Standard Check Numbers (checksums for addresses)

[yogi]

Am I really the only one who makes detailed comparisons between bitcoin addresses to ensure they are the same?

I guess I must just be paranoid, maybe it's the irreversibility of a bitcoin transaction that scares me.

If this is true then you aren't going to be satisfied with the checksum you are requesting.  There is already a 32-bit checksum built in to the address.  If knowing that you still feel a need to make a detailed comparison between bitcoin addresses, then how is an additional 32-bit checksum going to keep you from feeling like you still need to make a detailed comparison between bitcoin addresses to ensure they are the same?

I think it would be quicker, for a human being, to make a cursory inspection of an address followed by a detailed inspection of a check number, as opposed to a detailed inspection of the full address.

But, as I'm the only one who compares bitcoin addresses I guess it's redundant.

Thanks all for the feedback.

[1714107972]

1714107972

[1714107972]

1714107972

[1714107972]

1714107972

[1714107972]

1714107972

[Pieter Wuille]

I think it would be quicker, for a human being, to make a cursory inspection of an address followed by a detailed inspection of a check number, as opposed to a detailed inspection of the full address.

That is exactly the same thing as: making a cursory inspection of an address followed by a detailed inspection of the last few characters of the address (as an address can be considered to be the pubkeyhash with its own checksum appended).

[DannyHamilton]

I don't know but you are the only one who asks a question, gets 3 answers, ignores them and then asks the same question again. 

Bye.

Agreed.  I'm not sure if Yogi is incapable of comprehension or simply not paying attention, but at this point I give up.

[marcus_of_augustus]

I think it would be quicker, for a human being, to make a cursory inspection of an address followed by a detailed inspection of a check number, as opposed to a detailed inspection of the full address.

That is exactly the same thing as: making a cursory inspection of an address followed by a detailed inspection of the last few characters of the address (as an address can be considered to be the pubkeyhash with its own checksum appended).

Thank you Pieter for explaining to yogi what the condescending others were trying to say to the poor guy without actually spelling out what he needs to do.

Specifically, closely check THE LAST FOUR CHARACTERS of the bitcoin address, there is your built-in checksum.

eg:
12YgtanvDic1y5ZcgW5wCrwwBzSWrSUgXE


I just eyeball the first 4-6 but closely check the last 4-6 ... and never had an issue, hope this helps yogi.

https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses

[DannyHamilton]

. . . Specifically, closely check THE LAST FOUR CHARACTERS of the bitcoin address, there is your built-in checksum.

eg:
12YgtanvDic1y5ZcgW5wCrwwBzSWrSUgXE

I just eyeball the first 4-6 but closely check the last 4-6 ... and never had an issue, hope this helps yogi.

That won't help the OP.  As he has already explained that he is concerned that he might have made a typo in the other characters.  How is looking at the last 4 characters going to tell you if you made a typo elsewhere in the address?

. . . Thank you Pieter for explaining to yogi what the condescending others where trying to say to the poor guy without actually spelling out what he needs to do . . .

I've been trying hard to not be condescending. But each time I try to explain the situation, the same question keeps coming back.  I simplify the explanation further and try harder to understand the use-case that the OP is concerned about. Still, the same question.

At this point is isn't a matter of condescension, it's just a matter of running out of ways to explain it, and the user refusing to offer a single real life use-case that they are concerned about.

[Maged]

I often double/triple check addresses and I think what I'm asking for is just to give me piece of mind. I feel especially uneasy when sending an address via IRC, I think it would be nice to be able to do the following;

IRC Chatlog:

Me: Here's my address 31uEbMgunupShBVTewXjtqbBv5MndwfXhb

Other: check FF4857EB

Me: confirmed

This would give me confidence that the address that was enter into the wallet by the other person is indeed the address I wanted to send to them.

So, to simplify things even further...
IRC Chatlog, v2:

Me: Here's my address 31uEbMgunupShBVTewXjtqbBv5MndwfXhb

Other: check 31uEbMgunupShBVTewXjtqbBv5MndwfXhb

Me: *looks generally over the address, then specifically checks the last 4 characters* confirmed

That's all there is to this. Someone would have to specially go out of the way to bruteforce a typo that wouldn't be caught by doing this easy check.

[DannyHamilton]

So, to simplify things even further...
IRC Chatlog, v2:

Me: Here's my address 31uEbMgunupShBVTewXjtqbBv5MndwfXhb

Other: check 31uEbMgunupShBVTewXjtqbBv5MndwfXhb

Me: *looks generally over the address, then specifically checks the last 4 characters* confirmed

That's all there is to this. Someone would have to specially go out of the way to bruteforce a typo that wouldn't be caught by doing this easy check.

And the check isn't even necessary since the address won't work in the Bitcoin client that "Other" is using unless it is valid in the first place.

[marcus_of_augustus]

So, to simplify things even further...
IRC Chatlog, v2:

Me: Here's my address 31uEbMgunupShBVTewXjtqbBv5MndwfXhb

Other: check 31uEbMgunupShBVTewXjtqbBv5MndwfXhb

Me: *looks generally over the address, then specifically checks the last 4 characters* confirmed

That's all there is to this. Someone would have to specially go out of the way to bruteforce a typo that wouldn't be caught by doing this easy check.

And the check isn't even necessary since the address won't work in the Bitcoin client that "Other" is using unless it is valid in the first place.

We shouldn't assume that, this is a development thread not technical support.

[John (John K.)]

I do a cursory review over the first 4 characters after the 1, and the last 4 characters whenever I send or copy addresses. That's enough to prevent my coins from falling in wrong hands, unless the situation DannyHamilton outlined in the past page occurs.(and no coins would be lost in this case anyway, just a delay in receiving/sending the coins)

[grue]

. . . Specifically, closely check THE LAST FOUR CHARACTERS of the bitcoin address, there is your built-in checksum.

eg:
12YgtanvDic1y5ZcgW5wCrwwBzSWrSUgXE

I just eyeball the first 4-6 but closely check the last 4-6 ... and never had an issue, hope this helps yogi.

That won't help the OP.  As he has already explained that he is concerned that he might have made a typo in the other characters.  How is looking at the last 4 characters going to tell you if you made a typo elsewhere in the address?

you're not getting it, are you? if the last 4 characters match, there's a 99.999999976716935634613037109375% chance that there wasn't a typo in the rest of the address. what's the difference between an address that is 4 chars shorter + 4 char checksum and a standard address (with 4 char checksum built-in)? obviously, there's no point in adding a checksum for a checksum.

if the lack of a checksum really bothers you that much, simply split each address you see into two parts: with the last 4 being the "checksum" and the rest being the "address"

[DannyHamilton]

. . . Specifically, closely check THE LAST FOUR CHARACTERS of the bitcoin address, there is your built-in checksum.

eg:
12YgtanvDic1y5ZcgW5wCrwwBzSWrSUgXE

I just eyeball the first 4-6 but closely check the last 4-6 ... and never had an issue, hope this helps yogi.

That won't help the OP.  As he has already explained that he is concerned that he might have made a typo in the other characters.  How is looking at the last 4 characters going to tell you if you made a typo elsewhere in the address?

you're not getting it, are you? . . .

No, you don't get it.

Here . . .
Without entering it into a bitcoin client, can you tell me if I made I typo in the following address?

1DEoPhZz8JEePTZHSMB1KxYBEwYL5rp3eK

If I've just given you this address to send me coins later, but you don't have access to a bitcoin client right now, how can we both be sure that I didn't make a typo when I entered the address here?

Note: I can confirm that the last 4 characters definitely match the last 4 characters of the address that I intended to enter.  Does this mean that I typed the rest of the address correctly?

[grue]

No, you don't get it.

Here . . .
Without entering it into a bitcoin client, can you tell me if I made I typo in the following address?

1DEoPhZz8JEePTZHSMB1KxYBEwYL5rp3eK

If I've just given you this address to send me coins later, but you don't have access to a bitcoin client right now, how can we both be sure that I didn't make a typo when I entered the address here?

Note: I can confirm that the last 4 characters definitely match the last 4 characters of the address that I intended to enter.  Does this mean that I typed the rest of the address correctly?

so you want a checksum implementation that can be done quickly using mental math (why else wouldn't you have access to a bitcoin client?), and can detect errors with a reasonable amount of certainty? pretty sure that's impossible because there are 40+ characters in a bitcoin address and a human's short term memory isn't long to even cover a forth of that, let alone any intermediate values.

[DeathAndTaxes]

1DEoPhZz8JEePTZHSMB1KxYBEwYL5rp3eK

If I've just given you this address to send me coins later, but you don't have access to a bitcoin client right now, how can we both be sure that I didn't make a typo when I entered the address here?

Without a client how are you going to compute the "external checksum"?

Still even if you didn't have access to the client if there is a typo then all but 1 in 2^32 times when you DO go to enter it into the Bitcoin client it will notify you that the address is invalid.

So what was the problem again?


Hell someone make "IsThisBitcoinAddressGood.Com?" with a simple javascript checksum validator so we can cross this non-existent problem off the list.

[nybble41]

Without entering it into a bitcoin client, can you tell me if I made I typo in the following address?

so you want a checksum implementation that can be done quickly using mental math (why else wouldn't you have access to a bitcoin client?), and can detect errors with a reasonable amount of certainty?

Exactly. For any checksum to work, the sender would need software to generate the checksum, and the receiver would need software to validate it. A "mental checksum" is infeasable for addresses of the necessary complexity to ensure security. You might as well use the Bitcoin client, or simplified special-purpose software which merely validates addresses, without any extra "check numbers".

Note that bitcoind even includes a "validateaddress" RPC command for just this purpose.

[CIYAM]

If the problem is really one of "typing" the address (rather than copying and pasting) then I'm guessing the point is *not* that you could end up sending to the wrong address but that you can't send BTC at all because you have mistyped the address (isn't this what the OP was trying to discuss?).

If so it would make some sense to have a CRC32 displayed somewhere so you can then use the standard crc32 tool (or something equivalent for Windoze) to be certain you didn't make a typo (although I have never typed in a full Bitcoin address myself - always copy and paste and check the first 4 after the 1 and the last four as others have mentioned).

And of course if you have Bitcoin running then you can immediately test whether the address is valid using it (so would seemingly only make sense if you did not have Bitcoin running but needed to record an address and *did* have CRC32 handy).

[DeathAndTaxes]

If the problem is really one of "typing" the address (rather than copying and pasting) then I'm guessing the point is *not* that you could end up sending to the wrong address but that you can't send BTC at all because you have mistyped the address (isn't this what the OP was trying to discuss?).

If so it would make some sense to have a CRC32 displayed somewhere so you can then use the standard crc32 tool (or something equivalent for Windoze) to be certain you didn't make a typo (although I have never typed in a full Bitcoin address myself - always copy and paste and check the first 4 after the 1 and the last four as others have mentioned).

Wait so someone will have access to a CRC32 tool but not the Bitcoin client.

I mean isn't the most common scenario:

you: send 100 BTC to 1DEoPhZz8JEePTZHSMB1KxYBEwYL5rp3e

[me entering into Bitcoin client] beep beep boop boop. <ERROR>
me:  Hey man that isn't a valid address.  I know because my handy dandy Bitcoin client (which has a better checksum than any dubious manual checksum scheme), says so.

you: oops I left the last digit off. It is 1DEoPhZz8JEePTZHSMB1KxYBEwYL5rp3eK

me: Gotcha.  100 BTC sent.  here is the tx id: ....

you: Good thing Satoshi was one smart dude and built a checksum right in otherwise I would have lost 100 BTC.


me: Yeah or to avoid that we would have had to do some dubious and error prone manual checksum which we send back and forth over IRC like a bunch of idiots.  Being manual and involving humans there is a good chance we would still frak it up.

you: Yup!

I mean someone would rather
1) Get an address but NOT use the client to validate it
2) Use CRC32 tool. 
3) Calculate the checksum. 
4) Send the checksum back to the sender.  
5) Sender verifies.  Find out the checksum is wrong.  
6) Sender and/or receiver notices error.  
7) Recalculate checksum.  
Resend checksum to sender.  Verifies ok.  
..... then .....
9) enter it into the bitcoin client  which (drumroll) VALIDATES IT BEFORE SENDING USING THE BUILT IN CHECKSUM.

[grue]

Hell someone make "IsThisBitcoinAddressGood.Com?" with a simple javascript checksum validator so we can cross this non-existent problem off the list.

even better: a mobile app with OCR/QR support

[CIYAM]

Wait so someone will have access to a CRC32 tool but not the Bitcoin client.

Of course I think such a situation would be a little strange but perhaps if you all you had was a smartphone, no internet access and you couldn't take a photo of the address because say you are getting it from someone who has called you from a landline *and* your smartphone does have the ability to display checksums via its File Manager or similar then it could make some sense.

[DannyHamilton]

so you want a checksum implementation that can be done . . .

Me??? No.  Take a look at this thread. I think you'll find that I was the very first person to explain to the OP that there is a checksum built in to the address.  I'm just trying to help people guess why the OP might want an additional checksum.  (See my previous guess at an imaginary scenario here.)

Without a client how are you going to compute the "external checksum"?

I don't run a client when I'm at work, but I can easily run:

Code:

echo "1bitcoinaddress" | my_favorite_checksum

So what was the problem again?

I have no idea, but I'm doing my best to be understanding and try to guess exactly what the OP's concern was.

Exactly. For any checksum to work, the sender would need software to generate the checksum, and the receiver would need software to validate it.

Which I think might be why the OP was requesting a "standard" checksum.  (meaning something he'd have available on most any computer even if a bitcoin client wasn't available)

A "mental checksum" is infeasable . . .

Clearly.  I don't think the OP ever said anything about a "mental checksum".

If the problem is really one of "typing" the address (rather than copying and pasting) then I'm guessing the point is *not* that you could end up sending to the wrong address but that you can't send BTC at all because you have mistyped the address (isn't this what the OP was trying to discuss?).

If so it would make some sense to have a CRC32 displayed somewhere so you can then use the standard crc32 tool (or something equivalent for Windoze) to be certain you didn't make a typo (although I have never typed in a full Bitcoin address myself - always copy and paste and check the first 4 after the 1 and the last four as others have mentioned).

And of course if you have Bitcoin running then you can immediately test whether the address is valid using it (so would seemingly only make sense if you did not have Bitcoin running but needed to record an address and *did* have CRC32 handy).

Exactly.  This is what I was getting at when I asked the OP if this scenario was what he was concerned about.

Wait so someone will have access to a CRC32 tool but not the Bitcoin client.

That appears to be the scenario the OP was asking about (as best as I can guess).

I mean someone would rather
1) Get an address but NOT use the client to validate it
2) Use CRC32 tool.  
3) Calculate the checksum.
4) Send the checksum back to the sender.  
5) Sender verifies.  Find out the checksum is wrong.  
6) Sender and/or receiver notices error.  
7) Recalculate checksum.  
Resend checksum to sender.  Verifies ok.  
..... then .....
9) enter it into the bitcoin client  which (drumroll) VALIDATES IT BEFORE SENDING USING THE BUILT IN CHECKSUM.

If the OP isn't trolling, then apparently yes.

[nybble41]

Exactly. For any checksum to work, the sender would need software to generate the checksum, and the receiver would need software to validate it.

Which I think might be why the OP was requesting a "standard" checksum.  (meaning something he'd have available on most any computer even if a bitcoin client wasn't available)

There are no "standard" checksum programs which are always present by default regardless of your operating system, without going out of your way to install something, at which point you might as well just install software to validate standard Bitcoin addresses, or find a web site capable of the same, without bothering with a separate "check number".

Most desktop and server versions of Linux do include tools to calculate MD5 and SHA checksums, but if either side is using a Windows, Android, or iOS device then you're out of luck so far as a "standard" checksum is concerned. Even on Linux, manually calculating a checksum is less user-friendly (and more error-prone) than just pasting the address into a field on some Bitcoin address validation web site, and adds work for the sender rather than just the recipient.