Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XSXwH-0007uR-W7 for bitcoin-development@lists.sourceforge.net; Fri, 12 Sep 2014 20:59:30 +0000 Received: from prei.vps.van-cuijk.nl ([79.170.90.37]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1XSXwG-0006rG-Io for bitcoin-development@lists.sourceforge.net; Fri, 12 Sep 2014 20:59:29 +0000 Received: from [192.168.1.9] (ip161-117-174-82.adsl2.static.versatel.nl [82.174.117.161]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mo_mark) by prei.vps.van-cuijk.nl (Postfix) with ESMTPSA id B857441BBC for ; Fri, 12 Sep 2014 22:59:21 +0200 (CEST) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Mark van Cuijk In-Reply-To: Date: Fri, 12 Sep 2014 22:59:19 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <06D9FBBD-30DB-4591-A932-B5A19F1D6543@coinqy.com> References: To: bitcoin-development@lists.sourceforge.net X-Mailer: Apple Mail (2.1878.6) X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. X-Headers-End: 1XSXwG-0006rG-Io Subject: Re: [Bitcoin-development] BIP72 amendment proposal X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Sep 2014 20:59:30 -0000 On 12 Sep 2014, at 20:43 , = bitcoin-development-request@lists.sourceforge.net wrote: > Specifically relevant here: > = http://security.stackexchange.com/questions/34796/truncating-the-output-of= -sha256-to-128-bits. >=20 > If you're going to truncate though, why not just leave the amount of > bits up the the person generating the QR code? The client simply takes > the hash prefix (any length up to full 256-bits) and makes sure it's a > strict prefix of the actual hash of the payment request. If you do so, please make sure the length of the hash is included in the = PaymentDetails/PaymentRequest. If someone parses the URI and doesn=92t = have an authenticated way of knowing the expected length of the hash, a = MITM attacker can just truncate the hash to lower security. /Mark=