Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage
Ivan Ch <acizlan@...>
thanks for reply
but I think you guys are down playing the seriousness of this issue.
if u add salt then the salt must be passed to others so others can validate.
to avoid others to launch dictionary attack, u must (in ur implementation)force peers to use private point2point connections to send the hash, otherwise u may create another security hole.
plus, forcing p2p connection among participants would literally destroy the purpose of blockchain.
this functionality need to change its name to something like "chain hash" to save others falsely believe this is a data privacy functionality. i know there must be marketing concerns calling it "private data", but u guys need to be responsible