Closed stl1988 closed 1 year ago
damus implemented bech32 originally and breaking everything didn't seem worth it. I don't think the "serious checksum flaw" is as serious as having two different npub formats for the same pubkey.
I was wrong with the checksum error. It's a insertion/deletion weakness. https://github.com/sipa/bech32/issues/51 If the last char in a bech32 string is a 'p', you can add multiple 'q's without making the checksum invalid. That was fixed with bech32m.
It isn't worth changing. Lightning is using bech32 for invoices and no one seems to care too.
Why dont we just start ingoring the checksum. bech32 checksums are really hard to implement e.g. for IoT. hex pubkey is always canonical, anyway. is the checksum actually ever used anywhere? do people type in their npubs key by key, no. is it used in qr codes or something?
The old bech32 as specified in BIP-0173 has a serious checksum flaw, so I can't understand the decision to explicitly not use bech32m (BIP-0350).