1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
Return-Path: <lescoutinhovr@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 87B84486
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 25 Feb 2017 23:09:21 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f47.google.com (mail-wm0-f47.google.com [74.125.82.47])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 9327A164
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 25 Feb 2017 23:09:20 +0000 (UTC)
Received: by mail-wm0-f47.google.com with SMTP id v186so38051698wmd.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 25 Feb 2017 15:09:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=lRvxQ4nI8KAQMD3iL/N1bOehMYMPKZFUh5POBfEVras=;
b=gn29psLQJrd8j4LFlo/3km8bPy6CbgotJGTFn8CDooA9GztN4NbFEbfpndUh7jSDjd
++dasJZ82uvbGG7DsD/fROFbFNRYZbWSYsRPJ2R7HNcA3Iu4wtKTq57Qdvc17WjbF/Zd
A1CGT3XzYeV+oz5xRfik9PKYLTh1/rKPfVpCt7OPCm1iULdbreW9OlQ5jMk/tCyXgYs2
qk1zsuq0ScltmODoIZFeog6+ENMNTZxJ0IuFqIrNyB0vtumiCKHSkFmpEi6w5ckiiYJQ
9QF3IJ5/DnwZkTEwwaqdWkbIlorCVdExBs0GTL/xCl5GY8s+Myt7NbbwMUq/Z9Zeap8w
mSxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=lRvxQ4nI8KAQMD3iL/N1bOehMYMPKZFUh5POBfEVras=;
b=T6YEGzYkpG8YM6fQzHCFPXdE4Hzq+8BV+DTkYYJeyqJ6lW4YJEPC6WyI1moPVmjJjS
8koWcv9t8fyg66aAksPGvYFjjlK0Txvb7KIyr3OmmEmyN9Sl+n5VhkI62cS+D4ey9+SG
CKELAN2Kif3wNXRn6Wye5mvl8upxxyH+XS6FUPqiwPF3feRwoFiItxnlasIWGWkHn/O+
yXbEgSnN9XXEUnfyez0QchlEmUJ382vxvHLa4aYpx/ouNzDrxYBLHBsLKmxwwDnywHKk
ZPOeS/jqRu7uGvLD15rH7VsIx0vJ28IEwS0VANBamk0CId9BQF/T09X76TBXK8BrBqsz
pfxg==
X-Gm-Message-State: AMke39n94wW/HRpzBrcMRKikNqGbO7WUHmcDnMARMrCE9u0sqthpq4J/TaqzPzYpohQWq3faVZmr/g4CwAOaOw==
X-Received: by 10.28.103.69 with SMTP id b66mr7920498wmc.73.1488064159258;
Sat, 25 Feb 2017 15:09:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.28.50.3 with HTTP; Sat, 25 Feb 2017 15:09:18 -0800 (PST)
In-Reply-To: <20170225214018.GA16524@savin.petertodd.org>
References: <8F096BE1-D305-43D4-AF10-2CC48837B14F@gmail.com>
<20170225010122.GA10233@savin.petertodd.org>
<208F93FE-B7C8-46BE-8E00-52DBD0F43415@gmail.com>
<CAN6UTayzQRowtWhLKr8LyFuXjw3m+GjQGtHfkDj-Xu41Hym32w@mail.gmail.com>
<CAEM=y+WkgSkc07ZsU6APAkcu37zVZ7dwSc=jAg1nho31S5ZyxQ@mail.gmail.com>
<20170225191201.GA15472@savin.petertodd.org>
<CAMZUoK=sq_sRoXuySca-VAGwA3AzeoZ5iNFSnKULbj+NtPjHFA@mail.gmail.com>
<20170225210406.GA16196@savin.petertodd.org>
<CAGLBAhdCb+QLWRm4FWkPvaM2sU24HuafdgNiS=wgnPTGzrW05w@mail.gmail.com>
<4FE38F6A-0560-4989-9C53-7F8C94EA4C76@gmail.com>
<20170225214018.GA16524@savin.petertodd.org>
From: Leandro Coutinho <lescoutinhovr@gmail.com>
Date: Sat, 25 Feb 2017 20:09:18 -0300
Message-ID: <CAN6UTaz5Y9hRjCgHAETF2HMxZ7TPdAe06NmjQ1cQgHvBsf0RSQ@mail.gmail.com>
To: Peter Todd <pete@petertodd.org>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary=001a114b2d389da151054962ef48
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,LOTS_OF_MONEY,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Sat, 25 Feb 2017 23:16:51 +0000
Cc: Steve Davis <steven.charles.davis@gmail.com>
Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by
third-parties, not just repo maintainers
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Feb 2017 23:09:21 -0000
--001a114b2d389da151054962ef48
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
If people split their bitcoins in multiple addresses, then maybe there
would be no need to worry(?), because the computational cost would be
higher than what the attacker would get.
From Google:
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.htm=
l
*Here are some numbers that give a sense of how large scale this
computation was: *
- *Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in
total*
- *6,500 years of CPU computation to complete the attack first phase*
- *110 years of GPU computation to complete the second phase*
https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html
Richest address: 124,178 BTC ($142,853,079 USD)
On Sat, Feb 25, 2017 at 6:40 PM, Peter Todd via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> On Sat, Feb 25, 2017 at 03:34:33PM -0600, Steve Davis wrote:
> > Yea, well. I don=E2=80=99t think it is ethical to post instructions wit=
hout an
> associated remediation (BIP) if you don=E2=80=99t see the potential attac=
k.
>
> I can't agree with you at all there: we're still at the point where the
> computational costs of such attacks limit their real-world impact, which =
is
> exactly when you want the *maximum* exposure to what they are and what th=
e
> risks are, so that people develop mitigations.
>
> Keeping details secret tends to keep the attacks out of public view, whic=
h
> might be a good trade-off in a situation where the attacks are immediatel=
y
> practical and the need to deploy a fix is well understood. But we're in t=
he
> exact opposite situation.
>
> > I was rather hoping that we could have a fuller discussion of what the
> best practical response would be to such an issue?
>
> Deploying segwit's 256-bit digests is a response that's already fully
> coded and
> ready to deploy, with the one exception of a new address format. That
> address
> format is being actively worked on, and could be deployed relatively
> quickly if
> needed.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
--001a114b2d389da151054962ef48
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div>If people split their bitcoins in multiple addre=
sses, then maybe there would be no need to worry(?), because the computatio=
nal cost would be higher than what the attacker would get.<br><br><br></div=
From Google:<br><a href=3D"https://security.googleblog.com/2017/02/announc=
ing-first-sha1-collision.html">https://security.googleblog.com/2017/02/anno=
uncing-first-sha1-collision.html</a><br><br><div style=3D"margin-left:40px"=
><i>Here are some numbers that give a sense of how large scale this computa=
tion was:<span class=3D"gmail-space"></span>
<span class=3D"gmail-space"></span>
</i></div><ul style=3D"margin-left:40px"><li><i>Nine quintillion (9,223,372=
,036,854,775,808) SHA1 computations in total</i></li><li><i>6,500 years of =
CPU computation to complete the attack first phase</i></li><li><i>110 years=
of GPU computation to complete the second phase</i></li></ul><br><a href=
=3D"https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html">https=
://bitinfocharts.com/top-100-richest-bitcoin-addresses.html</a><br></div>Ri=
chest address: 124,178 BTC ($142,853,079 USD)<div><br><br></div></div><div =
class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Sat, Feb 25, 2017 a=
t 6:40 PM, Peter Todd via bitcoin-dev <span dir=3D"ltr"><<a href=3D"mail=
to:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@lis=
ts.linuxfoundation.org</a>></span> wrote:<br><blockquote class=3D"gmail_=
quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1=
ex"><span class=3D"">On Sat, Feb 25, 2017 at 03:34:33PM -0600, Steve Davis =
wrote:<br>
> Yea, well. I don=E2=80=99t think it is ethical to post instructions wi=
thout an associated remediation (BIP) if you don=E2=80=99t see the potentia=
l attack.<br>
<br>
</span>I can't agree with you at all there: we're still at the poin=
t where the<br>
computational costs of such attacks limit their real-world impact, which is=
<br>
exactly when you want the *maximum* exposure to what they are and what the<=
br>
risks are, so that people develop mitigations.<br>
<br>
Keeping details secret tends to keep the attacks out of public view, which<=
br>
might be a good trade-off in a situation where the attacks are immediately<=
br>
practical and the need to deploy a fix is well understood. But we're in=
the<br>
exact opposite situation.<br>
<span class=3D""><br>
> I was rather hoping that we could have a fuller discussion of what the=
best practical response would be to such an issue?<br>
<br>
</span>Deploying segwit's 256-bit digests is a response that's alre=
ady fully coded and<br>
ready to deploy, with the one exception of a new address format. That addre=
ss<br>
format is being actively worked on, and could be deployed relatively quickl=
y if<br>
needed.<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
--<br>
<a href=3D"https://petertodd.org" rel=3D"noreferrer" target=3D"_blank">http=
s://petertodd.org</a> 'peter'[:-1]@<a href=3D"http://petertodd.org"=
rel=3D"noreferrer" target=3D"_blank">petertodd.org</a><br>
</div></div><br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
<br></blockquote></div><br></div>
--001a114b2d389da151054962ef48--
|
