1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <drak@zikula.org>) id 1WK2Yx-0000Bv-L9
for bitcoin-development@lists.sourceforge.net;
Sun, 02 Mar 2014 09:19:59 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of zikula.org
designates 74.125.82.169 as permitted sender)
client-ip=74.125.82.169; envelope-from=drak@zikula.org;
helo=mail-we0-f169.google.com;
Received: from mail-we0-f169.google.com ([74.125.82.169])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WK2Yw-00078i-9w
for bitcoin-development@lists.sourceforge.net;
Sun, 02 Mar 2014 09:19:59 +0000
Received: by mail-we0-f169.google.com with SMTP id w62so156807wes.14
for <bitcoin-development@lists.sourceforge.net>;
Sun, 02 Mar 2014 01:19:52 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:cc:content-type;
bh=19HjnkaD+f6hAO2B0xinpV2d/A59v7t8ywJ01nMkyaA=;
b=WAbWi4X9fcOuGnhZxhJxNtRUpSdggiVVNtw+6MHWM4cAgog6ZKfEueK/PZnBf6nx34
MMm8Zgs2sSaMlSCH8ke7K1orG7o7Y1ct/CUecss1N4m18FkCzLBaPW4tM5JX8WO40hCF
NlNGNxLfv7TQrI/abTaV4AZ+QqKEC9m7mH5JBbVSAnXIjX0ELsfcRbK2mwRdiFmwP3fH
kRx+gfE8GTz8U9fu7unz8IjRZDwkfxKumFFHzPjBQlXmEZHXw11KIus0AYdTfwD3IW4r
r0q2buGuDNEGSgYiVjLiW2cHaLFlLGA+6VPu0iSINe+UV60d+ul+SfnpYsSFXf+Sreyx
mnMA==
X-Gm-Message-State: ALoCoQlS3keHOoQWRb+jfY6fWyi0844CpqNAp0vGxQf+CyB77AGtHvdqtrZ5dgvBw5xoMegH2d/I
MIME-Version: 1.0
X-Received: by 10.194.84.144 with SMTP id z16mr10162805wjy.23.1393750361352;
Sun, 02 Mar 2014 00:52:41 -0800 (PST)
Received: by 10.194.205.69 with HTTP; Sun, 2 Mar 2014 00:52:41 -0800 (PST)
Received: by 10.194.205.69 with HTTP; Sun, 2 Mar 2014 00:52:41 -0800 (PST)
In-Reply-To: <CANEZrP22SF4bD2pA3MyNmAojUmtZ20r=eL2Lgt=Fa4ZJyG=5SA@mail.gmail.com>
References: <op.xb05iptvyldrnw@laptop-air> <op.xb2352ezyldrnw@laptop-air>
<CANEZrP22SF4bD2pA3MyNmAojUmtZ20r=eL2Lgt=Fa4ZJyG=5SA@mail.gmail.com>
Date: Sun, 2 Mar 2014 08:52:41 +0000
Message-ID: <CANAnSg1fwkzXebbCMEf6XeGD0SG+ny=vKW-2nC_40yhkn1LVkg@mail.gmail.com>
From: Drak <drak@zikula.org>
To: Mike Hearn <mike@plan99.net>
Content-Type: multipart/alternative; boundary=089e0102ddae31c3ff04f39bcbeb
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1WK2Yw-00078i-9w
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol Hash Comments
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2014 09:19:59 -0000
--089e0102ddae31c3ff04f39bcbeb
Content-Type: text/plain; charset=UTF-8
Not true, PHP does support sha2
http://php.net/manual/en/mhash.constants.php
http://php.net/manual/en/function.hash-algos.php#refsect1-function.hash-algos-examples
On 2 Mar 2014 08:44, "Mike Hearn" <mike@plan99.net> wrote:
> SHA-1 support is there for PHP developers. Apparently it can't do SHA-2.
> On 2 Mar 2014 08:53, "Jeremy Spilman" <jeremy@taplink.co> wrote:
>
>> From BIP70:
>>
>> If pki_type is "x509+sha256", then the Payment message is hashed using
>> the
>> SHA256 algorithm to produce the message digest that is signed. If
>> pki_type
>> is "x509+sha1", then the SHA1 algorithm is used.
>>
>> A couple minor comments;
>>
>> - I think it meant to say the field to be hashed is 'PaymentRequest' not
>> 'Payment' message -- probably got renamed at some point and this is an old
>> reference calling it by its original name.
>>
>> - Could be a bit more explicit about the hashing, e.g. 'copy the
>> PaymentRequest, set the signature field to the empty string, serialize to
>> a byte[] and hash.
>>
>> - SHA1 is retiring, any particular reason to even have it in there at
>> all?
>>
>> - Should there any way for the end-user to see details like the pki_type
>> and the certificate chain, like browser do?
>>
>>
>> Thanks,
>> Jeremy
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Flow-based real-time traffic analytics software. Cisco certified tool.
>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>> Customize your own dashboards, set traffic alerts and generate reports.
>> Network behavioral analysis & security monitoring. All-in-one tool.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
> ------------------------------------------------------------------------------
> Flow-based real-time traffic analytics software. Cisco certified tool.
> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
> Customize your own dashboards, set traffic alerts and generate reports.
> Network behavioral analysis & security monitoring. All-in-one tool.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--089e0102ddae31c3ff04f39bcbeb
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<p dir=3D"ltr">Not true, PHP does support sha2</p>
<p dir=3D"ltr"><a href=3D"http://php.net/manual/en/mhash.constants.php">htt=
p://php.net/manual/en/mhash.constants.php</a><br>
<a href=3D"http://php.net/manual/en/function.hash-algos.php#refsect1-functi=
on.hash-algos-examples">http://php.net/manual/en/function.hash-algos.php#re=
fsect1-function.hash-algos-examples</a></p>
<div class=3D"gmail_quote">On 2 Mar 2014 08:44, "Mike Hearn" <=
<a href=3D"mailto:mike@plan99.net">mike@plan99.net</a>> wrote:<br type=
=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir=3D"ltr">SHA-1 support is there for PHP developers. Apparently it can=
't do SHA-2.</p>
<div class=3D"gmail_quote">On 2 Mar 2014 08:53, "Jeremy Spilman" =
<<a href=3D"mailto:jeremy@taplink.co" target=3D"_blank">jeremy@taplink.c=
o</a>> wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
=C2=A0From BIP70:<br>
<br>
=C2=A0 =C2=A0If pki_type is "x509+sha256", then the Payment messa=
ge is hashed using<br>
the<br>
=C2=A0 =C2=A0SHA256 algorithm to produce the message digest that is signed.=
If<br>
pki_type<br>
=C2=A0 =C2=A0is "x509+sha1", then the SHA1 algorithm is used.<br>
<br>
A couple minor comments;<br>
<br>
=C2=A0 - I think it meant to say the field to be hashed is 'PaymentRequ=
est' not<br>
'Payment' message -- probably got renamed at some point and this is=
an old<br>
reference calling it by its original name.<br>
<br>
=C2=A0 - Could be a bit more explicit about the hashing, e.g. 'copy the=
<br>
PaymentRequest, set the signature field to the empty string, serialize to<b=
r>
a byte[] and hash.<br>
<br>
=C2=A0 - SHA1 is retiring, any particular reason to even have it in there a=
t all?<br>
<br>
=C2=A0 - Should there any way for the end-user to see details like the pki_=
type<br>
and the certificate chain, like browser do?<br>
<br>
<br>
Thanks,<br>
Jeremy<br>
<br>
<br>
---------------------------------------------------------------------------=
---<br>
Flow-based real-time traffic analytics software. Cisco certified tool.<br>
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer<br>
Customize your own dashboards, set traffic alerts and generate reports.<br>
Network behavioral analysis & security monitoring. All-in-one tool.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D126839071&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla=
nk">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div>
<br>-----------------------------------------------------------------------=
-------<br>
Flow-based real-time traffic analytics software. Cisco certified tool.<br>
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer<br>
Customize your own dashboards, set traffic alerts and generate reports.<br>
Network behavioral analysis & security monitoring. All-in-one tool.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D126839071&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk</a><br>__________________=
_____________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div>
--089e0102ddae31c3ff04f39bcbeb--
|