Return-Path: <alice@librelamp.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id B623D414
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 25 Feb 2017 18:28:02 +0000 (UTC)
X-Greylist: delayed 00:08:49 by SQLgrey-1.7.6
Received: from librelamp.com (librelamp.com [45.79.96.192])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 54881176
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 25 Feb 2017 18:28:02 +0000 (UTC)
Received: from localhost.localdomain (68-189-44-253.dhcp.rdng.ca.charter.com
	[68.189.44.253]) by librelamp.com (Postfix) with ESMTPSA id 7E43F822
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 25 Feb 2017 18:19:12 +0000 (UTC)
To: bitcoin-dev@lists.linuxfoundation.org
References: <mailman.22137.1487974823.31141.bitcoin-dev@lists.linuxfoundation.org>
	<8F096BE1-D305-43D4-AF10-2CC48837B14F@gmail.com>
	<20170225010122.GA10233@savin.petertodd.org>
	<208F93FE-B7C8-46BE-8E00-52DBD0F43415@gmail.com>
	<CAN6UTayzQRowtWhLKr8LyFuXjw3m+GjQGtHfkDj-Xu41Hym32w@mail.gmail.com>
	<CAEM=y+WkgSkc07ZsU6APAkcu37zVZ7dwSc=jAg1nho31S5ZyxQ@mail.gmail.com>
From: Alice Wonder <alice@librelamp.com>
Message-ID: <f309ea73-053d-c3e9-134e-4561e89715f1@librelamp.com>
Date: Sat, 25 Feb 2017 10:19:11 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <CAEM=y+WkgSkc07ZsU6APAkcu37zVZ7dwSc=jAg1nho31S5ZyxQ@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by
 third-parties, not just repo maintainers
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Feb 2017 18:28:02 -0000

On 02/25/2017 08:10 AM, Ethan Heilman via bitcoin-dev wrote:
>>SHA1 is insecure because the SHA1 algorithm is insecure, not because
> 160bits isn't enough.
>
> I would argue that 160-bits isn't enough for collision resistance.
> Assuming RIPEMD-160(SHA-256(msg)) has no flaws (i.e. is a random
> oracle), collisions can be generated in 2^80 queries (actually detecting
> these collisions requires some time-memory additional trade-offs). The
> Bitcoin network at the current hash rate performs roughly SHA-256 ~2^78
> queries a day or 2^80 queries every four days.

You have to not only produce a ripemd160 collision, you have to produce 
a collision that is also a valid sha-256 hash - and that's much much 
much more difficult.