diff options
| author | Peter Todd <pete@petertodd.org> | 2017-02-24 20:01:22 -0500 |
|---|---|---|
| committer | bitcoindev <bitcoindev@gnusha.org> | 2017-02-25 01:01:28 +0000 |
| commit | 2830387a153dd2d69d0eba8b3258be38de437f9c (patch) | |
| tree | 95ae501659b12279c964ed7b4f6bec3a2d28e77b /c0 | |
| parent | fe72203c4b7dfca8a2cb388e9b2de357fe4f7840 (diff) | |
| download | pi-bitcoindev-2830387a153dd2d69d0eba8b3258be38de437f9c.tar.gz pi-bitcoindev-2830387a153dd2d69d0eba8b3258be38de437f9c.zip | |
Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers
Diffstat (limited to 'c0')
| -rw-r--r-- | c0/38cef15344746d6cd5beab3584aa6e77d5416e | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/c0/38cef15344746d6cd5beab3584aa6e77d5416e b/c0/38cef15344746d6cd5beab3584aa6e77d5416e new file mode 100644 index 000000000..ac3c94cd0 --- /dev/null +++ b/c0/38cef15344746d6cd5beab3584aa6e77d5416e @@ -0,0 +1,112 @@ +Return-Path: <pete@petertodd.org> +Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org + [172.17.192.35]) + by mail.linuxfoundation.org (Postfix) with ESMTPS id B5DF9B75 + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 25 Feb 2017 01:01:28 +0000 (UTC) +X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 +Received: from outmail148101.authsmtp.com (outmail148101.authsmtp.com + [62.13.148.101]) + by smtp1.linuxfoundation.org (Postfix) with ESMTP id DC6DE214 + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 25 Feb 2017 01:01:27 +0000 (UTC) +Received: from mail-c247.authsmtp.com (mail-c247.authsmtp.com [62.13.128.247]) + by punt22.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v1P11P9H069059; + Sat, 25 Feb 2017 01:01:25 GMT +Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com + [52.5.185.120]) (authenticated bits=0) + by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v1P11NKk027969 + (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); + Sat, 25 Feb 2017 01:01:24 GMT +Received: from [127.0.0.1] (localhost [127.0.0.1]) + by petertodd.org (Postfix) with ESMTPSA id 6D3A140095; + Sat, 25 Feb 2017 01:01:23 +0000 (UTC) +Received: by localhost (Postfix, from userid 1000) + id C700B204AB; Fri, 24 Feb 2017 20:01:22 -0500 (EST) +Date: Fri, 24 Feb 2017 20:01:22 -0500 +From: Peter Todd <pete@petertodd.org> +To: Steve Davis <steven.charles.davis@gmail.com>, + Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> +Message-ID: <20170225010122.GA10233@savin.petertodd.org> +References: <mailman.22137.1487974823.31141.bitcoin-dev@lists.linuxfoundation.org> + <8F096BE1-D305-43D4-AF10-2CC48837B14F@gmail.com> +MIME-Version: 1.0 +Content-Type: multipart/signed; micalg=pgp-sha256; + protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1" +Content-Disposition: inline +In-Reply-To: <8F096BE1-D305-43D4-AF10-2CC48837B14F@gmail.com> +User-Agent: Mutt/1.5.23 (2014-03-12) +X-Server-Quench: ee1754e2-faf5-11e6-bcdf-0015176ca198 +X-AuthReport-Spam: If SPAM / abuse - report it at: + http://www.authsmtp.com/abuse +X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR + aAdMdAcUHlAWAgsB AmEbW1VeUFx7W2c7 bghPaBtcak9QXgdq + T0pMXVMcUgQIAB1/ fUUeUB57cQwIfHl5 bQg3C3FcWUAvd1sr + ExhRCGwHMGF9OjNL Bl1YdwJRcQRMLU5E Y1gxNiYHcQ5VPz4z + GA41ejw8IwAXEwR8 G0kGKlYWQF0KGTgn DxULHjhnMkwZDzsu + KxorMFcWGEtZLkJ6 OEc9UFETKFcYG28W A0FMGiMcP1AbWysm + FkcSW0kCWD9AWjsU GBAwJVdNCz1URiNZ AkZfUHkA +X-Authentic-SMTP: 61633532353630.1038:706 +X-AuthFastPath: 0 (Was 255) +X-AuthSMTP-Origin: 52.5.185.120/25 +X-AuthVirus-Status: No virus detected - but ensure you scan with your own + anti-virus system. +X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW + autolearn=ham version=3.3.1 +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + smtp1.linux-foundation.org +Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by + third-parties, not just repo maintainers +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.12 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Sat, 25 Feb 2017 01:01:28 -0000 + + +--n8g4imXOkfNTN/H1 +Content-Type: text/plain; charset=us-ascii +Content-Disposition: inline +Content-Transfer-Encoding: quoted-printable + +On Fri, Feb 24, 2017 at 05:49:36PM -0600, Steve Davis via bitcoin-dev wrote: +> If the 20 byte SHA1 is now considered insecure (with good reason), what a= +bout RIPEMD-160 which is the foundation of Bitcoin addresses? + +SHA1 is insecure because the SHA1 algorithm is insecure, not because 160bit= +s isn't enough. + +AFAIK there aren't any known weaknesses in RIPEMD160, but it also hasn't be= +en +as closely studied as more common hash algorithms. That said, Bitcoin uses +RIPEMD160(SHA256(msg)), which may make creating collisions harder if an att= +ack +is found than if it used RIPEMD160 alone. + +--=20 +https://petertodd.org 'peter'[:-1]@petertodd.org + +--n8g4imXOkfNTN/H1 +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: Digital signature + +-----BEGIN PGP SIGNATURE----- + +iQEcBAEBCAAGBQJYsNdfAAoJECSBQD2l8JH7YfYH/26iUVVHRARYVqtFpT54I+gM +Qg/Cab5J+z3QZvZpIiTepnbsGlBC+UsLEfN2kT+fyqVjhj0DFW0V7dPpYq6du7rv +P0ZS4GlM8Ov86TerNJhm3WGW1d5aQeAE/Idw06kDLYfheXYAQIFZPFE0tMIOFsdQ +3aiujTY0gGINXV1gVXrQJAGT38Y9tr3sOvE6ozFlKRA5Ul+y/1yyAx7DWMmBCgYo +ebV3jB6GZzEXUZ7kmnxvdlBlBr08sfxtQVqC9Im4cZ0KXtEWC9HZz0/0voBuq4+4 +QDRXux4aD9Nz5bgHtYuRslYL6IAVHcDMdj+lvHEx9caxGmVMyARqd78e0ZlGOc8= +=6tmE +-----END PGP SIGNATURE----- + +--n8g4imXOkfNTN/H1-- + |