summaryrefslogtreecommitdiff
path: root/48/558cf074becb36f48d793dc03c6b4ddb21111a
blob: db080f777096f78d73e2529ae411a6341a1d35f8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
Return-Path: <ZmnSCPxj@protonmail.com>
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id AFA94C0176
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 24 May 2020 00:52:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by fraxinus.osuosl.org (Postfix) with ESMTP id 9E7B586B82
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 24 May 2020 00:52:25 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 6-FSzjJVloTi
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 24 May 2020 00:52:24 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-40140.protonmail.ch (mail-40140.protonmail.ch
 [185.70.40.140])
 by fraxinus.osuosl.org (Postfix) with ESMTPS id D238486288
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 24 May 2020 00:52:23 +0000 (UTC)
Date: Sun, 24 May 2020 00:52:13 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1590281540;
 bh=qKZXh3IhsYb8HSgvPC5oNt34fw4VvU87VkM9zXmBMxo=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=DXoy0uhoYAyMAfc+wE/nwzL4qZ/bAbMRE/DIE60NDktPS9rN8wT72RI1JvmkAeF4D
 TKX45TYLTKrqVw73Q87CYKD8h3H7eImOow+PYGFJHkUDZg3Mij1KHqEgd+iHLseH9G
 56jVC6kZ9HcX4wtncrOPehRx0hXREdlxJT+pbG8M=
To: Greg Sanders <gsanders87@gmail.com>,
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Reply-To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Message-ID: <Ptq11JJF3B5h2X94dQdis8lFf7PSm_Hg9F2uITk4MhGcXULr3eiuF3GF71fEVZpcsNZ_s_nrRCXcUmxthQQq4vPQERQpUbCNYErVA9yuNNc=@protonmail.com>
In-Reply-To: <CAB3F3DtCgdWOPpTdr-cMcnRO1RE2isEAavGZSOTvtSi-0_x64w@mail.gmail.com>
References: <aa916637-befa-795a-caa1-e5ad50ce63c8@electrum.org>
 <CAB3F3DuGi_Uc0cf5eGvE9ej2d1RS8CVkf7xGBjR4uRf8jAmQhA@mail.gmail.com>
 <CAB3F3DtCgdWOPpTdr-cMcnRO1RE2isEAavGZSOTvtSi-0_x64w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [bitcoin-dev] MIN_STANDARD_TX_NONWITNESS_SIZE and OP_RETURN
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2020 00:52:25 -0000

Good morning Thomas,

> So I think the question to ask would be "why can't we just make sure it's=
 not 64?"

If we accept a 60-byte tx, then SHA-256 will pad it to 64 bytes, and it may=
 still be possible to mount CVE-2017-12842 attack with 32-bits of work.
Of course some other details will be changed from the standard SHA-256 in m=
ounting this attack, but from my poor understanding it seems safer to just =
avoid the area around length 64.

It *might* be safe to accept 65-byte or larger (but do not believe me, I on=
ly play a cryptographer on the Internet), but that does not help your speci=
fic application, which uses 60 byte tx.

Regards,
ZmnSCPxj

>
> On Sat, May 23, 2020 at 11:24 AM Greg Sanders <gsanders87@gmail.com> wrot=
e:
>
> > AFAIU the number was picked to protect against=C2=A0CVE-2017-12842 cove=
rtly. See:=C2=A0https://github.com/bitcoin/bitcoin/pull/16885=C2=A0which up=
dated the text to explicitly mention this fact.
> >
> > On Sat, May 23, 2020 at 11:20 AM Thomas Voegtlin via bitcoin-dev <bitco=
in-dev@lists.linuxfoundation.org> wrote:
> >
> > > Hello list,
> > >
> > > I have been trying to CPFP a transaction using OP_RETURN, because the
> > > remaining output value would have been lower than the dust threshold.
> > >
> > > The scriptPubkey of the output was OP_RETURN + OP_0, and there was a
> > > single p2wsh input.
> > >
> > > The result is a 60 bytes transaction (without witness), that gets
> > > rejected because it is lower than MIN_STANDARD_TX_NONWITNESS_SIZE, wh=
ich
> > > is equal to 82 bytes.
> > >
> > > Why is that value so high? Would it make sense to lower it to 60?
> > >
> > > Thomas
> > > _______________________________________________
> > > bitcoin-dev mailing list
> > > bitcoin-dev@lists.linuxfoundation.org
> > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev