refactor: #666: mnemonic improvements #832
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The code at
use mnemonic words and private keys as functions' parameters. In case of exception mnemonic words could be leaked by called methods of internal libraries BIP-32 and BIP-39, albeit in the actual release of these libraries shadow sensitive data.
The proposed code assures no sensitive data such as mnemonic words or private keys are leaked because error thrown.
The code at
remarks in documentation of the functions, sensitive data must not be passed as parameters.
In packages/core/tests/hdnode/hdnode.unit.test.ts the test 'fromMnemonic - invalid - word list leak check' assures no mnemonic words is part of the error.
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
yarn test:solo
yarn test:unit
Test Configuration:
Checklist: