📅 Original date posted:2018-11-08
📝 Original message:On 08/11/2018 09.11, Dmitry Petukhov via bitcoin-dev wrote:
>> Copying addresses to the clipboard should be discouraged, rather than
>> supported.
>
> Do you know any reasonably convenient mechanism for end user to
> transfer an address from, say, a web page to the wallet address
> input field ?
- QR code scanning of a Bitcoin URI
- On Android: A "bitcoin:" URI intent or a BIP70 payment message intent
- On desktop OSes there are similar mechanisms to launch Apps from the
browser (e.g. for mailto: links)
> The clipboard is just a low-hanging fruit for malware, anyway. It just
> the most easy point to replace an address. If the computer is
> compromized, malware can edit the web page in the memory of the browser
> process, for example. If it shown as QR code, malware can decode,
> detect that it is an address, and replace the image of QR code.
For editing the clipboard your computer doesn't need to be compromised!
*Any* app can do it, without special permission.
> I think that the only way to protect from this is to add some form of
> authentication for an address - 2fa (transfer checksum via second
> channel), visual fingerprints for addresses, that will are hard to
> detect (and hence, replace) for malware, signing the destination address
> with the key of an address that is already known and checking the
> signature, etc.
For cases where the payee is a well-known entity the BIP70 payment
protocol has authentication via certificates. That doesn't work for the
"the person in front of you is the only trust anchor you have" usecase
though.
Andreas Schildbach [ARCHIVE] /
npub1xg…adsv7
2023-06-07 18:15:10
in reply to nevent1q…z828
Author Public Key
npub1xg2m84malu0cfm4444r0kysx4rgk27e75aj6sz6538kw8fcz627qeadsv7Published at
2023-06-07 18:15:10Event JSON
{
"id": "0c3d131bb562fd9fe1f9367ca675534d0c7532fcc408fe5ec5485f70ab086107",
"pubkey": "3215b3d77dff1f84eeb5ad46fb1206a8d1657b3ea765a80b5489ece3a702d2bc",
"created_at": 1686161710,
"kind": 1,
"tags": [
[
"e",
"6b2133cdefe033c98de94718f9aec1f0191d14197767d256b7dab51b73fd3e89",
"",
"root"
],
[
"e",
"e7cde5f77e8c9772bdafedd3433098a3cc1d4ad6f7a18bfae6e2fb3b128856b5",
"",
"reply"
],
[
"p",
"78f5a82a0b64fb3c18bd33a69c53b1af612b3ac8dd81e12f74ba62f3793dac05"
]
],
"content": "📅 Original date posted:2018-11-08\n📝 Original message:On 08/11/2018 09.11, Dmitry Petukhov via bitcoin-dev wrote:\n\n\u003e\u003e Copying addresses to the clipboard should be discouraged, rather than\n\u003e\u003e supported.\n\u003e \n\u003e Do you know any reasonably convenient mechanism for end user to\n\u003e transfer an address from, say, a web page to the wallet address\n\u003e input field ?\n\n- QR code scanning of a Bitcoin URI\n- On Android: A \"bitcoin:\" URI intent or a BIP70 payment message intent\n- On desktop OSes there are similar mechanisms to launch Apps from the\nbrowser (e.g. for mailto: links)\n\n\u003e The clipboard is just a low-hanging fruit for malware, anyway. It just\n\u003e the most easy point to replace an address. If the computer is\n\u003e compromized, malware can edit the web page in the memory of the browser\n\u003e process, for example. If it shown as QR code, malware can decode,\n\u003e detect that it is an address, and replace the image of QR code.\n\nFor editing the clipboard your computer doesn't need to be compromised!\n*Any* app can do it, without special permission.\n\n\u003e I think that the only way to protect from this is to add some form of\n\u003e authentication for an address - 2fa (transfer checksum via second\n\u003e channel), visual fingerprints for addresses, that will are hard to\n\u003e detect (and hence, replace) for malware, signing the destination address\n\u003e with the key of an address that is already known and checking the\n\u003e signature, etc.\n\nFor cases where the payee is a well-known entity the BIP70 payment\nprotocol has authentication via certificates. That doesn't work for the\n\"the person in front of you is the only trust anchor you have\" usecase\nthough.",
"sig": "975a270958b4cf31bc3c959367e2d639fdde0b1ecd14321eb2f4d57cb649ddc6249b9a9c6e152073e23a57c6b4b94655f031b8bbf203ddc0c4c5724ba8e058c2"
}