315 lines
19 KiB
HTML
315 lines
19 KiB
HTML
<!DOCTYPE HTML>
|
||
<html lang="en" class="sidebar-visible no-js light">
|
||
<head>
|
||
<!-- Book generated using mdBook -->
|
||
<meta charset="UTF-8">
|
||
<title>Security Warnings - The zcashd Book</title>
|
||
|
||
|
||
<!-- Custom HTML head -->
|
||
|
||
<meta name="description" content="">
|
||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||
<meta name="theme-color" content="#ffffff" />
|
||
|
||
<link rel="icon" href="../favicon.svg">
|
||
<link rel="shortcut icon" href="../favicon.png">
|
||
<link rel="stylesheet" href="../css/variables.css">
|
||
<link rel="stylesheet" href="../css/general.css">
|
||
<link rel="stylesheet" href="../css/chrome.css">
|
||
<link rel="stylesheet" href="../css/print.css" media="print">
|
||
|
||
<!-- Fonts -->
|
||
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
|
||
<link rel="stylesheet" href="../fonts/fonts.css">
|
||
|
||
<!-- Highlight.js Stylesheets -->
|
||
<link rel="stylesheet" href="../highlight.css">
|
||
<link rel="stylesheet" href="../tomorrow-night.css">
|
||
<link rel="stylesheet" href="../ayu-highlight.css">
|
||
|
||
<!-- Custom theme stylesheets -->
|
||
|
||
</head>
|
||
<body>
|
||
<div id="body-container">
|
||
<!-- Provide site root to javascript -->
|
||
<script>
|
||
var path_to_root = "../";
|
||
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "light";
|
||
</script>
|
||
|
||
<!-- Work around some values being stored in localStorage wrapped in quotes -->
|
||
<script>
|
||
try {
|
||
var theme = localStorage.getItem('mdbook-theme');
|
||
var sidebar = localStorage.getItem('mdbook-sidebar');
|
||
|
||
if (theme.startsWith('"') && theme.endsWith('"')) {
|
||
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
|
||
}
|
||
|
||
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
|
||
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
|
||
}
|
||
} catch (e) { }
|
||
</script>
|
||
|
||
<!-- Set the theme before any content is loaded, prevents flash -->
|
||
<script>
|
||
var theme;
|
||
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
|
||
if (theme === null || theme === undefined) { theme = default_theme; }
|
||
var html = document.querySelector('html');
|
||
html.classList.remove('no-js')
|
||
html.classList.remove('light')
|
||
html.classList.add(theme);
|
||
html.classList.add('js');
|
||
</script>
|
||
|
||
<!-- Hide / unhide sidebar before it is displayed -->
|
||
<script>
|
||
var html = document.querySelector('html');
|
||
var sidebar = null;
|
||
if (document.body.clientWidth >= 1080) {
|
||
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
|
||
sidebar = sidebar || 'visible';
|
||
} else {
|
||
sidebar = 'hidden';
|
||
}
|
||
html.classList.remove('sidebar-visible');
|
||
html.classList.add("sidebar-" + sidebar);
|
||
</script>
|
||
|
||
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
|
||
<div class="sidebar-scrollbox">
|
||
<ol class="chapter"><li class="chapter-item expanded affix "><a href="../index.html">zcashd</a></li><li class="chapter-item expanded "><a href="../user.html"><strong aria-hidden="true">1.</strong> User Documentation</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../user/release-support.html"><strong aria-hidden="true">1.1.</strong> Release Support</a></li><li class="chapter-item expanded "><a href="../user/platform-support.html"><strong aria-hidden="true">1.2.</strong> Platform Support</a></li><li class="chapter-item expanded "><a href="../user/wallet-backup.html"><strong aria-hidden="true">1.3.</strong> Wallet Backup</a></li><li class="chapter-item expanded "><a href="../user/shield-coinbase.html"><strong aria-hidden="true">1.4.</strong> Shielding Coinbase Outputs</a></li><li class="chapter-item expanded "><a href="../user/files.html"><strong aria-hidden="true">1.5.</strong> Data Directory Structure</a></li><li class="chapter-item expanded "><a href="../user/metrics.html"><strong aria-hidden="true">1.6.</strong> Metrics</a></li><li class="chapter-item expanded "><a href="../user/tor.html"><strong aria-hidden="true">1.7.</strong> Using zcashd with Tor</a></li><li class="chapter-item expanded "><a href="../user/security-warnings.html" class="active"><strong aria-hidden="true">1.8.</strong> Security Warnings</a></li><li class="chapter-item expanded "><a href="../user/deprecation.html"><strong aria-hidden="true">1.9.</strong> Deprecated Features</a></li></ol></li><li class="chapter-item expanded "><a href="../dev.html"><strong aria-hidden="true">2.</strong> Developer Documentation</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../dev/dnsseed-policy.html"><strong aria-hidden="true">2.1.</strong> DNS Seeders</a></li><li class="chapter-item expanded "><a href="../dev/rust.html"><strong aria-hidden="true">2.2.</strong> Rust in zcashd</a></li><li class="chapter-item expanded "><a href="../dev/regtest.html"><strong aria-hidden="true">2.3.</strong> Regtest Tips And Hints</a></li><li class="chapter-item expanded "><a href="../dev/platform-tier-policy.html"><strong aria-hidden="true">2.4.</strong> Platform Tier Policy</a></li><li class="chapter-item expanded "><a href="../dev/deprecation.html"><strong aria-hidden="true">2.5.</strong> Deprecation Procedure</a></li></ol></li><li class="chapter-item expanded "><a href="../design.html"><strong aria-hidden="true">3.</strong> Design</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="../design/chain-state.html"><strong aria-hidden="true">3.1.</strong> Chain State</a></li><li class="chapter-item expanded "><a href="../design/coins-view.html"><strong aria-hidden="true">3.2.</strong> "Coins" View</a></li><li class="chapter-item expanded "><a href="../design/p2p-data-propagation.html"><strong aria-hidden="true">3.3.</strong> P2P Data Propagation</a></li></ol></li></ol>
|
||
</div>
|
||
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
|
||
</nav>
|
||
|
||
<div id="page-wrapper" class="page-wrapper">
|
||
|
||
<div class="page">
|
||
<div id="menu-bar-hover-placeholder"></div>
|
||
<div id="menu-bar" class="menu-bar sticky bordered">
|
||
<div class="left-buttons">
|
||
<button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
|
||
<i class="fa fa-bars"></i>
|
||
</button>
|
||
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
|
||
<i class="fa fa-paint-brush"></i>
|
||
</button>
|
||
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
|
||
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
|
||
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
|
||
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
|
||
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
|
||
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
|
||
</ul>
|
||
<button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
|
||
<i class="fa fa-search"></i>
|
||
</button>
|
||
</div>
|
||
|
||
<h1 class="menu-title">The zcashd Book</h1>
|
||
|
||
<div class="right-buttons">
|
||
<a href="../print.html" title="Print this book" aria-label="Print this book">
|
||
<i id="print-button" class="fa fa-print"></i>
|
||
</a>
|
||
|
||
</div>
|
||
</div>
|
||
|
||
<div id="search-wrapper" class="hidden">
|
||
<form id="searchbar-outer" class="searchbar-outer">
|
||
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
|
||
</form>
|
||
<div id="searchresults-outer" class="searchresults-outer hidden">
|
||
<div id="searchresults-header" class="searchresults-header"></div>
|
||
<ul id="searchresults">
|
||
</ul>
|
||
</div>
|
||
</div>
|
||
|
||
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
|
||
<script>
|
||
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
|
||
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
|
||
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
|
||
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
|
||
});
|
||
</script>
|
||
|
||
<div id="content" class="content">
|
||
<main>
|
||
<h1 id="security-warnings"><a class="header" href="#security-warnings">Security Warnings</a></h1>
|
||
<h2 id="security-audit"><a class="header" href="#security-audit">Security Audit</a></h2>
|
||
<p>Zcash has been subjected to a formal third-party security review. For security
|
||
announcements, audit results and other general security information, see
|
||
https://z.cash/support/security.html</p>
|
||
<h2 id="wallet-encryption"><a class="header" href="#wallet-encryption">Wallet Encryption</a></h2>
|
||
<p>Wallet encryption is disabled, for several reasons:</p>
|
||
<ul>
|
||
<li>
|
||
<p>Encrypted wallets are unable to correctly detect shielded spends (due to the
|
||
nature of unlinkability of JoinSplits) and can incorrectly show larger
|
||
available shielded balances until the next time the wallet is unlocked. This
|
||
problem was not limited to failing to recognize the spend; it was possible
|
||
for the shown balance to increase by the amount of change from a spend,
|
||
without deducting the spent amount.</p>
|
||
</li>
|
||
<li>
|
||
<p>While encrypted wallets prevent spending of funds, they do not maintain the
|
||
shielding properties of JoinSplits (due to the need to detect spends). That
|
||
is, someone with access to an encrypted wallet.dat has full visibility of
|
||
your entire transaction graph (other than newly-detected spends, which suffer
|
||
from the earlier issue).</p>
|
||
</li>
|
||
<li>
|
||
<p>We were concerned about the resistance of the algorithm used to derive wallet
|
||
encryption keys (inherited from
|
||
<a href="https://bitcoin.org/en/secure-your-wallet">Bitcoin</a>) to dictionary attacks
|
||
by a powerful attacker. If and when we re-enable wallet encryption, it is
|
||
likely to be with a modern passphrase-based key derivation algorithm designed
|
||
for greater resistance to dictionary attack, such as Argon2i.</p>
|
||
</li>
|
||
</ul>
|
||
<p>You should use full-disk encryption (or encryption of your home directory) to
|
||
protect your wallet at rest, and should assume (even unprivileged) users who
|
||
are running on your OS can read your wallet.dat file.</p>
|
||
<h2 id="side-channel-attacks"><a class="header" href="#side-channel-attacks">Side-Channel Attacks</a></h2>
|
||
<p>This implementation of Zcash is not resistant to side-channel attacks. You
|
||
should assume (even unprivileged) users who are running on the hardware, or who
|
||
are physically near the hardware, that your <code>zcashd</code> process is running on
|
||
will be able to:</p>
|
||
<ul>
|
||
<li>
|
||
<p>Determine the values of your secret spending keys, as well as which notes you
|
||
are spending, by observing cache side-channels as you perform a JoinSplit
|
||
operation. This is due to probable side-channel leakage in the libsnark
|
||
proving machinery.</p>
|
||
</li>
|
||
<li>
|
||
<p>Determine which notes you own by observing cache side-channel information
|
||
leakage from the incremental witnesses as they are updated with new notes.</p>
|
||
</li>
|
||
<li>
|
||
<p>Determine which notes you own by observing the trial decryption process of
|
||
each note ciphertext on the blockchain.</p>
|
||
</li>
|
||
</ul>
|
||
<p>You should ensure no other users have the ability to execute code (even
|
||
unprivileged) on the hardware your <code>zcashd</code> process runs on until these
|
||
vulnerabilities are fully analyzed and fixed.</p>
|
||
<h2 id="rest-interface"><a class="header" href="#rest-interface">REST Interface</a></h2>
|
||
<p>The REST interface is a feature inherited from upstream Bitcoin. By default,
|
||
it is disabled. We do not recommend you enable it until it has undergone a
|
||
security review.</p>
|
||
<h2 id="rpc-interface"><a class="header" href="#rpc-interface">RPC Interface</a></h2>
|
||
<p>Users should choose a strong RPC password. If no RPC username and password are
|
||
set, zcashd will not start and will print an error message with a suggestion
|
||
for a strong random password. If the client knows the RPC password, they have
|
||
at least full access to the node. In addition, certain RPC commands can be
|
||
misused to overwrite files and/or take over the account that is running zcashd.
|
||
(In the future we may restrict these commands, but full node access – including
|
||
the ability to spend from and export keys held by the wallet – would still be
|
||
possible unless wallet methods are disabled.)</p>
|
||
<p>Users should also refrain from changing the default setting that only allows
|
||
RPC connections from localhost. Allowing connections from remote hosts would
|
||
enable a MITM to execute arbitrary RPC commands, which could lead to compromise
|
||
of the account running zcashd and loss of funds. For multi-user services that
|
||
use one or more zcashd instances on the backend, the parameters passed in by
|
||
users should be controlled to prevent confused-deputy attacks which could spend
|
||
from any keys held by that zcashd.</p>
|
||
<h2 id="block-chain-reorganization-major-differences"><a class="header" href="#block-chain-reorganization-major-differences">Block Chain Reorganization: Major Differences</a></h2>
|
||
<p>Users should be aware of new behavior in Zcash that differs significantly from
|
||
Bitcoin: in the case of a block chain reorganization, Bitcoin's coinbase
|
||
maturity rule helps to ensure that any reorganization shorter than the maturity
|
||
interval will not invalidate any of the rolled-back transactions. Zcash keeps
|
||
Bitcoin's 100-block maturity interval for generation transactions, but because
|
||
JoinSplits must be anchored within a block, this provides more limited
|
||
protection against transactions becoming invalidated. In the case of a block
|
||
chain reorganization for Zcash, all JoinSplits which were anchored within the
|
||
reorganization interval and any transactions that depend on them will become
|
||
invalid, rolling back transactions and reverting funds to the original owner.
|
||
The transaction rebroadcast mechanism inherited from Bitcoin will not
|
||
successfully rebroadcast transactions depending on invalidated JoinSplits if
|
||
the anchor needs to change. The creator of an invalidated JoinSplit, as well as
|
||
the creators of all transactions dependent on it, must rebroadcast the
|
||
transactions themselves.</p>
|
||
<p>Receivers of funds from a JoinSplit can mitigate the risk of relying on funds
|
||
received from transactions that may be rolled back by using a higher minconf
|
||
(minimum number of confirmations).</p>
|
||
<h2 id="logging-z_-rpc-calls"><a class="header" href="#logging-z_-rpc-calls">Logging z_* RPC calls</a></h2>
|
||
<p>The option <code>-debug=zrpc</code> covers logging of the z_* calls. This will reveal
|
||
information about private notes which you might prefer not to disclose. For
|
||
example, when calling <code>z_sendmany</code> to create a shielded transaction, input
|
||
notes are consumed and new output notes are created.</p>
|
||
<p>The option <code>-debug=zrpcunsafe</code> covers logging of sensitive information in z_*
|
||
calls which you would only need for debugging and audit purposes. For example,
|
||
if you want to examine the memo field of a note being spent.</p>
|
||
<p>Private spending keys for z addresses are never logged.</p>
|
||
<h2 id="potentially-missing-required-modifications"><a class="header" href="#potentially-missing-required-modifications">Potentially-Missing Required Modifications</a></h2>
|
||
<p>In addition to potential mistakes in code we added to Bitcoin Core, and
|
||
potential mistakes in our modifications to Bitcoin Core, it is also possible
|
||
that there were potential changes we were supposed to make to Bitcoin Core but
|
||
didn't, either because we didn't even consider making those changes, or we ran
|
||
out of time. We have brainstormed and documented a variety of such
|
||
possibilities in <a href="https://github.com/zcash/zcash/issues/826">issue #826</a>, and
|
||
believe that we have changed or done everything that was necessary for the
|
||
1.0.0 launch. Users may want to review this list themselves.</p>
|
||
|
||
</main>
|
||
|
||
<nav class="nav-wrapper" aria-label="Page navigation">
|
||
<!-- Mobile navigation buttons -->
|
||
<a rel="prev" href="../user/tor.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
|
||
<i class="fa fa-angle-left"></i>
|
||
</a>
|
||
|
||
<a rel="next" href="../user/deprecation.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
|
||
<i class="fa fa-angle-right"></i>
|
||
</a>
|
||
|
||
<div style="clear: both"></div>
|
||
</nav>
|
||
</div>
|
||
</div>
|
||
|
||
<nav class="nav-wide-wrapper" aria-label="Page navigation">
|
||
<a rel="prev" href="../user/tor.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
|
||
<i class="fa fa-angle-left"></i>
|
||
</a>
|
||
|
||
<a rel="next" href="../user/deprecation.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
|
||
<i class="fa fa-angle-right"></i>
|
||
</a>
|
||
</nav>
|
||
|
||
</div>
|
||
|
||
|
||
|
||
|
||
<script>
|
||
window.playground_copyable = true;
|
||
</script>
|
||
|
||
|
||
<script src="../elasticlunr.min.js"></script>
|
||
<script src="../mark.min.js"></script>
|
||
<script src="../searcher.js"></script>
|
||
|
||
<script src="../clipboard.min.js"></script>
|
||
<script src="../highlight.js"></script>
|
||
<script src="../book.js"></script>
|
||
|
||
<!-- Custom JS scripts -->
|
||
|
||
|
||
</div>
|
||
</body>
|
||
</html>
|