18:25:06 <br-m> <torir:matrix.org> How many keys does a 346 address have? > <tevador> Would a 346-character Jamtis address be acceptable?
18:31:15 <tevador> 5 public keys + address tag
18:32:08 <br-m> <torir:matrix.org> My concern with Jamtis is about look-alike address attacks. With 346-char addresses, manually comparing two addresses to see if they are the same is going to be difficult. Since Jamtis addresses contain multiple keys, attacker can modify only parts of the address while keeping the rest the same. Imagine a malware application t [... too long, see https://mrelay.p2pool.observer/e/heyOscIKMFg5aTNn ]
18:32:08 <br-m> <torir:matrix.org> I'm aware that wallets can compute and display a recipient identifier (RID) which is easy for human comparison, but I'm not convinced this adequately protects against attacks. It is very likely that an address posted online will omit the RID. I think in addition to the RID, addresses should be hardened with a cryptographic che [... too long, see https://mrelay.p2pool.observer/e/heyOscIKMFg5aTNn ]
18:34:54 <br-m> <torir:matrix.org> Ideally Jamtis addresses are encrypted in some manner that makes it so that minor changes create a visually very different address. That would work too.
18:34:59 <DataHoarder> this checksum could be bruteforced regardless
18:35:38 <br-m> <torir:matrix.org> If the checksum included the same number of bytes as the RID, it would be in theory just as difficult to brute-force, right?
18:35:57 <br-m> <torir:matrix.org> (Okay, that would be a very large checksum)
18:36:33 <DataHoarder> you can also bruteforce just initial bytes :)
18:36:38 <tevador> We could prepend a ~20 character checksum at the beginning of the address.
18:37:12 <tevador> That would take 2^100 hashes to bruteforce.
18:38:50 <br-m> <torir:matrix.org> There is a trade-off here. Real-world malware has done the simple trick of including a large list of addresses and selecting the closest one visually to the user-copied address. At a certain point, a longer checksum doesn't protect against "eyeball" attacks if users simply aren't comparing enough of the addresses. My main conc [... too long, see https://mrelay.p2pool.observer/e/97CnscIKZk5fWFJ3 ]
18:39:33 <tevador> Yes, people would need to check at least those 20 chars. Actually 26 chars because the address starts with "xmr1am".
18:40:17 <tevador> xmra1m*
18:41:49 <br-m> <torir:matrix.org> https://mrelay.p2pool.observer/m/matrix.org/LOTqeplSMIQcttYHhRajASdl.png (clipboard.png)
18:41:53 <br-m> <torir:matrix.org> 20 chars is the amount that Feather Wallet shows when confirming a transaction. That seems acceptable.
18:44:21 <tevador> So then add 20 to the Address column in Table 4: https://github.com/monero-project/research-lab/issues/151