Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Dmitry Petukhov <dp@simplexum•com>
To: bitcoin-dev@lists•linuxfoundation.org
Cc: Andreas Schildbach <andreas@schildbach•de>
Subject: Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
Date: Thu, 8 Nov 2018 13:11:30 +0500	[thread overview]
Message-ID: <20181108131130.134b2d43@simplexum.com> (raw)
In-Reply-To: <prvlaj$8er$1@blaine.gmane.org>

> Copying addresses to the clipboard should be discouraged, rather than
> supported.

Do you know any reasonably convenient mechanism for end user to
transfer an address from, say, a web page to the wallet address
input field ?

The clipboard is just a low-hanging fruit for malware, anyway. It just
the most easy point to replace an address. If the computer is
compromized, malware can edit the web page in the memory of the browser
process, for example. If it shown as QR code, malware can decode,
detect that it is an address, and replace the image of QR code.

I think that the only way to protect from this is to add some form of
authentication for an address - 2fa (transfer checksum via second
channel), visual fingerprints for addresses, that will are hard to
detect (and hence, replace) for malware, signing the destination address
with the key of an address that is already known and checking the
signature, etc.

The problem will be to come up with an address authentication procedure
that will be convenient for users and widely supported, as a result.

next prev parent reply	other threads:[~2018-11-08  8:18 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-07 14:09 Adam Ficsor
2018-11-07 21:28 ` Andreas Schildbach
2018-11-08  8:11   ` Dmitry Petukhov [this message]
2018-11-08 15:28     ` Andreas Schildbach
2018-11-08 18:00       ` Dmitry Petukhov
2018-11-12  3:23         ` Adam Ficsor
2018-12-01  4:57           ` James MacWhyte
2018-12-01 12:07             ` Adam Ficsor
2018-11-08 17:43     ` Moral Agent
2018-11-08 17:12   ` Jeffrey Paul

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181108131130.134b2d43@simplexum.com \
    --to=dp@simplexum$(echo .)com \
    --cc=andreas@schildbach$(echo .)de \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox