jul 12, 2020
edited
Loading

Specifically, removing this:

  # Wallet settings
  wallet {
    # Password to protect wallet file
    password = "vsys"

    # Wallet seed as string
    # seed = ""
  }

And maybe adding that removal to #214

This was referenced Jul 12, 2020
Open
Closed
@ncying ncying mentioned this issue Jul 14, 2020
Merged
3 tasks
@faddat faddat closed this as completed Nov 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@faddat @ncying