Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WK2Yx-0000Bv-L9 for bitcoin-development@lists.sourceforge.net; Sun, 02 Mar 2014 09:19:59 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of zikula.org designates 74.125.82.169 as permitted sender) client-ip=74.125.82.169; envelope-from=drak@zikula.org; helo=mail-we0-f169.google.com; Received: from mail-we0-f169.google.com ([74.125.82.169]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WK2Yw-00078i-9w for bitcoin-development@lists.sourceforge.net; Sun, 02 Mar 2014 09:19:59 +0000 Received: by mail-we0-f169.google.com with SMTP id w62so156807wes.14 for ; Sun, 02 Mar 2014 01:19:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=19HjnkaD+f6hAO2B0xinpV2d/A59v7t8ywJ01nMkyaA=; b=WAbWi4X9fcOuGnhZxhJxNtRUpSdggiVVNtw+6MHWM4cAgog6ZKfEueK/PZnBf6nx34 MMm8Zgs2sSaMlSCH8ke7K1orG7o7Y1ct/CUecss1N4m18FkCzLBaPW4tM5JX8WO40hCF NlNGNxLfv7TQrI/abTaV4AZ+QqKEC9m7mH5JBbVSAnXIjX0ELsfcRbK2mwRdiFmwP3fH kRx+gfE8GTz8U9fu7unz8IjRZDwkfxKumFFHzPjBQlXmEZHXw11KIus0AYdTfwD3IW4r r0q2buGuDNEGSgYiVjLiW2cHaLFlLGA+6VPu0iSINe+UV60d+ul+SfnpYsSFXf+Sreyx mnMA== X-Gm-Message-State: ALoCoQlS3keHOoQWRb+jfY6fWyi0844CpqNAp0vGxQf+CyB77AGtHvdqtrZ5dgvBw5xoMegH2d/I MIME-Version: 1.0 X-Received: by 10.194.84.144 with SMTP id z16mr10162805wjy.23.1393750361352; Sun, 02 Mar 2014 00:52:41 -0800 (PST) Received: by 10.194.205.69 with HTTP; Sun, 2 Mar 2014 00:52:41 -0800 (PST) Received: by 10.194.205.69 with HTTP; Sun, 2 Mar 2014 00:52:41 -0800 (PST) In-Reply-To: References: Date: Sun, 2 Mar 2014 08:52:41 +0000 Message-ID: From: Drak To: Mike Hearn Content-Type: multipart/alternative; boundary=089e0102ddae31c3ff04f39bcbeb X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1WK2Yw-00078i-9w Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Payment Protocol Hash Comments X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Mar 2014 09:19:59 -0000 --089e0102ddae31c3ff04f39bcbeb Content-Type: text/plain; charset=UTF-8 Not true, PHP does support sha2 http://php.net/manual/en/mhash.constants.php http://php.net/manual/en/function.hash-algos.php#refsect1-function.hash-algos-examples On 2 Mar 2014 08:44, "Mike Hearn" wrote: > SHA-1 support is there for PHP developers. Apparently it can't do SHA-2. > On 2 Mar 2014 08:53, "Jeremy Spilman" wrote: > >> From BIP70: >> >> If pki_type is "x509+sha256", then the Payment message is hashed using >> the >> SHA256 algorithm to produce the message digest that is signed. If >> pki_type >> is "x509+sha1", then the SHA1 algorithm is used. >> >> A couple minor comments; >> >> - I think it meant to say the field to be hashed is 'PaymentRequest' not >> 'Payment' message -- probably got renamed at some point and this is an old >> reference calling it by its original name. >> >> - Could be a bit more explicit about the hashing, e.g. 'copy the >> PaymentRequest, set the signature field to the empty string, serialize to >> a byte[] and hash. >> >> - SHA1 is retiring, any particular reason to even have it in there at >> all? >> >> - Should there any way for the end-user to see details like the pki_type >> and the certificate chain, like browser do? >> >> >> Thanks, >> Jeremy >> >> >> >> ------------------------------------------------------------------------------ >> Flow-based real-time traffic analytics software. Cisco certified tool. >> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer >> Customize your own dashboards, set traffic alerts and generate reports. >> Network behavioral analysis & security monitoring. All-in-one tool. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --089e0102ddae31c3ff04f39bcbeb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Not true, PHP does support sha2

htt= p://php.net/manual/en/mhash.constants.php
http://php.net/manual/en/function.hash-algos.php#re= fsect1-function.hash-algos-examples

On 2 Mar 2014 08:44, "Mike Hearn" <= mike@plan99.net> wrote:

SHA-1 support is there for PHP developers. Apparently it can= 't do SHA-2.

On 2 Mar 2014 08:53, "Jeremy Spilman" = <jeremy@taplink.c= o> wrote:
=C2=A0From BIP70:

=C2=A0 =C2=A0If pki_type is "x509+sha256", then the Payment messa= ge is hashed using
the
=C2=A0 =C2=A0SHA256 algorithm to produce the message digest that is signed.= If
pki_type
=C2=A0 =C2=A0is "x509+sha1", then the SHA1 algorithm is used.

A couple minor comments;

=C2=A0 - I think it meant to say the field to be hashed is 'PaymentRequ= est' not
'Payment' message -- probably got renamed at some point and this is= an old
reference calling it by its original name.

=C2=A0 - Could be a bit more explicit about the hashing, e.g. 'copy the=
PaymentRequest, set the signature field to the empty string, serialize to a byte[] and hash.

=C2=A0 - SHA1 is retiring, any particular reason to even have it in there a= t all?

=C2=A0 - Should there any way for the end-user to see details like the pki_= type
and the certificate chain, like browser do?


Thanks,
Jeremy


---------------------------------------------------------------------------= ---
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

-----------------------------------------------------------------------= -------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk
__________________= _____________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--089e0102ddae31c3ff04f39bcbeb--