1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
Return-Path: <lescoutinhovr@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 240CD4A3
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 25 Feb 2017 14:50:34 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f41.google.com (mail-wm0-f41.google.com [74.125.82.41])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 7FECCA1
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 25 Feb 2017 14:50:32 +0000 (UTC)
Received: by mail-wm0-f41.google.com with SMTP id 196so12522285wmm.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 25 Feb 2017 06:50:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=z5zkQMMBMARnYKztLpWoka2wcN+MBjKiDjWcRcmr7QM=;
b=NDxv498rXCW2Qyixtl+uWfObnJkR/P02zUZ07+IY+sGTYFmL7LYDoLRh9uWXWhD9sy
Atn/K12C9JgbAG39rezknZmRF1YLsdYjE2NYt1xGaeRO/UfAagh7u8NebnjrveaL5LDD
A206BYP9IKvMvx8BSu6KGq+qsTsqDu9ZayJMxKbpuW5kEIFGIdTjveI/7xQQp0vaZnLm
fTH7DIeXIUenWg+OVZcRbuc9weskqia4jHubyrRY5sSTdNqDQb1XRAknMo24ZTcWFD5A
xKQUVGyXIWhAOlM1Y8jnw1QIvQPQLdXnpuSfw1buVVY8L+ZeqB2zfJY3tsxEG0IndXGY
znIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=z5zkQMMBMARnYKztLpWoka2wcN+MBjKiDjWcRcmr7QM=;
b=kYboIMvgo8URstG/TZFj/mlxAQAWL1ydCtw8Fni9CH6R55pGNI4F32ebuXl3sMCt2m
H9eImpSjo3q7Vs3itb1meFGnW6UPenmFyNu1RdJDmZwWYfeytSMS0EmQzohNon0ho1lw
fPuL36l4ZdmCdEpaoYZ9r1Bl6PVPSicukF/7glPeHShEgHBn5gHTMB7QeSxyew95T0Ks
kHMPcvP0Bw8/84hsrawCFw4TfaTncdc4W4Pz1G9U1jK8/bLX+ehZX61zWP8ajrsfazqy
OwisTcXx3EvyOK94Far8G/UscoFKvE4odzqSKJe11/8PlJauheIXZ7HzzyRmy+cS/GXa
Lfxg==
X-Gm-Message-State: AMke39mBP4FPMGJvGOxY0WeG2Z44N9oA20RhssWfMuCLa4LNtyteskh8Kc4kmW7KcnhZjmjx9HOEOZ/J2IeDuw==
X-Received: by 10.28.135.82 with SMTP id j79mr6645469wmd.19.1488034231188;
Sat, 25 Feb 2017 06:50:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.28.50.3 with HTTP; Sat, 25 Feb 2017 06:50:30 -0800 (PST)
Received: by 10.28.50.3 with HTTP; Sat, 25 Feb 2017 06:50:30 -0800 (PST)
In-Reply-To: <208F93FE-B7C8-46BE-8E00-52DBD0F43415@gmail.com>
References: <mailman.22137.1487974823.31141.bitcoin-dev@lists.linuxfoundation.org>
<8F096BE1-D305-43D4-AF10-2CC48837B14F@gmail.com>
<20170225010122.GA10233@savin.petertodd.org>
<208F93FE-B7C8-46BE-8E00-52DBD0F43415@gmail.com>
From: Leandro Coutinho <lescoutinhovr@gmail.com>
Date: Sat, 25 Feb 2017 11:50:30 -0300
Message-ID: <CAN6UTayzQRowtWhLKr8LyFuXjw3m+GjQGtHfkDj-Xu41Hym32w@mail.gmail.com>
To: Steve Davis <steven.charles.davis@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary=001a11443f82c385e105495bf732
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE,
RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Sat, 25 Feb 2017 15:01:39 +0000
Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by
third-parties, not just repo maintainers
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Feb 2017 14:50:34 -0000
--001a11443f82c385e105495bf732
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Google recommeds "migrate to safer cryptographic hashes such as SHA-256 and
SHA-3"
It does not mention RIPEMD-160
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.htm=
l?m=3D1
Em 25/02/2017 10:47, "Steve Davis via bitcoin-dev" <
bitcoin-dev@lists.linuxfoundation.org> escreveu:
> On Feb 24, 2017, at 7:01 PM, Peter Todd <pete@petertodd.org> wrote:
>
> On Fri, Feb 24, 2017 at 05:49:36PM -0600, Steve Davis via bitcoin-dev
wrote:
>> If the 20 byte SHA1 is now considered insecure (with good reason), what
about RIPEMD-160 which is the foundation of Bitcoin addresses?
>
> SHA1 is insecure because the SHA1 algorithm is insecure, not because
160bits isn't enough.
>
> AFAIK there aren't any known weaknesses in RIPEMD160,
=E2=80=A6so far. I wonder how long that vacation will last?
> but it also hasn't been
> as closely studied as more common hash algorithms.
...but we can be sure that it will be, since the dollar value held in
existing utxos continues to increase...
> That said, Bitcoin uses
> RIPEMD160(SHA256(msg)), which may make creating collisions harder if an
attack
> is found than if it used RIPEMD160 alone.
Does that offer any greater protection? That=E2=80=99s not so clear to me a=
s the
outputs (at least for p2pkh) only verify the public key against the final
20 byte hash. Specifically, in the first (notional) case the challenge
would be to find a private key that has a public key that hashes to the
final hash. In the second (realistic) case, you merely need to add the
sha256 hash into the problem, which doesn=E2=80=99t seem to me to increase =
the
difficulty by any significant amount?
/s
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--001a11443f82c385e105495bf732
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto"><div>Google recommeds "migrate to safer cryptographi=
c hashes such as SHA-256 and SHA-3"<div dir=3D"auto">It does not menti=
on=C2=A0<span style=3D"font-family:sans-serif">RIPEMD-160</span></div><div =
dir=3D"auto"><span style=3D"font-family:sans-serif"><br></span></div><div d=
ir=3D"auto"><font face=3D"sans-serif"><a href=3D"https://security.googleblo=
g.com/2017/02/announcing-first-sha1-collision.html?m=3D1">https://security.=
googleblog.com/2017/02/announcing-first-sha1-collision.html?m=3D1</a></font=
></div><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">Em 25/=
02/2017 10:47, "Steve Davis via bitcoin-dev" <<a href=3D"mailt=
o:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.=
org</a>> escreveu:<br type=3D"attribution"><blockquote class=3D"quote" s=
tyle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div=
class=3D"quoted-text"><br>
> On Feb 24, 2017, at 7:01 PM, Peter Todd <<a href=3D"mailto:pete@pet=
ertodd.org">pete@petertodd.org</a>> wrote:<br>
><br>
> On Fri, Feb 24, 2017 at 05:49:36PM -0600, Steve Davis via bitcoin-dev =
wrote:<br>
>> If the 20 byte SHA1 is now considered insecure (with good reason),=
what about RIPEMD-160 which is the foundation of Bitcoin addresses?<br>
><br>
> SHA1 is insecure because the SHA1 algorithm is insecure, not because 1=
60bits isn't enough.<br>
><br>
> AFAIK there aren't any known weaknesses in RIPEMD160,<br>
<br>
</div>=E2=80=A6so far. I wonder how long that vacation will last?<br>
<div class=3D"quoted-text"><br>
> but it also hasn't been<br>
> as closely studied as more common hash algorithms.<br>
<br>
</div>...but we can be sure that it will be, since the dollar value held in=
existing utxos continues to increase...<br>
<div class=3D"quoted-text"><br>
> That said, Bitcoin uses<br>
> RIPEMD160(SHA256(msg)), which may make creating collisions harder if a=
n attack<br>
> is found than if it used RIPEMD160 alone.<br>
<br>
</div>Does that offer any greater protection? That=E2=80=99s not so clear t=
o me as the outputs (at least for p2pkh) only verify the public key against=
the final 20 byte hash. Specifically, in the first (notional) case the cha=
llenge would be to find a private key that has a public key that hashes to =
the final hash. In the second (realistic) case, you merely need to add the =
sha256 hash into the problem, which doesn=E2=80=99t seem to me to increase =
the difficulty by any significant amount?<br>
<br>
<br>
/s<br>
<div class=3D"elided-text">______________________________<wbr>_____________=
____<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
</div></blockquote></div><br></div></div></div>
--001a11443f82c385e105495bf732--
|