On Mon, Oct 17, 2022 at 07:07:07PM -0500, Bryan Bishop via bitcoin-dev wrote: > > Isn't this the same problem but now for copy-pasting pubkeys instead of an > address? >
No, as I understand the proposal, the "public key" held by the wallet is simply a signing key used to authenticate addresses, and never leaves the wallet. Yes, if the wallet's own memory is compromised, it can be tricked into accepting bad addresses, but this is much much harder than compromising data on the clipboard, which basically any application can do without any "real" exploits or special permissions. As an extreme, this proposal could be run on a hardware wallet which had some out-of-band way to obtain and authenticate public keys (similar to Signal QR codes). -- Andrew Poelstra Director of Research, Blockstream Email: apoelstra at wpsoftware.net Web: https://www.wpsoftware.net/andrew The sun is always shining in space -Justin Lewis-Webster
signature.asc
Description: PGP signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
