-
Notifications
You must be signed in to change notification settings - Fork 11.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Doc] fix advice for ephemeral key pair and the ZK proof storage #16225
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
3 Ignored Deployments
|
@@ -527,8 +527,7 @@ You might want to cache the ephemeral key pair along with the ZKP for future use | |||
|
|||
However, the ephemeral key pair needs to be treated as a secret akin to a key pair in a traditional wallet. This is because if both the ephemeral private key and ZK proof are revealed to an attacker, then they can typically sign any transaction on behalf of the user (using the same process described previously). | |||
|
|||
Consequently, you should choose the storage of the ephemeral key pair and the ZK proof carefully. For example, a web browser provides both session and local storage. Data in local storage persists until you explicitly clear your browser cache (remains across browser sessions), whereas session storage persists only until you close the tab or bowser. Using local storage for this data is preferable to safeguard against the loss of funds should the session end unexpectedly. | |||
|
|||
Consequently, you should not store them persistently in an insecure storage location, on any platform. For example, on browsers, use session storage instead of local storage to store the ephemeral key pair and the ZK proof. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consequently, you should not store them persistently in an insecure storage location, on any platform. For example, on browsers, use session storage instead of local storage to store the ephemeral key pair and the ZK proof. | |
Consequently, you should not store them persistently in an unsecure storage location, on any platform. For example, on browsers, use session storage instead of local storage to store the ephemeral key pair and the ZK proof. |
I like the original "unsecure" here, but not a hill I'd die on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated! Also added a new sentence based on the original feedback. cc @SuiSunbeam
Description
This restores the advice to the previous wording.
Test Plan
n/a
If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section.
Type of Change (Check all that apply)
Release notes