OsirisScanOsirisScan
Security

Verifying a mirror

The two-part check that proves a node is genuine.

Verifying a node is two checks that together close the phishing hole. Neither takes more than a few seconds.

The signed pool

Osiris publishes its nodes with a PGP signature. Verifying it proves the addresses came from the market and nobody edited them. Import the market key once from two independent places, cross-check the fingerprint, and check the list against it. See verifying a PGP signature.

The captcha check

The genuine login prints the market's own address into the captcha. Compare it against the address in your bar. Match means genuine, mismatch means clone. Run this every session, because a bookmark can go stale between rotations.