Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 87B84486 for ; Sat, 25 Feb 2017 23:09:21 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f47.google.com (mail-wm0-f47.google.com [74.125.82.47]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 9327A164 for ; Sat, 25 Feb 2017 23:09:20 +0000 (UTC) Received: by mail-wm0-f47.google.com with SMTP id v186so38051698wmd.0 for ; Sat, 25 Feb 2017 15:09:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lRvxQ4nI8KAQMD3iL/N1bOehMYMPKZFUh5POBfEVras=; b=gn29psLQJrd8j4LFlo/3km8bPy6CbgotJGTFn8CDooA9GztN4NbFEbfpndUh7jSDjd ++dasJZ82uvbGG7DsD/fROFbFNRYZbWSYsRPJ2R7HNcA3Iu4wtKTq57Qdvc17WjbF/Zd A1CGT3XzYeV+oz5xRfik9PKYLTh1/rKPfVpCt7OPCm1iULdbreW9OlQ5jMk/tCyXgYs2 qk1zsuq0ScltmODoIZFeog6+ENMNTZxJ0IuFqIrNyB0vtumiCKHSkFmpEi6w5ckiiYJQ 9QF3IJ5/DnwZkTEwwaqdWkbIlorCVdExBs0GTL/xCl5GY8s+Myt7NbbwMUq/Z9Zeap8w mSxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lRvxQ4nI8KAQMD3iL/N1bOehMYMPKZFUh5POBfEVras=; b=T6YEGzYkpG8YM6fQzHCFPXdE4Hzq+8BV+DTkYYJeyqJ6lW4YJEPC6WyI1moPVmjJjS 8koWcv9t8fyg66aAksPGvYFjjlK0Txvb7KIyr3OmmEmyN9Sl+n5VhkI62cS+D4ey9+SG CKELAN2Kif3wNXRn6Wye5mvl8upxxyH+XS6FUPqiwPF3feRwoFiItxnlasIWGWkHn/O+ yXbEgSnN9XXEUnfyez0QchlEmUJ382vxvHLa4aYpx/ouNzDrxYBLHBsLKmxwwDnywHKk ZPOeS/jqRu7uGvLD15rH7VsIx0vJ28IEwS0VANBamk0CId9BQF/T09X76TBXK8BrBqsz pfxg== X-Gm-Message-State: AMke39n94wW/HRpzBrcMRKikNqGbO7WUHmcDnMARMrCE9u0sqthpq4J/TaqzPzYpohQWq3faVZmr/g4CwAOaOw== X-Received: by 10.28.103.69 with SMTP id b66mr7920498wmc.73.1488064159258; Sat, 25 Feb 2017 15:09:19 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.50.3 with HTTP; Sat, 25 Feb 2017 15:09:18 -0800 (PST) In-Reply-To: <20170225214018.GA16524@savin.petertodd.org> References: <8F096BE1-D305-43D4-AF10-2CC48837B14F@gmail.com> <20170225010122.GA10233@savin.petertodd.org> <208F93FE-B7C8-46BE-8E00-52DBD0F43415@gmail.com> <20170225191201.GA15472@savin.petertodd.org> <20170225210406.GA16196@savin.petertodd.org> <4FE38F6A-0560-4989-9C53-7F8C94EA4C76@gmail.com> <20170225214018.GA16524@savin.petertodd.org> From: Leandro Coutinho Date: Sat, 25 Feb 2017 20:09:18 -0300 Message-ID: To: Peter Todd , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary=001a114b2d389da151054962ef48 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,LOTS_OF_MONEY, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Sat, 25 Feb 2017 23:16:51 +0000 Cc: Steve Davis Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2017 23:09:21 -0000 --001a114b2d389da151054962ef48 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable If people split their bitcoins in multiple addresses, then maybe there would be no need to worry(?), because the computational cost would be higher than what the attacker would get. From Google: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.htm= l *Here are some numbers that give a sense of how large scale this computation was: * - *Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total* - *6,500 years of CPU computation to complete the attack first phase* - *110 years of GPU computation to complete the second phase* https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html Richest address: 124,178 BTC ($142,853,079 USD) On Sat, Feb 25, 2017 at 6:40 PM, Peter Todd via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > On Sat, Feb 25, 2017 at 03:34:33PM -0600, Steve Davis wrote: > > Yea, well. I don=E2=80=99t think it is ethical to post instructions wit= hout an > associated remediation (BIP) if you don=E2=80=99t see the potential attac= k. > > I can't agree with you at all there: we're still at the point where the > computational costs of such attacks limit their real-world impact, which = is > exactly when you want the *maximum* exposure to what they are and what th= e > risks are, so that people develop mitigations. > > Keeping details secret tends to keep the attacks out of public view, whic= h > might be a good trade-off in a situation where the attacks are immediatel= y > practical and the need to deploy a fix is well understood. But we're in t= he > exact opposite situation. > > > I was rather hoping that we could have a fuller discussion of what the > best practical response would be to such an issue? > > Deploying segwit's 256-bit digests is a response that's already fully > coded and > ready to deploy, with the one exception of a new address format. That > address > format is being actively worked on, and could be deployed relatively > quickly if > needed. > > -- > https://petertodd.org 'peter'[:-1]@petertodd.org > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > --001a114b2d389da151054962ef48 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
If people split their bitcoins in multiple addre= sses, then maybe there would be no need to worry(?), because the computatio= nal cost would be higher than what the attacker would get.


https://security.googleblog.com/2017/02/anno= uncing-first-sha1-collision.html

Here are some numbers that give a sense of how large scale this computa= tion was:
  • Nine quintillion (9,223,372= ,036,854,775,808) SHA1 computations in total
  • 6,500 years of = CPU computation to complete the attack first phase
  • 110 years= of GPU computation to complete the second phase

https= ://bitinfocharts.com/top-100-richest-bitcoin-addresses.html
Ri= chest address: 124,178 BTC ($142,853,079 USD)



On Sat, Feb 25, 2017 a= t 6:40 PM, Peter Todd via bitcoin-dev <bitcoin-dev@lis= ts.linuxfoundation.org> wrote:
On Sat, Feb 25, 2017 at 03:34:33PM -0600, Steve Davis = wrote:
> Yea, well. I don=E2=80=99t think it is ethical to post instructions wi= thout an associated remediation (BIP) if you don=E2=80=99t see the potentia= l attack.

I can't agree with you at all there: we're still at the poin= t where the
computational costs of such attacks limit their real-world impact, which is=
exactly when you want the *maximum* exposure to what they are and what the<= br> risks are, so that people develop mitigations.

Keeping details secret tends to keep the attacks out of public view, which<= br> might be a good trade-off in a situation where the attacks are immediately<= br> practical and the need to deploy a fix is well understood. But we're in= the
exact opposite situation.

> I was rather hoping that we could have a fuller discussion of what the= best practical response would be to such an issue?

Deploying segwit's 256-bit digests is a response that's alre= ady fully coded and
ready to deploy, with the one exception of a new address format. That addre= ss
format is being actively worked on, and could be deployed relatively quickl= y if
needed.

--
http= s://petertodd.org 'peter'[:-1]@petertodd.org

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev


--001a114b2d389da151054962ef48--