Comments (11)
64 bit is a massive improvement on the current system, and there are alot of libraries for dealing with 64 bit precision in javascript.
if disk size was the issue, they could be stored on disk as variable width encoded values.
from stellar-protocol.
"Bumping the destination tags up to 64-bit obviously makes this attack impossible."
Could you elaborate on this attack?
To prove ownership of an account, you suggest sending an amount of currency to an address with a unique destination tag from the address to be verified. If I understand correctly, you're proposing a brute force attack that would submit transactions to that address using all possible destination tags; thus, proving ownership of an address you do not control.
Even if you did succeed in guessing the unique destination tag, the transaction still would have originated from the attackers address and not the address for which they are trying to prove ownership. The only way this could falsely prove ownership is if the originating address wasn't checked to make sure it was the address needing verified.
I'm not against using another datatype, I just don't see an exploitable situation (related to a 32 bit int) in the attack you proposed. Additionally, I think using the private-key to sign something would be a much better way to verify an address, but that isn't relevant to your proposed scenario.
from stellar-protocol.
@NathanCVoss Well, it's an attack on a slightly different system, one where the payment itself is both proof of ownership and declaration of which address is owned. I'll grant you that it's unlikely that someone will set up their system like this in the first place, typically they'd require you to tell them the address and then pay them from that address. I admit I kind of ignored the difference there, and it does make that particular argument less compelling.
Additionally, I think using the private-key to sign something would be a much better way to verify an address
Agreed, but that requires client support.
from stellar-protocol.
Thanks for the clarification, and I definitely agree having the ability to easily sign something with your key is an important feature.
To your first point I also have a question. You suggest that someone may wish to use use a single address for incoming payments and could identify particular transactions via the destination tag instead.
In this scenario, wouldn't they have to supply the sender the destination tag to include in the transaction, and if so, would it not be just as easy to supply them a unique address instead?
from stellar-protocol.
@NathanCVoss No. Stellar is not like Bitcoin, you can't just create new addresses willy-nilly. Specifically, every address needs to hold a 50STR reserve, which means creating a new address for each sender costs you 50STR.
from stellar-protocol.
@kballard That is something I had forgotten. If this field must be used as an alternative to multiple addresses then the data type should indeed be changed. If these address constrains were removed, I would consider it far less of a concern.
from stellar-protocol.
I agree that the destination tag should be extended to 64 bits. It would drastically reduce the amount of destination tag number collisions so that they can't be guessed easily (2^32 or ~4 billion times harder to guess). Useful for many applications since so many essential ones on the Stellar system use destination tags.
Why workarounds aren't effective
If an application wanted to increase the space of available destination tags they can use, they can create more accounts but that would only increase their space linearly based on the amount of accounts they create. Increasing the destination tag limit would increase their dt space by ~4 billion without any stellard consumer (e.g. gateways and Stellar services) workarounds.
Disk size
One counter argument would be that it would increase ledger bloat by 4byte per transaction. Paypal says that they process 9.3 million payments everyday (source) meaning that it would add 37.2MB per day and 13GB a year from this increase in destination tag size alone. However, looking 10 years into the future, >10TB hard drives will become common.
Computational performance cost
As for the performance cost, changing a 4 byte int to a 8 byte int would hardly affect computational performance. It would only require more disk space and marginally larger disk io's.
from stellar-protocol.
- Payments.
You don't need to have one unique destination tag for each individual payment. You just need one unique destination tag for the payments that are due right now. After a payment is settled, you can safely reuse tags.
- Proving ownership is most probably better done using some other mechanism.
We have signing already, so why not just sign a message with your private key?
from stellar-protocol.
-
only works if you're expecting the payment already. If you need to be able to receive payments associated with an account on an ongoing basis the. You can't re-use the tag.
-
sure, signing a message is better for actually proving ownership, but there may still be a Know Your Customer concern with receiving payments at potentially-guessable addresses.
from stellar-protocol.
this is done now. The memo you can attach to transactions is much more flexible
from stellar-protocol.
بالتأكيد انا هنا لاساعدكم انا اسمي هيثم مطور شبكة بلوكشين ومصدر الرموزات المميزة كونو مطمئنين دعونا نتعاون معأ لدي الملكية الفكرية في جميع البروتوكولات التي قمت بزيراتها لذالك دعونا نحط يدا علا يد ونمضي قدما
from stellar-protocol.
Related Issues (20)
- CAP-0052 - provide a way to retrieve the return value of an on-chain contract call HOT 3
- SEP-9: add proof_of_liveness field HOT 1
- Transfer SEPs: add optional `refund_account` attribute to transaction initiation requests HOT 2
- SEPs (6, 12, 24, 31): Update callback header from `X-Stellar-Signature` to `Signature` HOT 4
- SEP-9: define a generalized account identifier format HOT 4
- SEP-9: add `bank_account_type` field HOT 2
- SEP-6: /deposit and /withdraw IDs should map to list of transactions rather than a single transaction HOT 22
- SEP-24: make `account` for deposit request optional to match withdraw request
- Add SEP for Soroban token interface HOT 1
- Nice
- SEP-7: thoughts on using "web+stellar://" instead of "web+stellar:"? HOT 1
- SEP-6: standardize structured off-chain deposit instructions for users HOT 1
- SEP-6: Providing deposit instructions asynchronously
- security HOT 1
- SEP-24: Layered fee structure HOT 1
- SEP-24: Configure fees by payment method HOT 1
- SEP-9: support `organization.referrer`
- Add deviation parameter instead of pure uniform periods HOT 8
- Support for `memo` field in SEP-9 Financial Account Fields
- Prettier SEP CI workflow failing suddenly HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stellar-protocol.