summaryrefslogtreecommitdiff
path: root/9c/754b57d88521a84710b3e84515803066b73e58
blob: c9b55282d344bd52a9eac6b392eee4559846966d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
Return-Path: <ethan.scruples@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 7A580B6D
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu,  8 Nov 2018 17:43:48 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-oi1-f171.google.com (mail-oi1-f171.google.com
	[209.85.167.171])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 05FAD893
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu,  8 Nov 2018 17:43:47 +0000 (UTC)
Received: by mail-oi1-f171.google.com with SMTP id x204-v6so2185174oia.0
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 08 Nov 2018 09:43:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:references:in-reply-to:from:date:message-id:subject:to; 
	bh=cVsidiDYGg9crr41ivtW7fxiQS8ke2XpV6WqJTVKqDc=;
	b=rq9SFwJ/ZGAt+0LMhblG/bpkzYGXeyRsrU4BEWuMpcDDWXa/NbK2TVib/76Od4K0JH
	hoyVc7Dc3TNEXJ7/FdrgrCTYR5OBTdJgk/apHUvCPLlow0HjMynoduX3FtgPF757WYUr
	thiT73Kf4jY5WbF+fQzP6k7mnCdL5Nq41kSXi665cEowofrWRWRSEq4mGTLPCkB81LIS
	MDUOPimMARQWU2qL8vA4NrBC4R0M3Wv/PMjY5nMWr5/1E6ygR3KSM/HP5u+bNSybiuZX
	77Z2hrvKpym+Di5iHJLysbvDaF+Sf5rJMDwl0Qf4+b695brEVYCJnclJJVh6thxMQ4HK
	Vu6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to;
	bh=cVsidiDYGg9crr41ivtW7fxiQS8ke2XpV6WqJTVKqDc=;
	b=O6h+Dtdc5NIU5Hk2ws5pJoC8O0UthH+atbqp+m1+RZ7vWHWslSGRdhCoCwH/aooRM6
	tW0BHAIDXNFNyJanN8Qz+PEkTar/mwa/wmlHrBj9o4YPmSbgt7CwHPqjLpFFNEkCGPhD
	PXt47Hf2LixHJzy8ZKIGwzioNBGo1kCB/jNtcegb7G1IPnsvobgALHD94xUHTTsIn8Jk
	n48BeGiYo8AOPpa3RP+oDqQ7GQ13T0uI4wsjRviTdmzrls7oS+uKHntYYzP8JHvlssMB
	6NTdywMF918c6jBSZB8lKPx/+NGdItg/FWMTCH2ohoObOiBcrcCPQ8h7/kXATIwULqsL
	hf+w==
X-Gm-Message-State: AGRZ1gI7lrrzUF3FAp3rDhohm58vyF6mqmq1p99Pvyfy3bZVyqZvc63f
	qeA0wEua3HtN9r+Pt4ckGF1fLdokK46W5Fdw7zOHNtFSCxY=
X-Google-Smtp-Source: AJdET5dGQKKUcWjs+cLWYkKG35UBPrTGifOGLN19Z0b4MfL/Moo3NWVBabHjpTgNcdgjNikXcpeJVJUAJkzV6tsZ7wA=
X-Received: by 2002:aca:6ad3:: with SMTP id
	f202-v6mr2952126oic.50.1541699027290; 
	Thu, 08 Nov 2018 09:43:47 -0800 (PST)
MIME-Version: 1.0
References: <CAEPKjgeJX7-LaJNkVk0GKbC5KhOE0aT+otpa-N1EVtwC35m9LQ@mail.gmail.com>
	<prvlaj$8er$1@blaine.gmane.org> <20181108131130.134b2d43@simplexum.com>
In-Reply-To: <20181108131130.134b2d43@simplexum.com>
From: Moral Agent <ethan.scruples@gmail.com>
Date: Thu, 8 Nov 2018 12:43:36 -0500
Message-ID: <CACiOHGzot7AFg4qS5FgSMxMjZWm+u6T6+eWW49g8dfK=PDtfkg@mail.gmail.com>
To: dp@simplexum.com, 
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000df5215057a2ac62c"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 08 Nov 2018 17:46:51 +0000
Subject: Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 17:43:48 -0000

--000000000000df5215057a2ac62c
Content-Type: text/plain; charset="UTF-8"

>The problem will be to come up with an address authentication
procedure that will be convenient for users and widely supported, as a
result.

You could locally hash the destination address and from the hash derive a
BIP39 style list of 12 words for visual comparison. I would advise against
using color or graphics -- the brain is too good at "snapping" to an
expected perception when it is running in graphics mode instead of symbolic
mode.


On Thu, Nov 8, 2018 at 4:41 AM Dmitry Petukhov via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

>
> > Copying addresses to the clipboard should be discouraged, rather than
> > supported.
>
> Do you know any reasonably convenient mechanism for end user to
> transfer an address from, say, a web page to the wallet address
> input field ?
>
> The clipboard is just a low-hanging fruit for malware, anyway. It just
> the most easy point to replace an address. If the computer is
> compromized, malware can edit the web page in the memory of the browser
> process, for example. If it shown as QR code, malware can decode,
> detect that it is an address, and replace the image of QR code.
>
> I think that the only way to protect from this is to add some form of
> authentication for an address - 2fa (transfer checksum via second
> channel), visual fingerprints for addresses, that will are hard to
> detect (and hence, replace) for malware, signing the destination address
> with the key of an address that is already known and checking the
> signature, etc.
>
> The problem will be to come up with an address authentication procedure
> that will be convenient for users and widely supported, as a result.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--000000000000df5215057a2ac62c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">&gt;The problem will be to come up with an address authent=
ication procedure=C2=A0that will be convenient for users and widely support=
ed, as a result.<br><div><br></div><div>You could locally hash the destinat=
ion address and from the hash derive a BIP39 style list of 12 words for vis=
ual comparison. I would advise against using color or graphics -- the brain=
 is too good at &quot;snapping&quot; to an expected perception when it is r=
unning in graphics mode instead of symbolic mode.</div><div><br></div></div=
><br><div class=3D"gmail_quote"><div dir=3D"ltr">On Thu, Nov 8, 2018 at 4:4=
1 AM Dmitry Petukhov via bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@list=
s.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:=
<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bord=
er-left:1px #ccc solid;padding-left:1ex"><br>
&gt; Copying addresses to the clipboard should be discouraged, rather than<=
br>
&gt; supported.<br>
<br>
Do you know any reasonably convenient mechanism for end user to<br>
transfer an address from, say, a web page to the wallet address<br>
input field ?<br>
<br>
The clipboard is just a low-hanging fruit for malware, anyway. It just<br>
the most easy point to replace an address. If the computer is<br>
compromized, malware can edit the web page in the memory of the browser<br>
process, for example. If it shown as QR code, malware can decode,<br>
detect that it is an address, and replace the image of QR code.<br>
<br>
I think that the only way to protect from this is to add some form of<br>
authentication for an address - 2fa (transfer checksum via second<br>
channel), visual fingerprints for addresses, that will are hard to<br>
detect (and hence, replace) for malware, signing the destination address<br=
>
with the key of an address that is already known and checking the<br>
signature, etc.<br>
<br>
The problem will be to come up with an address authentication procedure<br>
that will be convenient for users and widely supported, as a result.<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>

--000000000000df5215057a2ac62c--