1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
Return-Path: <steven.charles.davis@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 2A4DE415
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 26 Feb 2017 07:16:40 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-it0-f66.google.com (mail-it0-f66.google.com
[209.85.214.66])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DFDFCAD
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 26 Feb 2017 07:16:39 +0000 (UTC)
Received: by mail-it0-f66.google.com with SMTP id w185so8509558ita.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 25 Feb 2017 23:16:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:message-id:mime-version:subject:date:in-reply-to:cc:to
:references; bh=4GfnSlmj5USPdOpb2YhLlJ++BCYO/GvHLj1xZjZxD54=;
b=VN6cndI7jrLkQeTrZA7Tu6j5d+6/7cS3H8RnacUT504HtKxXd8RUVPjoP1PT4BC6md
iSpZAu17dMWbeC1+LLuvCfzM4rMNhJ/geNPX7R82R2hB2Kd64PzkkO8tHVBhR+2xNszr
Ixy0o9Y5aW8117/152MVjbTX2KSQ6oJNndNttgHLMFcZ1I3GmwOwBmZPMYr2Uw434kEM
xTLt8k5FypZi8VMSr7HZrR+fk25QYYcgHrToMXg5hBHtwb8S2CNQGkHVXY4pWLUZhm0f
YMWDSUZr3df8Cn1qmmDhC/z8IOH+JJHVulIo+nUrOZHDZ8V5ke1Afb64aDtA3IEE+KtC
LANg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:message-id:mime-version:subject:date
:in-reply-to:cc:to:references;
bh=4GfnSlmj5USPdOpb2YhLlJ++BCYO/GvHLj1xZjZxD54=;
b=UAAN2MOsfoPLmyNfjL72EGpfaq31OfPyK2zOU6/NGc+iaLvZz2qB9NP1ewxt6PO0fU
E/Rn/woPxpj3nv52CMYIClMzOHCL79ozK8FKap6rCKPTgJCFNj3ih/MmH/UuEBmXgy8Q
C9mQe4JHBvoR+SBBzmsyCW3sX8uKhLFcy9c8bRI+t1/0VL1CKpsjJqyMIx2KbUG3TxaV
KXc5sVMpEom1N9/1tX8ax2SGOxsRC/sw29buv6dB+lfsu5bmDNEfqGO17pZ/yxaBgdJc
u//zkpY3j6KkISz4Lji/TiAIvDroflIH/MDl7ZEx4e4CC/2OqfkpzTtidARPLpqOgxuQ
/wvg==
X-Gm-Message-State: AMke39ndDAjwJVppmxNETk7TeavvI7wdv4uIbTNOV4M5rCy8iOq1DKKYocZyveBzP8R0UQ==
X-Received: by 10.36.20.216 with SMTP id 207mr9763323itg.61.1488093399352;
Sat, 25 Feb 2017 23:16:39 -0800 (PST)
Received: from [10.0.1.42] (71-81-80-204.dhcp.stls.mo.charter.com.
[71.81.80.204]) by smtp.gmail.com with ESMTPSA id
h91sm3096201ioi.24.2017.02.25.23.16.38
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sat, 25 Feb 2017 23:16:38 -0800 (PST)
From: Steve Davis <steven.charles.davis@gmail.com>
Message-Id: <C3BDCE95-6DA6-44E4-AFB8-14F9B84ABC02@gmail.com>
Content-Type: multipart/alternative;
boundary="Apple-Mail=_93CEB2E1-BA4D-4A19-B2D2-99031BBEA5A2"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Sun, 26 Feb 2017 01:16:37 -0600
In-Reply-To: <CAPg+sBgndv+Q-MGhz6Th9A3xhtqouz6D9AENqRusnCz_m+2O2g@mail.gmail.com>
To: Pieter Wuille <pieter.wuille@gmail.com>
References: <8F096BE1-D305-43D4-AF10-2CC48837B14F@gmail.com>
<20170225010122.GA10233@savin.petertodd.org>
<208F93FE-B7C8-46BE-8E00-52DBD0F43415@gmail.com>
<CAN6UTayzQRowtWhLKr8LyFuXjw3m+GjQGtHfkDj-Xu41Hym32w@mail.gmail.com>
<CAEM=y+WkgSkc07ZsU6APAkcu37zVZ7dwSc=jAg1nho31S5ZyxQ@mail.gmail.com>
<20170225191201.GA15472@savin.petertodd.org>
<CAMZUoK=sq_sRoXuySca-VAGwA3AzeoZ5iNFSnKULbj+NtPjHFA@mail.gmail.com>
<20170225210406.GA16196@savin.petertodd.org>
<CAGLBAhdCb+QLWRm4FWkPvaM2sU24HuafdgNiS=wgnPTGzrW05w@mail.gmail.com>
<4FE38F6A-0560-4989-9C53-7F8C94EA4C76@gmail.com>
<20170225214018.GA16524@savin.petertodd.org>
<D36DB0BD-C805-4346-B425-77D5B29582E5@gmail.com>
<CAPg+sBhZ1UqOLqz_PVjjrE8Cbte_Y160Gq7P7EWf6cRKjMcDEQ@mail.gmail.com>
<4F6C2972-A320-429A-BD13-623B01F390A3@gmail.com>
<CAPg+sBgndv+Q-MGhz6Th9A3xhtqouz6D9AENqRusnCz_m+2O2g@mail.gmail.com>
X-Mailer: Apple Mail (2.3259)
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE,
RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Sun, 26 Feb 2017 07:49:12 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by
third-parties, not just repo maintainers
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Feb 2017 07:16:40 -0000
--Apple-Mail=_93CEB2E1-BA4D-4A19-B2D2-99031BBEA5A2
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
> On Feb 26, 2017, at 12:36 AM, Pieter Wuille <pieter.wuille@gmail.com> =
wrote:
>=20
> The 80-bit collision attack only applies to jointly constructed =
addresses like multisig P2SH, not single-key ones.
That=E2=80=99s the part I=E2=80=99m less convinced about, and why I =
asked the original question re SHA1 vs RIPEMD.=20
I=E2=80=99m checking my own numbers (and as you=E2=80=99ll appreciate =
it=E2=80=99s a powers of ten thing), but I do see a vector. Which would =
mean that if RIPEMD were weakened in any way, single-key transactions =
could suddenly become badly exposed.
--Apple-Mail=_93CEB2E1-BA4D-4A19-B2D2-99031BBEA5A2
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Feb 26, 2017, at 12:36 AM, Pieter Wuille <<a =
href=3D"mailto:pieter.wuille@gmail.com" =
class=3D"">pieter.wuille@gmail.com</a>> wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><span =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" class=3D"">The 80-bit collision attack only applies to =
jointly constructed addresses like multisig P2SH, not single-key =
ones.</span></div></blockquote></div><br class=3D""><div =
class=3D"">That=E2=80=99s the part I=E2=80=99m less convinced about, and =
why I asked the original question re SHA1 vs RIPEMD. </div><div =
class=3D""><br class=3D""></div><div class=3D"">I=E2=80=99m checking my =
own numbers (and as you=E2=80=99ll appreciate it=E2=80=99s a powers of =
ten thing), but I do see a vector. Which would mean that if RIPEMD were =
weakened in any way, single-key transactions could suddenly become badly =
exposed.</div><div class=3D""><br class=3D""></div></body></html>=
--Apple-Mail=_93CEB2E1-BA4D-4A19-B2D2-99031BBEA5A2--
|