MIME-Version: 1.0
References: <CAEPKjgeJX7-LaJNkVk0GKbC5KhOE0aT+otpa-N1EVtwC35m9LQ@mail.gmail.com>
	<prvlaj$8er$1@blaine.gmane.org> <20181108131130.134b2d43@simplexum.com>
In-Reply-To: <20181108131130.134b2d43@simplexum.com>
From: Moral Agent <ethan.scruples@gmail.com>
Date: Thu, 8 Nov 2018 12:43:36 -0500
Message-ID: <CACiOHGzot7AFg4qS5FgSMxMjZWm+u6T6+eWW49g8dfK=PDtfkg@mail.gmail.com>
To: dp@simplexum.com, 
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000df5215057a2ac62c"
Subject: Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
Precedence: list

--000000000000df5215057a2ac62c
Content-Type: text/plain; charset="UTF-8"

>The problem will be to come up with an address authentication
procedure that will be convenient for users and widely supported, as a
result.

You could locally hash the destination address and from the hash derive a
BIP39 style list of 12 words for visual comparison. I would advise against
using color or graphics -- the brain is too good at "snapping" to an
expected perception when it is running in graphics mode instead of symbolic
mode.


On Thu, Nov 8, 2018 at 4:41 AM Dmitry Petukhov via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

>
> > Copying addresses to the clipboard should be discouraged, rather than
> > supported.
>
> Do you know any reasonably convenient mechanism for end user to
> transfer an address from, say, a web page to the wallet address
> input field ?
>
> The clipboard is just a low-hanging fruit for malware, anyway. It just
> the most easy point to replace an address. If the computer is
> compromized, malware can edit the web page in the memory of the browser
> process, for example. If it shown as QR code, malware can decode,
> detect that it is an address, and replace the image of QR code.
>
> I think that the only way to protect from this is to add some form of
> authentication for an address - 2fa (transfer checksum via second
> channel), visual fingerprints for addresses, that will are hard to
> detect (and hence, replace) for malware, signing the destination address
> with the key of an address that is already known and checking the
> signature, etc.
>
> The problem will be to come up with an address authentication procedure
> that will be convenient for users and widely supported, as a result.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--000000000000df5215057a2ac62c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">&gt;The problem will be to come up with an address authent=
ication procedure=C2=A0that will be convenient for users and widely support=
ed, as a result.<br><div><br></div><div>You could locally hash the destinat=
ion address and from the hash derive a BIP39 style list of 12 words for vis=
ual comparison. I would advise against using color or graphics -- the brain=
 is too good at &quot;snapping&quot; to an expected perception when it is r=
unning in graphics mode instead of symbolic mode.</div><div><br></div></div=
><br><div class=3D"gmail_quote"><div dir=3D"ltr">On Thu, Nov 8, 2018 at 4:4=
1 AM Dmitry Petukhov via bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@list=
s.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:=
<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bord=
er-left:1px #ccc solid;padding-left:1ex"><br>
&gt; Copying addresses to the clipboard should be discouraged, rather than<=
br>
&gt; supported.<br>
<br>
Do you know any reasonably convenient mechanism for end user to<br>
transfer an address from, say, a web page to the wallet address<br>
input field ?<br>
<br>
The clipboard is just a low-hanging fruit for malware, anyway. It just<br>
the most easy point to replace an address. If the computer is<br>
compromized, malware can edit the web page in the memory of the browser<br>
process, for example. If it shown as QR code, malware can decode,<br>
detect that it is an address, and replace the image of QR code.<br>
<br>
I think that the only way to protect from this is to add some form of<br>
authentication for an address - 2fa (transfer checksum via second<br>
channel), visual fingerprints for addresses, that will are hard to<br>
detect (and hence, replace) for malware, signing the destination address<br=
>
with the key of an address that is already known and checking the<br>
signature, etc.<br>
<br>
The problem will be to come up with an address authentication procedure<br>
that will be convenient for users and widely supported, as a result.<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>

--000000000000df5215057a2ac62c--