Skip to content

Change Debug implementation for SecretKey/SharedSecret #838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Change Debug implementation for SecretKey/SharedSecret #838

wants to merge 1 commit into from

Conversation

rustaceanrob
Copy link

The only purpose of hashes in this crate is to blind secret keys when implementing Debug. By using a different blinding function, particularly one in ffi, we may remove hashes entirely. Notably, since there is no longer a feature requirement, all users would get a Debug implementation with a finger print.

I have more questions than I do solutions. Why is this function pointer an Option? When getting the nonce, how do we want to display it? Does the message parameter matter?

@rustaceanrob
Change Debug implementation for SecretKey
66ee0ae 
The only purpose of `hashes` in this crate is to blind secret keys when
implementing `Debug`. By using a different blinding function,
particularly one in `ffi`, we may remove `hashes` entirely. Notably,
since there is no longer a feature requirement, all users would get a
`Debug` implementation with a finger print.
@rustaceanrob rustaceanrob changed the title Change Debug implementation for SecretKey Change Debug implementation for SecretKey/SharedSecret Aug 16, 2025
@rustaceanrob
Copy link
Author

Didn't see #837

@apoelstra
Copy link
Member

Hah, oops! I guess we were working at the same time on this.

I have more questions than I do solutions. Why is this function pointer an Option?

Because the Option version represents the type that gets passed to the C FFI (since C function pointers may be NULL). The intention of this function is that it's passed to the C FFI, not that it be called directly.

When getting the nonce, how do we want to display it?

I just took the first 16 hex characters (64 bits), which matches the previous code. This gives us 32 bits of collision resistance which should be fine for any sane use of Debug output.

Does the message parameter matter?

No. Basically, you want to somehow stick (a) the secret, (b) the word "debug" somewhere, and everything else is just padding.

@rustaceanrob rustaceanrob deleted the 8-16-rm-hashes branch August 18, 2025 07:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rustaceanrob @apoelstra