zecfoundation
/
zcashd
mirror of https://github.com/ZcashFoundation/zcashd.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zcashd/user/security-warnings.html

315 lines
19 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE HTML>
<html lang="en" class="sidebar-visible no-js light">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Security Warnings - The zcashd Book</title>
<!-- Custom HTML head -->
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff" />
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" href="../highlight.css">
<link rel="stylesheet" href="../tomorrow-night.css">
<link rel="stylesheet" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
</head>
<body>
<div id="body-container">
<!-- Provide site root to javascript -->
<script>
var path_to_root = "../";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "light";
</script>
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('no-js')
html.classList.remove('light')
html.classList.add(theme);
html.classList.add('js');
</script>
<!-- Hide / unhide sidebar before it is displayed -->
<script>
var html = document.querySelector('html');
var sidebar = null;
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../index.html">zcashd</a></li><li class="chapter-item expanded "><a href="../user.html"><strong aria-hidden="true">1.</strong> User Documentation</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../user/release-support.html"><strong aria-hidden="true">1.1.</strong> Release Support</a></li><li class="chapter-item expanded "><a href="../user/platform-support.html"><strong aria-hidden="true">1.2.</strong> Platform Support</a></li><li class="chapter-item expanded "><a href="../user/wallet-backup.html"><strong aria-hidden="true">1.3.</strong> Wallet Backup</a></li><li class="chapter-item expanded "><a href="../user/shield-coinbase.html"><strong aria-hidden="true">1.4.</strong> Shielding Coinbase Outputs</a></li><li class="chapter-item expanded "><a href="../user/files.html"><strong aria-hidden="true">1.5.</strong> Data Directory Structure</a></li><li class="chapter-item expanded "><a href="../user/metrics.html"><strong aria-hidden="true">1.6.</strong> Metrics</a></li><li class="chapter-item expanded "><a href="../user/tor.html"><strong aria-hidden="true">1.7.</strong> Using zcashd with Tor</a></li><li class="chapter-item expanded "><a href="../user/security-warnings.html" class="active"><strong aria-hidden="true">1.8.</strong> Security Warnings</a></li><li class="chapter-item expanded "><a href="../user/deprecation.html"><strong aria-hidden="true">1.9.</strong> Deprecated Features</a></li></ol></li><li class="chapter-item expanded "><a href="../dev.html"><strong aria-hidden="true">2.</strong> Developer Documentation</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../dev/dnsseed-policy.html"><strong aria-hidden="true">2.1.</strong> DNS Seeders</a></li><li class="chapter-item expanded "><a href="../dev/rust.html"><strong aria-hidden="true">2.2.</strong> Rust in zcashd</a></li><li class="chapter-item expanded "><a href="../dev/regtest.html"><strong aria-hidden="true">2.3.</strong> Regtest Tips And Hints</a></li><li class="chapter-item expanded "><a href="../dev/platform-tier-policy.html"><strong aria-hidden="true">2.4.</strong> Platform Tier Policy</a></li><li class="chapter-item expanded "><a href="../dev/deprecation.html"><strong aria-hidden="true">2.5.</strong> Deprecation Procedure</a></li></ol></li><li class="chapter-item expanded "><a href="../design.html"><strong aria-hidden="true">3.</strong> Design</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../design/chain-state.html"><strong aria-hidden="true">3.1.</strong> Chain State</a></li><li class="chapter-item expanded "><a href="../design/coins-view.html"><strong aria-hidden="true">3.2.</strong> "Coins" View</a></li><li class="chapter-item expanded "><a href="../design/p2p-data-propagation.html"><strong aria-hidden="true">3.3.</strong> P2P Data Propagation</a></li></ol></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky bordered">
<div class="left-buttons">
<button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</button>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">The zcashd Book</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="security-warnings"><a class="header" href="#security-warnings">Security Warnings</a></h1>
<h2 id="security-audit"><a class="header" href="#security-audit">Security Audit</a></h2>
<p>Zcash has been subjected to a formal third-party security review. For security
announcements, audit results and other general security information, see
https://z.cash/support/security.html</p>
<h2 id="wallet-encryption"><a class="header" href="#wallet-encryption">Wallet Encryption</a></h2>
<p>Wallet encryption is disabled, for several reasons:</p>
<ul>
<li>
<p>Encrypted wallets are unable to correctly detect shielded spends (due to the
nature of unlinkability of JoinSplits) and can incorrectly show larger
available shielded balances until the next time the wallet is unlocked. This
problem was not limited to failing to recognize the spend; it was possible
for the shown balance to increase by the amount of change from a spend,
without deducting the spent amount.</p>
</li>
<li>
<p>While encrypted wallets prevent spending of funds, they do not maintain the
shielding properties of JoinSplits (due to the need to detect spends). That
is, someone with access to an encrypted wallet.dat has full visibility of
your entire transaction graph (other than newly-detected spends, which suffer
from the earlier issue).</p>
</li>
<li>
<p>We were concerned about the resistance of the algorithm used to derive wallet
encryption keys (inherited from
<a href="https://bitcoin.org/en/secure-your-wallet">Bitcoin</a>) to dictionary attacks
by a powerful attacker. If and when we re-enable wallet encryption, it is
likely to be with a modern passphrase-based key derivation algorithm designed
for greater resistance to dictionary attack, such as Argon2i.</p>
</li>
</ul>
<p>You should use full-disk encryption (or encryption of your home directory) to
protect your wallet at rest, and should assume (even unprivileged) users who
are running on your OS can read your wallet.dat file.</p>
<h2 id="side-channel-attacks"><a class="header" href="#side-channel-attacks">Side-Channel Attacks</a></h2>
<p>This implementation of Zcash is not resistant to side-channel attacks. You
should assume (even unprivileged) users who are running on the hardware, or who
are physically near the hardware, that your <code>zcashd</code> process is running on
will be able to:</p>
<ul>
<li>
<p>Determine the values of your secret spending keys, as well as which notes you
are spending, by observing cache side-channels as you perform a JoinSplit
operation. This is due to probable side-channel leakage in the libsnark
proving machinery.</p>
</li>
<li>
<p>Determine which notes you own by observing cache side-channel information
leakage from the incremental witnesses as they are updated with new notes.</p>
</li>
<li>
<p>Determine which notes you own by observing the trial decryption process of
each note ciphertext on the blockchain.</p>
</li>
</ul>
<p>You should ensure no other users have the ability to execute code (even
unprivileged) on the hardware your <code>zcashd</code> process runs on until these
vulnerabilities are fully analyzed and fixed.</p>
<h2 id="rest-interface"><a class="header" href="#rest-interface">REST Interface</a></h2>
<p>The REST interface is a feature inherited from upstream Bitcoin. By default,
it is disabled. We do not recommend you enable it until it has undergone a
security review.</p>
<h2 id="rpc-interface"><a class="header" href="#rpc-interface">RPC Interface</a></h2>
<p>Users should choose a strong RPC password. If no RPC username and password are
set, zcashd will not start and will print an error message with a suggestion
for a strong random password. If the client knows the RPC password, they have
at least full access to the node. In addition, certain RPC commands can be
misused to overwrite files and/or take over the account that is running zcashd.
(In the future we may restrict these commands, but full node access including
the ability to spend from and export keys held by the wallet would still be
possible unless wallet methods are disabled.)</p>
<p>Users should also refrain from changing the default setting that only allows
RPC connections from localhost. Allowing connections from remote hosts would
enable a MITM to execute arbitrary RPC commands, which could lead to compromise
of the account running zcashd and loss of funds. For multi-user services that
use one or more zcashd instances on the backend, the parameters passed in by
users should be controlled to prevent confused-deputy attacks which could spend
from any keys held by that zcashd.</p>
<h2 id="block-chain-reorganization-major-differences"><a class="header" href="#block-chain-reorganization-major-differences">Block Chain Reorganization: Major Differences</a></h2>
<p>Users should be aware of new behavior in Zcash that differs significantly from
Bitcoin: in the case of a block chain reorganization, Bitcoin's coinbase
maturity rule helps to ensure that any reorganization shorter than the maturity
interval will not invalidate any of the rolled-back transactions. Zcash keeps
Bitcoin's 100-block maturity interval for generation transactions, but because
JoinSplits must be anchored within a block, this provides more limited
protection against transactions becoming invalidated. In the case of a block
chain reorganization for Zcash, all JoinSplits which were anchored within the
reorganization interval and any transactions that depend on them will become
invalid, rolling back transactions and reverting funds to the original owner.
The transaction rebroadcast mechanism inherited from Bitcoin will not
successfully rebroadcast transactions depending on invalidated JoinSplits if
the anchor needs to change. The creator of an invalidated JoinSplit, as well as
the creators of all transactions dependent on it, must rebroadcast the
transactions themselves.</p>
<p>Receivers of funds from a JoinSplit can mitigate the risk of relying on funds
received from transactions that may be rolled back by using a higher minconf
(minimum number of confirmations).</p>
<h2 id="logging-z_-rpc-calls"><a class="header" href="#logging-z_-rpc-calls">Logging z_* RPC calls</a></h2>
<p>The option <code>-debug=zrpc</code> covers logging of the z_* calls. This will reveal
information about private notes which you might prefer not to disclose. For
example, when calling <code>z_sendmany</code> to create a shielded transaction, input
notes are consumed and new output notes are created.</p>
<p>The option <code>-debug=zrpcunsafe</code> covers logging of sensitive information in z_*
calls which you would only need for debugging and audit purposes. For example,
if you want to examine the memo field of a note being spent.</p>
<p>Private spending keys for z addresses are never logged.</p>
<h2 id="potentially-missing-required-modifications"><a class="header" href="#potentially-missing-required-modifications">Potentially-Missing Required Modifications</a></h2>
<p>In addition to potential mistakes in code we added to Bitcoin Core, and
potential mistakes in our modifications to Bitcoin Core, it is also possible
that there were potential changes we were supposed to make to Bitcoin Core but
didn't, either because we didn't even consider making those changes, or we ran
out of time. We have brainstormed and documented a variety of such
possibilities in <a href="https://github.com/zcash/zcash/issues/826">issue #826</a>, and
believe that we have changed or done everything that was necessary for the
1.0.0 launch. Users may want to review this list themselves.</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../user/tor.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../user/deprecation.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../user/tor.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="../user/deprecation.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink