Create account

anarchovegan
2362d
Memo.cash and Honest.cash Vulnerability

https://deals.weku.io/community-deals/@anarchovegan/memo-cash-and-honest-cash-vulnerability
2 / 8 1
replied 2361d
I'm not sure why Memo is listed here. MD5 isn't used anywhere in memo codebase.
4
1,657
replied 2360d
Don't know why he posted this as a vuln, but the issue is still there that you can just run a crypto data breach, get some hits and steal funds without the option for protections l/2fa
replied 2360d
The point of my original message was that your privatekey shouldn't be stored on other peoples servers, especially in the case of honest where you can't chose to use another client.
Barricade
replied 2360d
Even storing a hash of the private key is a hazard, better use a KDF for storage.
replied 2362d
Jesus christ 🤦‍♂️ https://github.com/honest-cash/honestcash/blob/f9dcde94167f97694cdcd16c45495dda666080cd/src/app/controllers/WalletCtrl.ts#L44 💩💩💩💩💩💩
1
anarchovegan
replied 2362d
I'm sorry - I'm not as good at coding as I'd like to be -- what specifically are you joking about?; or, is it the structure of it?
Anything you'd recommend for getting better?
replied 2362d
I'm using this, not sure how good it is because I'm still learning https://play.google.com/store/apps/details?id=com.learnerslab.learnjavascript
2
777
replied 2361d
That’s the part of the code that sends the password as MD5.


About Privacy Terms Stats