Closed stl1988 closed 1 year ago
jb55
commented
1 year ago damus implemented bech32 originally and breaking everything didn't seem worth it. I don't think the "serious checksum flaw" is as serious as having two different npub formats for the same pubkey.
stl1988
commented
1 year ago I was wrong with the checksum error. It's a insertion/deletion weakness. https://github.com/sipa/bech32/issues/51 If the last char in a bech32 string is a 'p', you can add multiple 'q's without making the checksum invalid. That was fixed with bech32m.
fiatjaf
commented
1 year ago It isn't worth changing. Lightning is using bech32 for invoices and no one seems to care too.
melvincarvalho
commented
1 month ago Why dont we just start ingoring the checksum. bech32 checksums are really hard to implement e.g. for IoT. hex pubkey is always canonical, anyway. is the checksum actually ever used anywhere? do people type in their npubs key by key, no. is it used in qr codes or something?
The old bech32 as specified in BIP-0173 has a serious checksum flaw, so I can't understand the decision to explicitly not use bech32m (BIP-0350).