How handles de NameReg Contract Uppercase and Lowercase? I don´t want give chances for phissing

ioiioi SevillaMember Posts: 9
Does namereg allow uppercase I and lowercase?

If that's the case, then Namereg for 'VitaIik' and 'VitaIik' just g0t pwn3d, one of those is uppercase and other lowercase, anyone using standard fonts on mac osx is going to lose a lot of money from phissing addresses.

If the embedded contract accept Uppercase and Lowercase. I wouldn't like to see scams.

By the way, Ethereum address are always lowercase https://etherchain.org/statistics/olympic isn´t?

About the name reg, Mine is uppercase https://etherchain.org/account/jorge , jeff is lowercase https://etherchain.org/account/jeff

Comments

  • chrisethchriseth Member Posts: 170 ✭✭✭
    The problem you state is one of the dangers of Frontier.
    The namereg uses plain binary, assumed to be the UTF-8 encoding of a Unicode string.
    In theory, it is possible to check that the registered name is actually ASCII in lowercase inside the contract, but that would waste resources and users would not be able to register non-ASCII names that are perfectly distinguishable from the other ASCII characters.
    A sustainable solution would be to detect "dangerous" things like cyrillic characters mixed with latin characters or non-break-spaces and display them in different colours in the frontend.
  • StephanTualStephanTual London, EnglandMember, Moderator Posts: 1,282 mod
    @chriseth is spot on as usual, I'll just add that from a design decision point of view, case sensitivity shouldn't be handled at consensus level. Instead, think of a JS api for the namereg that would use web3.eth, something along the lines of web3.namereg, and that in turn would be leveraged at the dapp-level.

    TL;DR: Don't use the 'world computer' to do case checking :)
  • mikmik Member Posts: 57 ✭✭
    I can't register anyway! Is the wiki outdated? What actually is the exact code to do this? I tried:
    registrar.reserve.sendTransaction("name", {from:primary})
    as well as:
    registrar.reserve.sendTransaction("name", {from: eth.accounts[1]});
    The most I got back is the error
    Exceeds block gas limit
    ...
    What am I doing wrong?
  • casscass Distributed Member Posts: 18
    edited August 2015
    maybe this ?

    https://forum.ethereum.org/discussion/comment/10694/#Comment_10694

    ‘thawing’ phase — the period during which the gas limit per block will be set very low to allow the network to grow slowly before transactions can take place
  • mikmik Member Posts: 57 ✭✭
  • tym4ttym4t Nagata-ku, Kobe-shi, Hyogo-ken, JapanMember Posts: 71 ✭✭✭
    chriseth said:

    The problem you state is one of the dangers of Frontier.
    The namereg uses plain binary, assumed to be the UTF-8 encoding of a Unicode string.
    In theory, it is possible to check that the registered name is actually ASCII in lowercase inside the contract, but that would waste resources and users would not be able to register non-ASCII names that are perfectly distinguishable from the other ASCII characters.
    A sustainable solution would be to detect "dangerous" things like cyrillic characters mixed with latin characters or non-break-spaces and display them in different colours in the frontend.

    How about ÐApps just using sha3 of the names and storing the sha3 instead of the ascii? It's difficult to force clients to use a single font. Web browsers (and by extension webkit, chromium) will degrade to system fonts if it can't find the right font.
  • chrisethchriseth Member Posts: 170 ✭✭✭
    I did not suggest to use a font to achieve that but rather a javascript library, perhaps even provided by web3. Of course, there could be dapps which to not adhere to this standard, but then again, there could be dapps that just steal your money right away.
  • StephanTualStephanTual London, EnglandMember, Moderator Posts: 1,282 mod
    BTW the code (in progress) for the registrar can be found here: https://github.com/ethereum/dapp-bin/tree/master/registrar

    Feel free to comment on this thread!
Sign In or Register to comment.