Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 9C2C8CBC for ; Fri, 8 Jan 2016 01:00:45 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-lf0-f46.google.com (mail-lf0-f46.google.com [209.85.215.46]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 04D1711F for ; Fri, 8 Jan 2016 01:00:44 +0000 (UTC) Received: by mail-lf0-f46.google.com with SMTP id m198so19007017lfm.0 for ; Thu, 07 Jan 2016 17:00:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=SesBJZCpbb6c9OKVwayIr6l/3YWRpLXhX4nEJcDpNWg=; b=jCBJlEXH1CyPBAisBYVETCdfcrzaOMW3/wFVirSw6d+0aVkEg27J8y6n6dF5KUNIUg /wXMcmjO+TTTmKanrOBUIqyQvaqyNtM+CBqX5LI3df/aADbjrOZsBLBrvt1SgH+AXn1u VjY1ckUeVxdWUwsDJSXxHnwiFXKcsRIbHURsZBRnr+E/Xte5v/mMOLguFkjIn8f9NCFY kzA3vpux+vp/hroXym43dBb4cBpzS3MCObPuO2sKASHMIud/0vf697p4ubZAm7w/58hh hNZ32RlvdoYVYxXyYgqbMPXNxMjVJU6lZpby5fF83axSFuJb0urtIqJ4HVfaN5mfAwsS Xf6Q== MIME-Version: 1.0 X-Received: by 10.25.134.130 with SMTP id i124mr29417174lfd.63.1452214843006; Thu, 07 Jan 2016 17:00:43 -0800 (PST) Received: by 10.25.25.78 with HTTP; Thu, 7 Jan 2016 17:00:42 -0800 (PST) In-Reply-To: References: Date: Thu, 7 Jan 2016 20:00:42 -0500 Message-ID: From: Gavin Andresen To: Pieter Wuille Content-Type: multipart/alternative; boundary=001a113fb2e8daec5c0528c81d45 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 08 Jan 2016 01:21:59 +0000 Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] Time to worry about 80-bit collision attacks or not? X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2016 01:00:45 -0000 --001a113fb2e8daec5c0528c81d45 Content-Type: text/plain; charset=UTF-8 On Thu, Jan 7, 2016 at 6:52 PM, Pieter Wuille wrote: > Bitcoin does have parts that rely on economic arguments for security or > privacy, but can we please stick to using cryptography that is up to par > for parts where we can? It's a small constant factor of data, and it > categorically removes the worry about security levels. > Our message may have crossed in the mod queue: "So can we quantify the incremental increase in security of SHA256(SHA256) over RIPEMD160(SHA256) versus the incremental increase in security of having a simpler implementation of segwitness?" I believe the history of computer security is that implementation errors and sidechannel attacks are much, much more common than brute-force breaks. KEEP IT SIMPLE. (and a quibble: "do a 80-bit search for B and C such that H(A and B) = H(B and C)" isn't enough, you have to end up with a C public key for which you know the corresponding private key or the attacker just succeeds in burning the funds) -- -- Gavin Andresen --001a113fb2e8daec5c0528c81d45 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


--001a113fb2e8daec5c0528c81d45--