You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Status app displays a short version of the key of each user next to their display name, but most keys start with the zQ3sh prefix (courtesy of the used multiformats standard), which leaves just 3 characters at the end of the key to distinguish each user.
Consider using a different way to display the shortened key or dropping this feature altogether as it has limited usefulness (it's probably quite easy to forge a key matching the 3-character suffix of another user that you are trying to impersonate).
The text was updated successfully, but these errors were encountered:
@iurimatias I think you've brought this up before. @zah we were considering dropping the multiformat prefix. Downside then is that you give away more of the actual bytes as less of the key data is then elided. Maybe that's not that big of a deal. Something to revisit for sure /cc @John-44
@zah@0x-r4bbit@iurimatias the way we deal with this issue in the new Status designs is that we are supposed to display only the first 3 characters of the user's chat key (which are always the same), and then after the ellipsis we display the last 6 characters of the compressed key (which are always different). See example below from the current mobile designs:
Although this change is in all the new mobile designs, and the Status Desktop 2.0 designs, it hasn't been brought back into the legacy Status Desktop 1.0 designs. But I don't see any reason why we shouldn't implement this change in Status Desktop right now.
I've highlighted a similar issue with #93 where the key formatting is not interoperable with virtually the entire rest of the ethereum ecosystem - using a non-standard address like this is confusing, even if there are some limited benefits for the QR code (which indeed could use an alternative encoding)
The Status app displays a short version of the key of each user next to their display name, but most keys start with the
zQ3sh
prefix (courtesy of the used multiformats standard), which leaves just 3 characters at the end of the key to distinguish each user.Consider using a different way to display the shortened key or dropping this feature altogether as it has limited usefulness (it's probably quite easy to forge a key matching the 3-character suffix of another user that you are trying to impersonate).
The text was updated successfully, but these errors were encountered: