1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
|
Return-Path: <marek@palatinus.cz>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 60762C000E
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 31 Aug 2021 08:48:10 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id 41BFB60BBA
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 31 Aug 2021 08:48:10 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: smtp3.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=palatinus-cz.20150623.gappssmtp.com
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id BH_bNl7iiKJB
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 31 Aug 2021 08:48:06 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com
[IPv6:2a00:1450:4864:20::232])
by smtp3.osuosl.org (Postfix) with ESMTPS id DF14060A57
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 31 Aug 2021 08:48:05 +0000 (UTC)
Received: by mail-lj1-x232.google.com with SMTP id i28so30435470ljm.7
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 31 Aug 2021 01:48:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=palatinus-cz.20150623.gappssmtp.com; s=20150623;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=JR+6bNwGr1vJGgX/bnNqipgtxvx02nbSPhO3V/AaNnE=;
b=cqT1gF0I2rcp6KJPkmsaFZQDWSqkUMSjF/p4u81NgJOX100VmlMVuWpUMZfqy75bzZ
SPy2kmhqOjrz9FKrdVrpephBleLPplmy7NIkYf4wCR4FS+6Opq/HLHWDn2Y9YL6kuj3w
Zs1pt6R1BbLGYIbgnE1nq0C0zvcjXR2CmTEWG8XCXaNdd9Mazp4vCH9Yu/pXLQGTAmSw
R5s4nvRrAycjLeqHUF13BXK+3KtzXBzxGnWwuP27JDmAIyjvFLmkLnNmMyxo25unp79r
Esl8avzQE5lOp5A0ELEI9Gtn30BkYHHXSp69Mo8nDbgo3e15zLoKQvW4QBQMON2CxnR9
m/Vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=JR+6bNwGr1vJGgX/bnNqipgtxvx02nbSPhO3V/AaNnE=;
b=YaFXbTTWnlSsaPCNiANRoCoRxF0aIhrYDOXbA4Unn4LT2dQX9TGy4RPcpm5n/R4Sry
2Q3Hz/YYLPiF776QIAsK/643qc4FmXoHmDTE+TyyJaDT1vCl4qotCWFRVBA+KeuhoMRM
sSmJSAntxvOrxYObv9XxN+MFQbokjiIE8DT38SmmB12lb8EoBE2+cvIB3A4P3sye/XGS
/nxwrvsBuWz0v+YTJCRxJ15FwJ8ejFCvVWF5UKXiHKRJylE9snlyxUF4f1w9fReBG5p0
R+b5x78zIAn69ZFFHBhSbcjLulSibRbTtzhJkxj4g5e690oIcXhIfFaBrLFLrMZ5riyq
CDZw==
X-Gm-Message-State: AOAM531sXZd1/veeFGeZo9vRoxbScXmZUm3HhO1hluMgAgb8zyxOOdzC
wUKkKItUcO/SZfUpwuqwlLMSxLXG3KkG8eRDx602eAyFuPjCpQ==
X-Google-Smtp-Source: ABdhPJxXruUQ/m3DxZrH/+0CxsJaOMW5CNG1UYZgUMJTjC9Vw8P/x/g9zFro8BsXE591ANU4qZWKF/7oU0Zb0v+K3CA=
X-Received: by 2002:a05:651c:3c8:: with SMTP id
f8mr24053715ljp.213.1630399683863;
Tue, 31 Aug 2021 01:48:03 -0700 (PDT)
MIME-Version: 1.0
References: <f31bc6b0-f9b3-be4c-190c-fc292821b24b@cronosurf.com>
<6f69f132-211f-9d42-8023-c3b0264af439@cronosurf.com>
<3isqiyeCtgJdzEvbbm3ZoS6h1_4l3YjtPypqJAPto5cp2K1BebmgEdVGLGTYt2j803RnfaiIbFxjGdPIac8vHHpMmelwStYm0om_szvX7xc=@wuille.net>
<75a02b16-0aac-4afd-1a9e-f71a8396baea@cronosurf.com>
In-Reply-To: <75a02b16-0aac-4afd-1a9e-f71a8396baea@cronosurf.com>
From: Marek Palatinus <marek@palatinus.cz>
Date: Tue, 31 Aug 2021 09:47:26 +0100
Message-ID: <CAJna-Hhtr0v_uEE-4ET4FPNnGnPv8sW2JXkVka0XDkphy_YmSg@mail.gmail.com>
To: ts <ts@cronosurf.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000ffc23605cad7014a"
Subject: Re: [bitcoin-dev] Human readable checksum (verification code) to
avoid errors on BTC public addresses
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Aug 2021 08:48:10 -0000
--000000000000ffc23605cad7014a
Content-Type: text/plain; charset="UTF-8"
I fully agree with sipa and his reasoning that this proposal is not solving
any particular problem, but making it actually a bit worse.
Also, do you know what I hate more than copy&pasting bitcoin addresses?
Copy pasting zillion random fields for SEPA/wire transfers. And I believe
that a single copy pasta of a bitcoin address is a much better user
experience after all.
Best,
slush
On Tue, Aug 31, 2021 at 9:08 AM ts via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Pieter, thanks for your comments. Here my thoughts:
>
> Pieter Wuille wrote on 8/29/21 9:24 AM:
> > On Saturday, August 28th, 2021 at 5:17 PM, ts via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
> >
> >> Following up on my original proposal, I would like to get some more
> feedback of the community
> >>
> >> to see if this could be realized at some point. Also, any
> recommendations as to who to contact
> >>
> >> to get things rolling?
> >
> > I honestly don't understand the point of what you're suggesting.
>
> It is about creating a simple technical assistance that makes it more user
> friendly and less
> error prone to verify the entered address. For all types of users,
> including those who are
> less tech savvy.
>
>
> > * If you're concerned about random typos, this is something already
> automatically protected against through the checksum (both base58check or
> bech32/bech32m).
>
> I agree, but as mentioned in the original proposal, it is not about random
> typos (although
> this would help for other coins without integrated checksum of course),
> but rather about
> copy&paste errors (both technical or user caused).
>
>
> > * If you're concerned about accidentally entering the wrong - but
> honestly created - address, comparing any few characters of the address is
> just as good as any other. It doesn't even require the presence of a
> checksum. Looking at the last N characters, or the middle N, or anything
> except the first few, will do, and is just as good as an "external"
> checksum added at the end. For randomly-generated addresses (as honest ones
> are), each of those has exactly as much entropy.
>
> Correct. However, I believe that ADDITIONALLY to looking at N characters,
> a quick check of a 3
> or 4 digit code in bigger font next to the address would make for a better
> user experience.
> This gives the user the reassurance that there is definitely no error. I
> agree that most users
> with technical background including most of us here will routinely check
> the first/last N
> characters. I usually check the first 3 + last 3 characters. But I don't
> think this is very
> user friendly. More importantly, I once had the case that two addresses
> were very similar at
> precisely those 6 characters, and only a more close and concentrated look
> made me see the
> difference. Moreover, some inexperienced users that are not aware of the
> consequences of
> entering a wrong address (much worse than entering the wrong bank account
> in an online bank
> transfer) might forget to look at the characters altogether.
>
>
> > * If you're concerned about maliciously constructed addresses, which are
> designed to look similar in specific places, an attacker can just as easily
> make the external checksum collide (and having one might even worsen this,
> as now the attacker can focus on exactly that, rather than needing to focus
> on every other character).
>
> Not so concerned about this case, since this is a very special case that
> can only occur under
> certain circumstances. But taking this case also into consideration, this
> is why the user
> should use the verification code ADDITIONALLY to the normal way of
> verifying, not instead. If
> the attacker only focuses on the verification code, he will only be
> successful with users that
> ONLY look at this code. But if the attacker intends to be more successful,
> he now needs to
> create a valid address that is both similar in specific places AND
> produces the same
> verification code, which is way more difficult to achieve.
>
>
> > Things would be different if you'd suggest a checksum in another medium
> than text (e.g. a visual/drawing/colorcoding one). But I don't see any
> added value for an additional text-based checksum when addresses are
> already text themselves.
>
> Yes, a visual checksum could also work. Christopher Allen proposed to use
> LifeHash as an
> alternative. It would be a matter of balancing the more complex
> implementation and need of
> space in the app's layout with the usability and advantages of use. One
> advantage of the digit
> verification code is that it can be spoken in a call or written in a
> message.
>
> > This is even disregarding the difficulty of getting the ecosystem to
> adopt such changes.
>
> No changes are needed, only an agreement or recommendation on which
> algorithm for the code
> generation should be used. Once this is done, it is up to the developers
> of wallets and
> exchanges to implement this feature as they see fit.
>
> Greetings,
> TS
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--000000000000ffc23605cad7014a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>I fully agree with sipa and his reasoning that this p=
roposal is not solving any particular problem, but making it actually a bit=
worse.<br></div><div><br></div><div>Also, do you know what I hate more tha=
n copy&pasting bitcoin addresses? Copy pasting zillion random fields fo=
r SEPA/wire transfers. And I believe that a single copy pasta of a bitcoin =
address is a much better user experience after all.</div><div><br></div><di=
v>Best,</div><div>slush<br></div></div><br><div class=3D"gmail_quote"><div =
dir=3D"ltr" class=3D"gmail_attr">On Tue, Aug 31, 2021 at 9:08 AM ts via bit=
coin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitco=
in-dev@lists.linuxfoundation.org</a>> wrote:<br></div><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex">Pieter, thanks for your comments. Here my =
thoughts:<br>
<br>
Pieter Wuille wrote on 8/29/21 9:24 AM:<br>
> On Saturday, August 28th, 2021 at 5:17 PM, ts via bitcoin-dev <<a h=
ref=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitc=
oin-dev@lists.linuxfoundation.org</a>> wrote:<br>
> <br>
>> Following up on my original proposal, I would like to get some mor=
e feedback of the community<br>
>><br>
>> to see if this could be realized at some point. Also, any recommen=
dations as to who to contact<br>
>><br>
>> to get things rolling?<br>
> <br>
> I honestly don't understand the point of what you're suggestin=
g.<br>
<br>
It is about creating a simple technical assistance that makes it more user =
friendly and less <br>
error prone to verify the entered address. For all types of users, includin=
g those who are <br>
less tech savvy.<br>
<br>
<br>
> * If you're concerned about random typos, this is something alread=
y automatically protected against through the checksum (both base58check or=
bech32/bech32m).<br>
<br>
I agree, but as mentioned in the original proposal, it is not about random =
typos (although <br>
this would help for other coins without integrated checksum of course), but=
rather about <br>
copy&paste errors (both technical or user caused).<br>
<br>
<br>
> * If you're concerned about accidentally entering the wrong - but =
honestly created - address, comparing any few characters of the address is =
just as good as any other. It doesn't even require the presence of a ch=
ecksum. Looking at the last N characters, or the middle N, or anything exce=
pt the first few, will do, and is just as good as an "external" c=
hecksum added at the end. For randomly-generated addresses (as honest ones =
are), each of those has exactly as much entropy.<br>
<br>
Correct. However, I believe that ADDITIONALLY to looking at N characters, a=
quick check of a 3 <br>
or 4 digit code in bigger font next to the address would make for a better =
user experience. <br>
This gives the user the reassurance that there is definitely no error. I ag=
ree that most users <br>
with technical background including most of us here will routinely check th=
e first/last N <br>
characters. I usually check the first 3 + last 3 characters. But I don'=
t think this is very <br>
user friendly. More importantly, I once had the case that two addresses wer=
e very similar at <br>
precisely those 6 characters, and only a more close and concentrated look m=
ade me see the <br>
difference. Moreover, some inexperienced users that are not aware of the co=
nsequences of <br>
entering a wrong address (much worse than entering the wrong bank account i=
n an online bank <br>
transfer) might forget to look at the characters altogether.<br>
<br>
<br>
> * If you're concerned about maliciously constructed addresses, whi=
ch are designed to look similar in specific places, an attacker can just as=
easily make the external checksum collide (and having one might even worse=
n this, as now the attacker can focus on exactly that, rather than needing =
to focus on every other character).<br>
<br>
Not so concerned about this case, since this is a very special case that ca=
n only occur under <br>
certain circumstances. But taking this case also into consideration, this i=
s why the user <br>
should use the verification code ADDITIONALLY to the normal way of verifyin=
g, not instead. If <br>
the attacker only focuses on the verification code, he will only be success=
ful with users that <br>
ONLY look at this code. But if the attacker intends to be more successful, =
he now needs to <br>
create a valid address that is both similar in specific places AND produces=
the same <br>
verification code, which is way more difficult to achieve.<br>
<br>
<br>
> Things would be different if you'd suggest a checksum in another m=
edium than text (e.g. a visual/drawing/colorcoding one). But I don't se=
e any added value for an additional text-based checksum when addresses are =
already text themselves.<br>
<br>
Yes, a visual checksum could also work. Christopher Allen proposed to use L=
ifeHash as an <br>
alternative. It would be a matter of balancing the more complex implementat=
ion and need of <br>
space in the app's layout with the usability and advantages of use. One=
advantage of the digit <br>
verification code is that it can be spoken in a call or written in a messag=
e.<br>
<br>
> This is even disregarding the difficulty of getting the ecosystem to a=
dopt such changes.<br>
<br>
No changes are needed, only an agreement or recommendation on which algorit=
hm for the code <br>
generation should be used. Once this is done, it is up to the developers of=
wallets and <br>
exchanges to implement this feature as they see fit.<br>
<br>
Greetings,<br>
TS<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--000000000000ffc23605cad7014a--
|
