QuoteI dont think that this verification letter is a good idea, but you could store a hash of the shipping address and if you ship the real product, you could just check the hash of the shipping address with the hash of the verification letter address. So you dont have to store any addresses.Indeed, I got to that conclusion later in the thread in this message: http://dkn255hz262ypmii.onion/index.php?topic=177984.msg1289248#msg1289248Only difference is I put in the step of encrypting the address first, so even if they somehow crack the HMAC salt they would have to run that on the address encrypted from one of my other keys which they don't have the public key for.For some people it doesn't matter if there's one step or five hundred, they think it's a bad idea regardless.