2

I need to sign a message on behalf of the owner and allow the user to deliver my signed message to the contract. I read the metamask documentation, sample signatures, and many different source code examples. https://metamask.github.io/metamask-docs/API_Reference/Signing_Data/Personal_Sign

Eth Sign Signatures are not secure. And I don’t need such complex signatures as Sign Typed Data V3. But is it safe to use Personal_Sign? My key can't be stolen? Is it difficult to forge this signature?

Mishell Trickster
  • 25
  • 3

1 Answers1

4

The security concern around eth_sign is not that the signature could be forged or the key be stolen, but rather a malicious website could trick a user into signing a message that is actually a valid transaction, and use it to steal ether or tokens.

personal_sign prefixes the message, preventing it from being a valid transaction. Because of this, it is safer for users.

shanet
  • 166
  • 2