Secret keys are being logged and showing inside log files

Question

Secret keys are being logged and showing inside log files

Closed this issue 3 years ago · 3 comments

Hello. Will like to point out that secret keys are being logged out for production app in the BlufiClient file.
DH Secret and AES keys are being logged in the negotiateSecurity function. May I suggest wrapping these NSLog within an #if DEBUG scope so that these secret keys are not accidentally displayed in the log files inside a production app.

Answer 1 · 2020-07-07T02:44:44.000Z

You are right. I will modify it today.
Thank you.

Answer 2 · 2020-07-08T02:01:51.000Z

No problem. :)

Please update here when the fix has been released. Thank you. :)

Answer 3 · 2021-07-23T20:12:26.000Z

This was fixed some time ago.