dcsimg
June 18, 2018
Hot Topics:

TruffleHog Searches for Secret Keys in Git Repositories

  • January 9, 2017
  • By Developer.com Staff

A security researcher named Dylan Ayrey has released an open source tool called TruffleHog that searches through Git repositories for cryptographic keys. TruffleHog looks for strings of characters with "high entropy," in other words they look like encryption keys that would be difficult to crack. When it finds them, it displays them on the screen.

The tool represents an obvious security risk to developers who may have inadvertently committed keys to GitHub repositories, but it may have some beneficial uses as well. Amazon Web Services is said to use this tool or something similar to search repositories for keys for its cloud computing service in order to prevent attackers from finding the keys and running up large bills on other people's accounts.

View article






Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that developer.com may send you developer offers via email, phone and text message, as well as email offers about other products and services that developer believes may be of interest to you. developer will process your information in accordance with the Quinstreet Privacy Policy.

Sitemap

×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date