Catalyst Tech Support Asked for QR-Code. Don't Give It To Them. It's Your Voting Key

I am having trouble voting in Catalyst.

Tech support asked for the PDF generated with my QR-code.
They assured me they can not do anything with it because I still have the pin.
I feel that with only 10,000 combinations it would be very easy to brute force. So I declined.

Vitor Henrique (IOHK)

Feb 1, 2024, 18:47 GMT-3

Dear John,

Thank you for contacting the IOHK Technical Service Desk.
We look forward to helping you with your request.

Can you please:

Uninstall the app
Install it again from the App store you use
Try to connect it again

If it still does not work, please, share with us the PDF generated with your QR-code. Do not worry, the QR-code is the public key, it is impossible to access it without the PIN.

Please let us know if you have any questions.

Thanks,
The IOHK Technical Service Desk
IOHK Technical Support
https://iohk.zendesk.com | support@iohk.io | https://iohk.io

John Shearing
5:00 PM (14 minutes ago)
to IOHK

Greetings Vitor,
I uninstalled and reinstalled and then tried to vote again.
The result was the same.
I will not be sharing my qr-code with you requested because the pin is easy enough to brute force.
I will not be voting because I no longer trust the process or tech support.

Much thanks for your assistance.
Best regards, John

You are correct that both statements are wrong. The QR code is not the public, but the private key. And the PIN can easily be brute-forced.

Tried that with my own voting key during last Fund’s voting with just tools provided by Catalyst itself and it took like 10 minutes:

I also fail to see how the QR code should help in tackling your problem when the PIN is not known.

@dannyribar I really think, you should talk to the support team. That is not a good look at all.

Regarding the original problem:

Are you sure that QR/PIN are from the latest registration prior to 15th January?

Do you see the registration in your wallet app?

You can also check your wallet ID/voting key in the Catalyst Voting app:

Screenshot_20240202-0015231080×2160 199 KB

Searching that on adastat.net should give you a link to your staking account:

Screenshot_20240202-0016001080×2160 169 KB

If not, you can navigate to your staking account with your receive or stake address. There should be a Catalyst Wallet ID there:

Screenshot_20240202-0016291080×2160 284 KB

That ID is a link to the registration transaction. The transaction has to have happened before 2024-01-15 21:44 UTC. The Catalyst Wallet ID/voting public key is in field 1 in the metadata 61284:

Screenshot_20240202-0017161080×2160 206 KB

This should all match. If not, we might have a hint at what your problem might be.

Thanks @HeptaSean,

I am showing the same version and build as you but no wallet ID is listed above.
That makes sense because when I scan the qr-code and put in my pin I get the message shown in the first post saying that the qr-code is not linked to any known wallet.

I got the qr-code from my Eternl wallet on Jan 12.
I can see the transaction in the Eternl wallet and it says Jan 12.
The time stamp on the qr-code file is also Jan 12

You can also check the QR code output using the linux tool zbarimg which is in the Debian/Ubuntu package zbar-tools. This might help identify if your QR code image is somehow malformed.

zbarimg my_catalyst_registration_QR_code.png

QR-Code:somelonghexadecimalstring

When I registered my wallet for Catalyst voting, I also used Eternl, and I saved the QR code to a png file as well as the hexadecimal string to a text file. I just checked the output of zbarimg on my QR code png file and compared that with my text file hex data, and they were identical as expected.

Thanks @Terminada,
Yes, they appear to be exactly the same.