One that has been on my mind lately is verifying addresses on a hardware wallet when ...

Why Nostr? What is Njump?

npub1j8…g26k2

2025-05-06 15:29:02

in reply to nevent1q…9pw9

One that has been on my mind lately is verifying addresses on a hardware wallet when receiving funds.

It's rather ugly (big string of characters), so we chunk the address up and highlight some chunks at random.

It's also unintuitive, best practice is not to simply check that the address you're giving out from your software wallet matches the address derived on your hardware wallet. Since it could be intercepted and replaced during transmission (this is where most attacks are, clipboard malware).

Rather, you want to check that the **sender** sees the same address as displayed on your hardware wallet. Making the workflow and describing this is rather tricky, it all depends on who you're receiving from - is it an in-person transaction (compare visually)? is it over DMs (ask can you see the address chunks)? Is it a withdrawal from an exchange (compare against confirmation email, if provided)?

Author Public Key

npub1j8d6h8mzvc8f2fvysrf09nlkmn7m2ylj32zl5na4tm5e8fd5dqysrg26k2

Show more details

Published at

2025-05-06 15:29:02

Kind type

1 Short Text Note

Event JSON

{ "id": "da322407b05fab9ffc5f82556036164debcc65c63daa686c255ef977764991e2", "pubkey": "91dbab9f62660e95258480d2f2cff6dcfdb513f28a85fa4fb55ee993a5b46809", "created_at": 1746545342, "kind": 1, "tags": [ [ "e", "b0f8e19a2593109871a08aee8ab115f6038104bc375ae06ad768c32490a0c091", "wss://pyramid.fiatjaf.com", "root" ], [ "e", "eaf05e04e66beaf6c2eb700d461fd433b10ee7e9b754e44e3365414d31cf4743", "wss://pyramid.fiatjaf.com", "reply" ], [ "p", "91dbab9f62660e95258480d2f2cff6dcfdb513f28a85fa4fb55ee993a5b46809" ], [ "p", "17538dc2a62769d09443f18c37cbe358fab5bbf981173542aa7c5ff171ed77c4" ], [ "r", "wss://nostr.bitcoiner.social/" ], [ "r", "wss://purplepag.es/" ], [ "r", "wss://relay.0xchat.com/" ], [ "r", "wss://relay.snort.social/" ], [ "r", "wss://relay.damus.io/" ], [ "r", "wss://nostr-pub.wellorder.net/" ], [ "r", "wss://relay.mostr.pub/" ] ], "content": "One that has been on my mind lately is verifying addresses on a hardware wallet when receiving funds.\n\nIt's rather ugly (big string of characters), so we chunk the address up and highlight some chunks at random.\n\nIt's also unintuitive, best practice is not to simply check that the address you're giving out from your software wallet matches the address derived on your hardware wallet. Since it could be intercepted and replaced during transmission (this is where most attacks are, clipboard malware).\n\nRather, you want to check that the **sender** sees the same address as displayed on your hardware wallet. Making the workflow and describing this is rather tricky, it all depends on who you're receiving from - is it an in-person transaction (compare visually)? is it over DMs (ask can you see the address chunks)? Is it a withdrawal from an exchange (compare against confirmation email, if provided)?\n\nhttps://blossom.primal.net/190c972a8b02d30ba71c8102172cf758a63580eaedfefe7d09159ab2dc10a12a.png \nhttps://blossom.primal.net/5fc2c7b07d8a64a03ba3e73c9dd2bf757198cbcb2ccff77cd7d99d7cdc1b4ca2.png \nhttps://blossom.primal.net/4eb069af72195fafee16c0a1d31437f31c413b48a9b6ba7b5ea636e1536ee611.png ", "sig": "09d09603ad7c258b53c587312086e823a97077f0789ee69fa4638118c39bb4531fe555fee4521f42d140b2d410a252b59ec82435b6f684ce026f5674302c8e05" }