public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Leandro Coutinho <lescoutinhovr@gmail•com>
To: Steve Davis <steven.charles.davis@gmail•com>,
	 Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers
Date: Sat, 25 Feb 2017 11:50:30 -0300	[thread overview]
Message-ID: <CAN6UTayzQRowtWhLKr8LyFuXjw3m+GjQGtHfkDj-Xu41Hym32w@mail.gmail.com> (raw)
In-Reply-To: <208F93FE-B7C8-46BE-8E00-52DBD0F43415@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1846 bytes --]

Google recommeds "migrate to safer cryptographic hashes such as SHA-256 and
SHA-3"
It does not mention RIPEMD-160

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html?m=1


Em 25/02/2017 10:47, "Steve Davis via bitcoin-dev" <
bitcoin-dev@lists•linuxfoundation.org> escreveu:


> On Feb 24, 2017, at 7:01 PM, Peter Todd <pete@petertodd•org> wrote:
>
> On Fri, Feb 24, 2017 at 05:49:36PM -0600, Steve Davis via bitcoin-dev
wrote:
>> If the 20 byte SHA1 is now considered insecure (with good reason), what
about RIPEMD-160 which is the foundation of Bitcoin addresses?
>
> SHA1 is insecure because the SHA1 algorithm is insecure, not because
160bits isn't enough.
>
> AFAIK there aren't any known weaknesses in RIPEMD160,

…so far. I wonder how long that vacation will last?

> but it also hasn't been
> as closely studied as more common hash algorithms.

...but we can be sure that it will be, since the dollar value held in
existing utxos continues to increase...

> That said, Bitcoin uses
> RIPEMD160(SHA256(msg)), which may make creating collisions harder if an
attack
> is found than if it used RIPEMD160 alone.

Does that offer any greater protection? That’s not so clear to me as the
outputs (at least for p2pkh) only verify the public key against the final
20 byte hash. Specifically, in the first (notional) case the challenge
would be to find a private key that has a public key that hashes to the
final hash. In the second (realistic) case, you merely need to add the
sha256 hash into the problem, which doesn’t seem to me to increase the
difficulty by any significant amount?


/s
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists•linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[-- Attachment #2: Type: text/html, Size: 2956 bytes --]

  reply	other threads:[~2017-02-25 14:50 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <mailman.22137.1487974823.31141.bitcoin-dev@lists.linuxfoundation.org>
2017-02-24 23:49 ` Steve Davis
2017-02-25  1:01   ` Peter Todd
2017-02-25 12:04     ` Steve Davis
2017-02-25 14:50       ` Leandro Coutinho [this message]
2017-02-25 16:10         ` Ethan Heilman
2017-02-25 17:45           ` Shin'ichiro Matsuo
2017-02-27  9:15             ` Henning Kopp
2017-02-25 18:19           ` Alice Wonder
2017-02-25 18:36             ` Ethan Heilman
2017-02-25 19:12           ` Peter Todd
2017-02-25 20:42             ` Watson Ladd
2017-02-25 20:57               ` Peter Todd
2017-02-25 20:53             ` Russell O'Connor
2017-02-25 21:04               ` Peter Todd
2017-02-25 21:21                 ` Dave Scotese
2017-02-25 21:34                   ` Steve Davis
2017-02-25 21:40                     ` Peter Todd
2017-02-25 21:54                       ` Steve Davis
2017-02-25 22:14                         ` Pieter Wuille
2017-02-25 22:34                           ` Ethan Heilman
2017-02-26  6:26                           ` Steve Davis
2017-02-26  6:36                             ` Pieter Wuille
2017-02-26  7:16                               ` Steve Davis
     [not found]                                 ` <CAPg+sBirowtHqUT5GUJf9hmDEACKVX19HAon-rrz7GmO8OBsNg@mail.gmail.com>
2017-02-26 16:53                                   ` Steve Davis
2017-02-25 23:09                       ` Leandro Coutinho
2017-02-23 18:14 Peter Todd
2017-02-23 21:28 ` Peter Todd
2017-02-23 23:57   ` Aymeric Vitte
2017-02-24 10:04     ` Tim Ruffing
2017-02-24 15:18       ` Aymeric Vitte
2017-02-24 16:30         ` Tim Ruffing
2017-02-24 17:29           ` Aymeric Vitte

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAN6UTayzQRowtWhLKr8LyFuXjw3m+GjQGtHfkDj-Xu41Hym32w@mail.gmail.com \
    --to=lescoutinhovr@gmail$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=steven.charles.davis@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox