Security: hardcoded default P2P HMAC secret enables forged gossip messages on default deployments

[createkr]

Summary

The P2P gossip module currently falls back to a repo-public default HMAC secret when RC_P2P_SECRET is unset:

P2P_SECRET = os.environ.get("RC_P2P_SECRET", "rustchain_p2p_secret_2025_decentralized")

Because this value is public and the gossip path relies on this HMAC for message authenticity, any deployment that does not explicitly override RC_P2P_SECRET can accept forged gossip messages from an unauthenticated attacker who can reach the P2P endpoint.

Impact

On default-configured deployments, an attacker can forge valid gossip traffic, including fake attestation-related messages and other state propagation traffic guarded only by the shared HMAC secret.

Affected component

• node/rustchain_p2p_gossip.py
• RC_P2P_SECRET default fallback behavior

Suggested fix

• Remove the insecure default secret fallback
• Fail closed if RC_P2P_SECRET is unset, empty, or still a known placeholder
• Add operator-facing configuration guidance
• Add focused regression tests for secret enforcement

I have a minimal fix prepared and can open a PR immediately.

Wallet: RTC1d48d848a5aa5ecf2c5f01aa5fb64837daaf2f35

[createkr]

I opened a fix PR for this issue: #2047 Wallet: RTC1d48d848a5aa5ecf2c5f01aa5fb64837daaf2f35