New concept ~Feedback needed!

[riqo]

 

[Cricktor]

I'm aware of the existance of clipboard malware and how copy-paste attacks could be executed. And since I know that Bitcoin public addresses already contain a partial SHA256 checksum, I'm asking myself why do we need this what you propose?

Sure, it's easier to check and compare only 4 hexadecimal characters (quite limited btw) and I don't oversee at the moment how much security for correctness of the copy/pasted address this brings.

You were scammed because you didn't care to check copy/pasted addresses. Now we need this extra limited checksum to wiggle around user's carelessness or lack of security conciousness with respect to Bitcoin public addresses? I'm not convinced that this is a needed solution.

I forced myself to always, without exception, check 6-7 characters at the front and at the end of a public address, sometimes also a few characters in the middle. This is usually enough to verify that an address has been copy/pasted intact as otherwise the integrated checksum won't be correct if there's another character difference. Everybody should know this and always check copy/pasted addresses or they're a lost case, period.

Software, where you paste public addresses to has to check the integrity of a Bitcoin address. The error correction for Bech32 and Bech32m is even better than with legacy types.

[pooya87]

Wallet Address | Wallet Tag
1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa| 313e

How a Wallet Tag is generated ?
The wallet tag is basicly generated through encrypting the wallet address in SHA256 and extraction from that hash the two first and last alphanumeric characters,together.

First of all what you are doing is not encrypting (SHA256 is also not an encryption algorithm). It is called computing checksum.

Secondly, since this checksum is very small (2 bytes) and the algorithm (single SHA256 hash of UTF8 string) is too fast (inexpensive) so it is not that hard to brute force and create a fake address with the same checksum. I computed this address in less than a second with the same checksum.

Code:

1A1zP1eP5QGefi2DMPTfTL4oWtPc8zFosz | 313e

Of course this is just a concept to show how easy it is to find a "collision" when the checksum is very small. In practice the attacker needs the key to the malicious address which means they have to perform a process similar to generating a "vanity address", an address that has the same starting characters.
The extra 16 bit checksum is definitely adding an extra layer for authenticity check but but it doesn't slow down that process enough to be impactful.

P.S. Maybe the checksum algorithm could be changed into something far more expensive to make brute forcing harder. For example using a memory expensive KDF like scrypt with high iteration count.