It's such a pain to check addresses when sending. Now I KNOW it would be long since you'd presumably convert to binary and then to mnemonics, and I'm too lazy to do the math. But imagine if instead of
bc1qzyda53xqwkqruex3mzwvpja04x23r572mygpgfc90qckdw2cwwaqr2h70u
you saw
fold laptop kitten marine impulse roast hundred brown desk ride broken advice appear awkward job logic elevator boy alert above shiver thought grace tone.
Or couldn't you just hash it and give an abbreviated version, since any change to it would change all the words?
856 sats \ 3 replies \ @Krv 1 Feb
It could be done. I'm not sure of the merits. I would guess that it could create confusion based on what seeds are currently used for.
In terms of addresses, I look at about 5 characters after the bc1, the last few, and identify patterns in between. Due to checksums, and the massive amount of randomness of an address, it's unlikely to find 3 or more matching segments in two different addresses you encounter.
reply
11 sats \ 0 replies \ @Krv 1 Feb
Another thing I would do was run it through md5sum on both computers. On linux: echo "bc1qzyda53xqwkqruex3mzwvpja04x23r572mygpgfc90qckdw2cwwaqr2h70u" | md5sum
12b0f10292c89d8be2e154ead4b8c819 -
Even a single character wrong makes a completely different hash. Thus, if they have the same lead 6 or so digits, they are virtually certain to be the same.
reply
Same.
And good point about confusion. But because of the randomness, I think there could be a function that hashes and shows you like four words to confirm. It could also be a different word list.
It is just such a source of friction for new users and it seems both really technical and unnecessary. I mean, you KNOW that can't happen if we get to large institutional custodial transfers.
reply
10 sats \ 0 replies \ @Krv 1 Feb
Seedsigner, and some other address tools use a 6 or 8 character hex fingerprint for the seeds. Maybe a fingerprint could be created for an address.
reply
Dude don’t share my seed phrase like that!
reply
118 sats \ 0 replies \ @nout 1 Feb
One thing that would also slightly help is having some spacing in the address, like bc1p5d 7rjq7g 6rdk2y hzks9s mlaqte dr4dek q08ge8 ztwac7 2sfr9r usxg32 97
reply
Let's hope that's not your actual seed! πŸ˜…
In basic terms: The seed words are like a trunk of a tree. You must keep them confidential and never reveal to anyone.
The public addresses are like leafs on that tree generated from the seed. You can share these addresses so people can send you money.
In a bit more advanced terms: The seed on its own is not sufficient to generate your wallet, you also need a passphrase if you set one and you also need a derivation path.
The derivation path is like main branches of the tree. You decide which version you gonna use. You own all the leafs on all the branches, but you typically only use one branch.
The leafs can be imagined as having two sides. Each public address you generate has a corresponding private address technically, but this complication is hidden in most wallets. All you see if the seed (to be kept secret) and the public addressed (to be shared).
reply
120 sats \ 4 replies \ @gbks 1 Feb
Visual formatting (example) can make this a lot easier.
There's also the idea of identicons to create a unique graphic for a quick visual check (just has the chicken-end-egg problem since it requires both places that show the address to also show the visual).
reply
i love the identicon idea
unlikely to be adopted though :/
reply
They're cool but I'm not sure about the security. Looks like 2^25 possible icons. Would make a great quick second level check though.
reply
0 sats \ 0 replies \ @gbks 2 Feb
Color is also a variable. Lots of variations on this idea, too, that might be better for security and legibility.
Totally agree that it's more of a quick gut-check. In most cases, it would just take a split second to compare two of these.
reply
that visual formatting helps a TON. Both grouping AND alternating colors.
reply
Thank you for the zap forward πŸ™ I don't know how I deserved this but I'm very grateful for it
reply
you do cool stuff πŸ™
reply
10 sats \ 0 replies \ @Fabs 1 Feb
Yeah, I'd vote for something like that.
reply
10 sats \ 1 reply \ @midas 1 Feb
Do you need to even check the full address?
On my wallet, I can only see the first 5 and last 5 characters for me to check and confirm.
reply
I suppose that's good enough for small to medium amounts. It would be quite hard for someone to create an address that they own that has the same first and last 5 characters. But if they were sophisticated and had your extended public key for some reason (like you had given it to an exchange you buy from), it is possible.
Also, not all wallets are like that. Smaller hardware wallets or software wallets with poor UI sometimes scroll the whole address, which is pretty annoying.
reply
Not sure about that, I want to double check the address is exactly what I expect it to be.
There would be no way to know if there's a man in the middle attack with the proposed method.
I just check the beginning and the end of the address.
Almost zero chances to get a different address with same beginning and end.
reply
An address is just a representation of the hash of the pubkey. Bech32 was an improvement on the base58 ones. There's no reason that bech32 would be the end. That being said there are requirements that a bag of words wouldn't satisfy. Whatever the form users need to check a sufficient number of bits to ensure accuracy. Words may or may not make that easier.
reply