📅 Original date posted:2018-11-08
📝 Original message:> Copying addresses to the clipboard should be discouraged, rather than
> supported.
Do you know any reasonably convenient mechanism for end user to
transfer an address from, say, a web page to the wallet address
input field ?
The clipboard is just a low-hanging fruit for malware, anyway. It just
the most easy point to replace an address. If the computer is
compromized, malware can edit the web page in the memory of the browser
process, for example. If it shown as QR code, malware can decode,
detect that it is an address, and replace the image of QR code.
I think that the only way to protect from this is to add some form of
authentication for an address - 2fa (transfer checksum via second
channel), visual fingerprints for addresses, that will are hard to
detect (and hence, replace) for malware, signing the destination address
with the key of an address that is already known and checking the
signature, etc.
The problem will be to come up with an address authentication procedure
that will be convenient for users and widely supported, as a result.
Dmitry Petukhov [ARCHIVE] /
npub10r…9afdw
2023-06-07 18:15:10
in reply to nevent1q…mutd
Author Public Key
npub10r66s2stvnancx9axwnfc5a34asjkwkgmkq7ztm5hf30x7fa4szsv9afdwPublished at
2023-06-07 18:15:10Event JSON
{
"id": "e7cde5f77e8c9772bdafedd3433098a3cc1d4ad6f7a18bfae6e2fb3b128856b5",
"pubkey": "78f5a82a0b64fb3c18bd33a69c53b1af612b3ac8dd81e12f74ba62f3793dac05",
"created_at": 1686161710,
"kind": 1,
"tags": [
[
"e",
"6b2133cdefe033c98de94718f9aec1f0191d14197767d256b7dab51b73fd3e89",
"",
"root"
],
[
"e",
"d82bb5e71f90b826318ab7210e7fa270bad43dff050141f813026874ebc9651f",
"",
"reply"
],
[
"p",
"3215b3d77dff1f84eeb5ad46fb1206a8d1657b3ea765a80b5489ece3a702d2bc"
]
],
"content": "📅 Original date posted:2018-11-08\n📝 Original message:\u003e Copying addresses to the clipboard should be discouraged, rather than\n\u003e supported.\n\nDo you know any reasonably convenient mechanism for end user to\ntransfer an address from, say, a web page to the wallet address\ninput field ?\n\nThe clipboard is just a low-hanging fruit for malware, anyway. It just\nthe most easy point to replace an address. If the computer is\ncompromized, malware can edit the web page in the memory of the browser\nprocess, for example. If it shown as QR code, malware can decode,\ndetect that it is an address, and replace the image of QR code.\n\nI think that the only way to protect from this is to add some form of\nauthentication for an address - 2fa (transfer checksum via second\nchannel), visual fingerprints for addresses, that will are hard to\ndetect (and hence, replace) for malware, signing the destination address\nwith the key of an address that is already known and checking the\nsignature, etc.\n\nThe problem will be to come up with an address authentication procedure\nthat will be convenient for users and widely supported, as a result.",
"sig": "810ff6d5e2fea4160ed404a568b2b7e5b2c3f0f6513a200d0a242344d9cb00d33ff0a6fcdd5824bba12512bd8276e2fc967b6543c38b5878deeeff9086ea870a"
}