debug logging of secrets in ConcatKeyDerivationFunction
Issue #38
closed
The ConcatKeyDerivationFunction code makes it possible for an unsuspecting user to log secrets. Would you consider removing these lines?
Comments (3)
-
repo owner -
repo owner - changed status to resolved
done in 50417d5
-
repo owner - changed status to closed
released with v 0.5.0
- Log in to comment
Yeah, that's probably a good idea. I added a lot of logging to the KDF implementation in the earlier days of JWE to help troubleshoot the example in the appendix of JWA - http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20130826/003920.html - but it's probably outlived its usefulness and is more likely to do harm than good now.