Feature: bytewise double check wallet receive address

featurerequest
daedalus

#1

Would it make sense to include a simple byte-wise comparison check in Daedalus wallet?

May some know this kind of attach where compromised computers watch the copy&paste for valid crypto addresses, generate their own and replace it in order to let you send the money to an adversary.

Binance for example sends you an email and ask to verify and compare every single character.

Now my question is: if you would copy&paste this address back to a “compare tool” inside Daedalus and see a :white_check_mark: or :x: the adversary would require to “fake-back” a second time, what would be possible but already more difficult.


#2

From a security point of view I don’t think it makes sense:

  1. It’s game over when an adversary has a program running on the same OS as Daedalus. The same program could log keystrokes including the spending and restoration keys, capture your screen, upload Daedalus files to the Internet including the private key.
  2. Like you said, attackers could easily adapt their tool to change the clipboard content depending e.g. on the top window’s title.

From a user experience standpoint it’d be neat to have this Does this address belong to me? feature, especially if someone generated hundreds of addresses for a wallet. Such a tool can already be quickly implemented using the cardano-sl API.

According to https://cardanoroadmap.com/, addresses will become shorter during the Shelley release:

Human Friendly Addresses

Significantly shorter addresses will be displayed in the user interface, making them easier to be communicated.


#3

Yes, I agree, and that’s why I put a “would it make sense” in front.

From what I know this first came up in 2014/2015 and there was a more recent case reported at the end of 2017 after being active for over one year by targeting “not only Bitcoin, but also Ethereum, Zcash, Monero, Dash, Dogecoin” (https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/)

I decided to suggest a normal use case. My original idea was to use my smartphone as a little OCR scanner, reading the address from the desktop screen. Then I copy&paste the address on desktop into a little tool who sends my (or the faked) address to the app on my smartphone (like a little chat tool). the OK or KO then would be resulting there. The problem with this idea is that as soon as the desktop tool is known the adversary again could adapt and skip fake pastes into it. Maybe it would make sense for a well-known messenger app like telegram to have such an “ocr verification” because it can get the address through his messaging protocol and not the clipboard.

It’s just writing some thoughts out publicly because I don’t like the idea that I have to manually double check every single byte of every transaction address for the rest of my life.