"Sign Message" window should incorporate encoding/hash output then sign the message #2132

issue Xenland opened this issue on December 27, 2012
  1. Xenland commented at 4:29 PM on December 27, 2012: none

    Some contracts/messages (if not all) contain non-ascii characters to present a type of formatting such as "\n" and other hidden characters of that nature. The sign message window should detect base64 input and if it looks like a base64 string it should pop-up a text box displaying the decoded message.

    With out base64 incorporation, any document containing hidden characters that are presented through a stream will not match the receipts signature with the senders signature. I think the decoded message should be displayed as well since users deserve to know what they are signing with out having to trust third-party applications to decode the base64 for them.

  2. gmaxwell commented at 5:26 PM on December 27, 2012: contributor

    Sign a hash, not the data— otherwise what happens wen you want to sign something containing 10 mbytes of images? :) Opaquely packing data in the signature has problems with the data not matching what you think it will match, even if it decodes it— who's going to notice a " not " slipped into the middle of a two page contract, when it only shows up on the received signature?

  3. Xenland commented at 2:35 AM on December 28, 2012: none

    Good point & solution. I can't really think of a reason not to sign the hash.

  4. Xenland closed this on Dec 28, 2012
  5. Xenland commented at 1:55 AM on January 3, 2013: none

    Okay what about this issue, How do we promote users "Not to sign anything vague" when we are promoting them to sign digests. Which to any users is just a string of random letters and numbers; It doesn’t mean a thing to a non-technical person. I realise that sha256 doesn’t have any (known or mathematically computed) collisions but to a non-technical person that doesn’t mean anything, so with this social engineering flaw in mind we can assume any joe-shmoe can invent his own "predictable digest" or even just provide a base64 encoding of the message the non-technical user wouldn't know a thing of the difference and could agree to things they are unaware of. I don't know where we need to go to further this discussion the possibilities of this issue, shall I open it up in the forums?

  6. Xenland reopened this on Jan 3, 2013
  7. Xenland commented at 5:53 PM on January 3, 2013: none

    I opened the discussion here(https://bitcointalk.org/index.php?topic=134479.0) As git comments here will be used for posting updates/changes that are agreed upon (Seems to be the protocol for discussion around here any ways)

  8. gmaxwell commented at 6:02 PM on January 3, 2013: contributor

    I don't see any reason to keep this open at this time.

  9. gmaxwell closed this on Jan 3, 2013
  10. Xenland commented at 9:33 PM on January 3, 2013: none

    Looks like the issue on my end was that the website wasn't encoded in UTF-8 and thus the characters the user was copying wouldn't verify. My intention wasn’t to waste anyone’s time I thought this was a real issue. Cheers mates

  11. MarcoFalke locked this on Sep 8, 2021
Contributors
Xenlandgmaxwell
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-21 18:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me