Pages:
Author

Topic: Standard Check Numbers (checksums for addresses) (Read 3135 times)

legendary
Activity: 1792
Merit: 1111
Am I really the only one who makes detailed comparisons between bitcoin addresses to ensure they are the same?

I guess I must just be paranoid, maybe it's the irreversibility of a bitcoin transaction that scares me.

I usually compare the first few characters, a few characters in the middle, and the last few characters. That should be good enough because the last few characters are actually the checksum that you want (by double SHA256, not CRC).
legendary
Activity: 3472
Merit: 4801
What overhead? Which tool?
overhead = all the extra chatter resulting from exchanging checksums, requesting a compare, acknowledging the checksum, and calculation of the extra checksum on both sides.
Exactly. The OP is trying to reduce some of that overhead by having the Bitcoin-Qt client display the checksum next to the address.  That way they don't need to calculate it on their side.  The person who receives the address would calculate it, and the person sending the address would glance at their own client (or have the checksum written/memorized?)
so why doesn't the existing checksum not satisfy that requirement?
As far as I'm concerned it does.

As far as I can tell from what the OP had said, it seems that he was concerned about a situation where the person receiving the address wouldn't have access to a bitcoin client to validate the address but would have access to some sort of "standard" checksum program.  A checksum that would not be given to the the receiver of the address but which he could quickly/easily generate and give back for the address sender to validate against what the address sender has from his own client.
legendary
Activity: 2058
Merit: 1452
What overhead? Which tool?
overhead = all the extra chatter resulting from exchanging checksums, requesting a compare, acknowledging the checksum, and calculation of the extra checksum on both sides.
Exactly. The OP is trying to reduce some of that overhead by having the Bitcoin-Qt client display the checksum next to the address.  That way they don't need to calculate it on their side.  The person who receives the address would calculate it, and the person sending the address would glance at their own client (or have the checksum written/memorized?)
so why doesn't the existing checksum not satisfy that requirement?
legendary
Activity: 3472
Merit: 4801
Getting ridiculous? When wasn't it ridiculous?  I don't see how a 1MB checksum added to the address would make any difference.  Just in case of what?
you're saying a checksum isn't enough, and we want to be even more sure . . .
Me? I never said any such thing.  You really need to pay closer attention when you read.

What overhead? Which tool?
overhead = all the extra chatter resulting from exchanging checksums, requesting a compare, acknowledging the checksum, and calculation of the extra checksum on both sides.
Exactly. The OP is trying to reduce some of that overhead by having the Bitcoin-Qt client display the checksum next to the address.  That way they don't need to calculate it on their side.  The person who receives the address would calculate it, and the person sending the address would glance at their own client (or have the checksum written/memorized?)

it's trivial to install a command line tool (or even a bash script) that simply verifies a bitcoin address, rather than adding additional checksums. if you have the facilities to compute a reliable checksum, you can also just as easily check a bitcoin address.
Perhaps if someone would have pointed the OP at such a tool or script, we could have avoided most of this discussion.  Nobody seemed to be aware of any such thing.
legendary
Activity: 2058
Merit: 1452
this is getting ridiculous. i guess we can extend this argument to adding a 1MB checksum to every bitcoin address just in case
Getting ridiculous? When wasn't it ridiculous?  I don't see how a 1MB checksum added to the address would make any difference.  Just in case of what?
you're saying a checksum isn't enough, and we want to be even more sure, so i'm extending the argument to a 1MB checksum just in case of a 1 in a gazillion chance typo

so we have to add all this useless overhead just because someone doesn't want to install a simple tool?
What overhead? Which tool?
overhead = all the extra chatter resulting from exchanging checksums, requesting a compare, acknowledging the checksum, and calculation of the extra checksum on both sides.

it's trivial to install a command line tool (or even a bash script) that simply verifies a bitcoin address, rather than adding additional checksums. if you have the facilities to compute a reliable checksum, you can also just as easily check a bitcoin address.
legendary
Activity: 3472
Merit: 4801
this is getting ridiculous. i guess we can extend this argument to adding a 1MB checksum to every bitcoin address just in case
Getting ridiculous? When wasn't it ridiculous?  I don't see how a 1MB checksum added to the address would make any difference.  Just in case of what?

so we have to add all this useless overhead just because someone doesn't want to install a simple tool?
What overhead? Which tool?
legendary
Activity: 2058
Merit: 1452
Me??? No.  Take a look at this thread. I think you'll find that I was the very first person to explain to the OP that there is a checksum built in to the address.  I'm just trying to help people guess why the OP might want an additional checksum.  (See my previous guess at an imaginary scenario here.)
this is getting ridiculous. i guess we can extend this argument to adding a 1MB checksum to every bitcoin address just in case

Without a client how are you going to compute the "external checksum"?
I don't run a client when I'm at work, but I can easily run:

Code:
echo "1bitcoinaddress" | my_favorite_checksum
so we have to add all this useless overhead just because someone doesn't want to install a simple tool?
full member
Activity: 152
Merit: 100
Exactly. For any checksum to work, the sender would need software to generate the checksum, and the receiver would need software to validate it.
Which I think might be why the OP was requesting a "standard" checksum.  (meaning something he'd have available on most any computer even if a bitcoin client wasn't available)
There are no "standard" checksum programs which are always present by default regardless of your operating system, without going out of your way to install something, at which point you might as well just install software to validate standard Bitcoin addresses, or find a web site capable of the same, without bothering with a separate "check number".

Most desktop and server versions of Linux do include tools to calculate MD5 and SHA checksums, but if either side is using a Windows, Android, or iOS device then you're out of luck so far as a "standard" checksum is concerned. Even on Linux, manually calculating a checksum is less user-friendly (and more error-prone) than just pasting the address into a field on some Bitcoin address validation web site, and adds work for the sender rather than just the recipient.
legendary
Activity: 3472
Merit: 4801
so you want a checksum implementation that can be done . . .
Me??? No.  Take a look at this thread. I think you'll find that I was the very first person to explain to the OP that there is a checksum built in to the address.  I'm just trying to help people guess why the OP might want an additional checksum.  (See my previous guess at an imaginary scenario here.)

Without a client how are you going to compute the "external checksum"?
I don't run a client when I'm at work, but I can easily run:

Code:
echo "1bitcoinaddress" | my_favorite_checksum

So what was the problem again?
I have no idea, but I'm doing my best to be understanding and try to guess exactly what the OP's concern was.

Exactly. For any checksum to work, the sender would need software to generate the checksum, and the receiver would need software to validate it.
Which I think might be why the OP was requesting a "standard" checksum.  (meaning something he'd have available on most any computer even if a bitcoin client wasn't available)

A "mental checksum" is infeasable . . .
Clearly.  I don't think the OP ever said anything about a "mental checksum".

If the problem is really one of "typing" the address (rather than copying and pasting) then I'm guessing the point is *not* that you could end up sending to the wrong address but that you can't send BTC at all because you have mistyped the address (isn't this what the OP was trying to discuss?).

If so it would make some sense to have a CRC32 displayed somewhere so you can then use the standard crc32 tool (or something equivalent for Windoze) to be certain you didn't make a typo (although I have never typed in a full Bitcoin address myself - always copy and paste and check the first 4 after the 1 and the last four as others have mentioned).

And of course if you have Bitcoin running then you can immediately test whether the address is valid using it (so would seemingly only make sense if you did not have Bitcoin running but needed to record an address and *did* have CRC32 handy).
Exactly.  This is what I was getting at when I asked the OP if this scenario was what he was concerned about.

Wait so someone will have access to a CRC32 tool but not the Bitcoin client.
That appears to be the scenario the OP was asking about (as best as I can guess).

I mean someone would rather
1) Get an address but NOT use the client to validate it
2) Use CRC32 tool.  
3) Calculate the checksum.
4) Send the checksum back to the sender.  
5) Sender verifies.  Find out the checksum is wrong.  
6) Sender and/or receiver notices error.  
7) Recalculate checksum.  
Cool Resend checksum to sender.  Verifies ok.  
..... then .....
9) enter it into the bitcoin client  which (drumroll) VALIDATES IT BEFORE SENDING USING THE BUILT IN CHECKSUM. Smiley
If the OP isn't trolling, then apparently yes.

legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Wait so someone will have access to a CRC32 tool but not the Bitcoin client.

Of course I think such a situation would be a little strange but perhaps if you all you had was a smartphone, no internet access and you couldn't take a photo of the address because say you are getting it from someone who has called you from a landline *and* your smartphone does have the ability to display checksums via its File Manager or similar then it could make some sense.
legendary
Activity: 2058
Merit: 1452
Hell someone make "IsThisBitcoinAddressGood.Com?" with a simple javascript checksum validator so we can cross this non-existent problem off the list.
even better: a mobile app with OCR/QR support
donator
Activity: 1218
Merit: 1079
Gerald Davis
If the problem is really one of "typing" the address (rather than copying and pasting) then I'm guessing the point is *not* that you could end up sending to the wrong address but that you can't send BTC at all because you have mistyped the address (isn't this what the OP was trying to discuss?).

If so it would make some sense to have a CRC32 displayed somewhere so you can then use the standard crc32 tool (or something equivalent for Windoze) to be certain you didn't make a typo (although I have never typed in a full Bitcoin address myself - always copy and paste and check the first 4 after the 1 and the last four as others have mentioned).

Wait so someone will have access to a CRC32 tool but not the Bitcoin client.

I mean isn't the most common scenario:
Quote

you: send 100 BTC to 1DEoPhZz8JEePTZHSMB1KxYBEwYL5rp3e

[me entering into Bitcoin client] beep beep boop boop.
me:  Hey man that isn't a valid address.  I know because my handy dandy Bitcoin client (which has a better checksum than any dubious manual checksum scheme), says so.

you: oops I left the last digit off. It is 1DEoPhZz8JEePTZHSMB1KxYBEwYL5rp3eK

me: Gotcha.  100 BTC sent.  here is the tx id: ....

you: Good thing Satoshi was one smart dude and built a checksum right in otherwise I would have lost 100 BTC.


me: Yeah or to avoid that we would have had to do some dubious and error prone manual checksum which we send back and forth over IRC like a bunch of idiots.  Being manual and involving humans there is a good chance we would still frak it up.

you: Yup!


I mean someone would rather
1) Get an address but NOT use the client to validate it
2) Use CRC32 tool. 
3) Calculate the checksum. 
4) Send the checksum back to the sender.  
5) Sender verifies.  Find out the checksum is wrong.  
6) Sender and/or receiver notices error.  
7) Recalculate checksum.  
Cool Resend checksum to sender.  Verifies ok.  
..... then .....
9) enter it into the bitcoin client  which (drumroll) VALIDATES IT BEFORE SENDING USING THE BUILT IN CHECKSUM. Smiley
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
If the problem is really one of "typing" the address (rather than copying and pasting) then I'm guessing the point is *not* that you could end up sending to the wrong address but that you can't send BTC at all because you have mistyped the address (isn't this what the OP was trying to discuss?).

If so it would make some sense to have a CRC32 displayed somewhere so you can then use the standard crc32 tool (or something equivalent for Windoze) to be certain you didn't make a typo (although I have never typed in a full Bitcoin address myself - always copy and paste and check the first 4 after the 1 and the last four as others have mentioned).

And of course if you have Bitcoin running then you can immediately test whether the address is valid using it (so would seemingly only make sense if you did not have Bitcoin running but needed to record an address and *did* have CRC32 handy).
full member
Activity: 152
Merit: 100
Without entering it into a bitcoin client, can you tell me if I made I typo in the following address?
so you want a checksum implementation that can be done quickly using mental math (why else wouldn't you have access to a bitcoin client?), and can detect errors with a reasonable amount of certainty?

Exactly. For any checksum to work, the sender would need software to generate the checksum, and the receiver would need software to validate it. A "mental checksum" is infeasable for addresses of the necessary complexity to ensure security. You might as well use the Bitcoin client, or simplified special-purpose software which merely validates addresses, without any extra "check numbers".

Note that bitcoind even includes a "validateaddress" RPC command for just this purpose.
donator
Activity: 1218
Merit: 1079
Gerald Davis
1DEoPhZz8JEePTZHSMB1KxYBEwYL5rp3eK

If I've just given you this address to send me coins later, but you don't have access to a bitcoin client right now, how can we both be sure that I didn't make a typo when I entered the address here?

Without a client how are you going to compute the "external checksum"?

Still even if you didn't have access to the client if there is a typo then all but 1 in 2^32 times when you DO go to enter it into the Bitcoin client it will notify you that the address is invalid.

So what was the problem again?


Hell someone make "IsThisBitcoinAddressGood.Com?" with a simple javascript checksum validator so we can cross this non-existent problem off the list.
legendary
Activity: 2058
Merit: 1452
No, you don't get it.

Here . . .
Without entering it into a bitcoin client, can you tell me if I made I typo in the following address?

1DEoPhZz8JEePTZHSMB1KxYBEwYL5rp3eK

If I've just given you this address to send me coins later, but you don't have access to a bitcoin client right now, how can we both be sure that I didn't make a typo when I entered the address here?

Note: I can confirm that the last 4 characters definitely match the last 4 characters of the address that I intended to enter.  Does this mean that I typed the rest of the address correctly?
so you want a checksum implementation that can be done quickly using mental math (why else wouldn't you have access to a bitcoin client?), and can detect errors with a reasonable amount of certainty? pretty sure that's impossible because there are 40+ characters in a bitcoin address and a human's short term memory isn't long to even cover a forth of that, let alone any intermediate values.
legendary
Activity: 3472
Merit: 4801
. . . Specifically, closely check THE LAST FOUR CHARACTERS of the bitcoin address, there is your built-in checksum.

eg:
12YgtanvDic1y5ZcgW5wCrwwBzSWrSUgXE

I just eyeball the first 4-6 but closely check the last 4-6 ... and never had an issue, hope this helps yogi.

That won't help the OP.  As he has already explained that he is concerned that he might have made a typo in the other characters.  How is looking at the last 4 characters going to tell you if you made a typo elsewhere in the address?
you're not getting it, are you? . . .
No, you don't get it.

Here . . .
Without entering it into a bitcoin client, can you tell me if I made I typo in the following address?

1DEoPhZz8JEePTZHSMB1KxYBEwYL5rp3eK

If I've just given you this address to send me coins later, but you don't have access to a bitcoin client right now, how can we both be sure that I didn't make a typo when I entered the address here?

Note: I can confirm that the last 4 characters definitely match the last 4 characters of the address that I intended to enter.  Does this mean that I typed the rest of the address correctly?
legendary
Activity: 2058
Merit: 1452
. . . Specifically, closely check THE LAST FOUR CHARACTERS of the bitcoin address, there is your built-in checksum.

eg:
12YgtanvDic1y5ZcgW5wCrwwBzSWrSUgXE

I just eyeball the first 4-6 but closely check the last 4-6 ... and never had an issue, hope this helps yogi.

That won't help the OP.  As he has already explained that he is concerned that he might have made a typo in the other characters.  How is looking at the last 4 characters going to tell you if you made a typo elsewhere in the address?
you're not getting it, are you? if the last 4 characters match, there's a 99.999999976716935634613037109375% chance that there wasn't a typo in the rest of the address. what's the difference between an address that is 4 chars shorter + 4 char checksum and a standard address (with 4 char checksum built-in)? obviously, there's no point in adding a checksum for a checksum.

if the lack of a checksum really bothers you that much, simply split each address you see into two parts: with the last 4 being the "checksum" and the rest being the "address"
legendary
Activity: 1288
Merit: 1227
Away on an extended break
I do a cursory review over the first 4 characters after the 1, and the last 4 characters whenever I send or copy addresses. That's enough to prevent my coins from falling in wrong hands, unless the situation DannyHamilton outlined in the past page occurs.(and no coins would be lost in this case anyway, just a delay in receiving/sending the coins)
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
So, to simplify things even further...
IRC Chatlog, v2:

Me: Here's my address 31uEbMgunupShBVTewXjtqbBv5MndwfXhb

Other: check 31uEbMgunupShBVTewXjtqbBv5MndwfXhb

Me: *looks generally over the address, then specifically checks the last 4 characters* confirmed

That's all there is to this. Someone would have to specially go out of the way to bruteforce a typo that wouldn't be caught by doing this easy check.
And the check isn't even necessary since the address won't work in the Bitcoin client that "Other" is using unless it is valid in the first place.

We shouldn't assume that, this is a development thread not technical support.
Pages:
Jump to: