Key for Mac - debug logging disable?

Key for Mac OS has shipped with various debug logging enabled.  It is writing some fairly sensitive data into the log -- can this be disabled?  Especially the recording of the master_passphrase salt -- that seems like something you would not want to leave laying around.  I realize the crypto is strong, but recording information like this provides opportunity to hack at it.

 

~/Library/Application Support/F-Secure/Pwmgr/Pwmgr.log

 

Example when first creating an account.

 

[18:29:47:268] -C- file:///Applications/F-Secure%20Key.app/Contents/Resources/www/js/ext/pwmlog.js [32] : [debug] StorageService createWithPassphrase
[18:29:47:268] -C- file:///Applications/F-Secure%20Key.app/Contents/Resources/www/js/ext/pwmlog.js [32] : [debug] EncryptedPasswordCollection creating
[18:29:47:270] -C- file:///Applications/F-Secure%20Key.app/Contents/Resources/www/js/ext/pwmlog.js [32] : [debug] master_passphrase, salt: 4eec56684ea54e8XXXXXXXXXX91330ebdebb7902f23d4919e2cc0f0d1392c93d

 

 

Comments

  • JuhaTJuhaT Posts: 55

    We don't currently have configuration setting for the logging level where you could disable debug level logging. I'll take this up with the dev team so that we can address this in the product on next update.

     

    Thank you for pointing this out.

     

This discussion has been closed.