Bitcoin Forum
November 09, 2024, 08:23:33 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Signing messages  (Read 791 times)
chriscross (OP)
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
August 17, 2013, 04:46:39 PM
 #1

Hello
In the sign/verify messages window of the official bitcoin wallet there are some sentences that i do not quite understand.
"Be careful not to sign anything vague, as phishing attacks may try to trick you into signing your identity over to them."
"Be careful not to read more into the signature than what is in the signed message itself, to avoid being tricked by a man-in-the-middle attack."
I don't get these warnings. Could anyone clarify?
Thanks
dillpicklechips
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
August 17, 2013, 04:53:05 PM
 #2

Signing means you own the address associated with it.

If someone wanted to pretend to be the owner of an address they could ask you to sign some random text or message to verify you. They then go and show another person the message. That's why it warns about being vague. Sign the messages with names, and details, so that other people can't then foreward it to someone else claiming they created the message.
chriscross (OP)
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
August 18, 2013, 03:20:15 PM
 #3

I think i get it. If someone asks me to sign a message instead of just sending a message like [message] i should add something like [Form the desk of chriscross (and other identifiable details)]? Right?
The second warning i still don't get...
Byteme
Newbie
*
Offline Offline

Activity: 32
Merit: 0



View Profile
September 22, 2013, 06:44:08 PM
 #4

I think i get it. If someone asks me to sign a message instead of just sending a message like [message] i should add something like [Form the desk of chriscross (and other identifiable details)]? Right?
The second warning i still don't get...

I think what he means is try to include details like, time and date payment was sent or details about what the payment is for.

However, i still do not fully understand the concept of this signing/verifying messages.

Say I send someone .32 BTC for 2 Eruptors listed from a group buy. The seller received my BTC as well as 35 other payments at around the same time and a lot of them are identical payments (.32BTC) as mine. Signing a message would tie my name to an address for the seller to create a "receipt" or at the least visually confirm that he is sending the items to the person that paid for them. Is this correct?

If I do not sign the message on my own, would the seller be able to request a signature message?

Byteme
Newbie
*
Offline Offline

Activity: 32
Merit: 0



View Profile
September 22, 2013, 06:52:59 PM
 #5

Please correct me if I am wrong but isn't one of the main reasons to use BTC is because of anonymity and the inability for purchases/payments to be tracked/hacked/duplicated? So isn't signing messages, attaching your name to the account and destroying your anonymity?

I'm sure it doesn't put a permanent name on the account but it creates some sort of "paper" trail for some1 to eventually figure out this address goes to this person?

Or is that the reason people recommend creating a new address for each purchase?

If it's not obvious I am still extremely new to BTC trading/purchases and have still not made a purchase with my wallets as I am still very unsure how the process is supposed to go and how to prove I paid if I don't get an item.

Thank you very much for your time, help and advice! It's all greatly appreciated!
wasserman99
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250



View Profile
September 22, 2013, 07:42:11 PM
 #6

Signing means you own the address associated with it.

If someone wanted to pretend to be the owner of an address they could ask you to sign some random text or message to verify you. They then go and show another person the message. That's why it warns about being vague. Sign the messages with names, and details, so that other people can't then foreward it to someone else claiming they created the message.
Pretty much this

Reaper3
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250



View Profile
September 22, 2013, 08:04:10 PM
 #7

Signing means you own the address associated with it.

If someone wanted to pretend to be the owner of an address they could ask you to sign some random text or message to verify you. They then go and show another person the message. That's why it warns about being vague. Sign the messages with names, and details, so that other people can't then foreward it to someone else claiming they created the message.

Not sure why you want to do this anywways, unless you are a bigshot like John etc

CHANGE FINANCE First Decentralised Global Crypto Bank
[color=#15B5E2 ]LINK TO ICO | LINK TO DISCUSSION
Byteme
Newbie
*
Offline Offline

Activity: 32
Merit: 0



View Profile
September 22, 2013, 08:11:36 PM
 #8

Signing means you own the address associated with it.

If someone wanted to pretend to be the owner of an address they could ask you to sign some random text or message to verify you. They then go and show another person the message. That's why it warns about being vague. Sign the messages with names, and details, so that other people can't then foreward it to someone else claiming they created the message.

Not sure why you want to do this anywways, unless you are a bigshot like John etc

I am only getting more confused now...=/
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!