From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WAiUO-0001fa-CP for bitcoin-development@lists.sourceforge.net; Tue, 04 Feb 2014 16:04:44 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.149.56 as permitted sender) client-ip=62.13.149.56; envelope-from=pete@petertodd.org; helo=outmail149056.authsmtp.com; Received: from outmail149056.authsmtp.com ([62.13.149.56]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1WAiUM-0007kC-5P for bitcoin-development@lists.sourceforge.net; Tue, 04 Feb 2014 16:04:44 +0000 Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt17.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s14G4ZFc042738; Tue, 4 Feb 2014 16:04:35 GMT Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s14G4QQo085569 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 4 Feb 2014 16:04:29 GMT Date: Tue, 4 Feb 2014 11:04:14 -0500 From: Peter Todd To: Natanael Message-ID: <20140204160414.GA23803@savin> References: <1D8E0828-D07F-46EF-9F9F-5CA83AA9DB59@plan99.net> <20140204130312.GA23538@savin> <20140204131723.GA10309@savin> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 07623c9e-8db6-11e3-94fa-002590a135d3 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdgYUHlAWAgsB AmIbWlJeUFl7W2o7 bAxPbAVDY01GQQRq WVdMSlVNFUsrABh2 An9/DRl6cgBAcTBx ZUVhWD5bW0J4dhV0 F1NcQT8AeGZhPWMC WUQOJh5UcAFPdx8U a1N6AHBDAzANdhES HhM4ODE3eDlSNilR RRkIIFQOdA4BHyI3 QBEEH313WxRcDz8+ KxEvMVMQWA4OM1ky eUN7QlJcexUTElYP fQlEBiMRP1AQQict EUtCR0kCFzZaRW9H HwUwJQVUagAA X-Authentic-SMTP: 61633532353630.1024:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 76.10.178.109/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1WAiUM-0007kC-5P Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] bitcoinj 0.11 released, with p2sh, bip39 and payment protocol support X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Feb 2014 16:04:44 -0000 --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 04, 2014 at 04:17:47PM +0100, Natanael wrote: > Because it's trivial to create collisions! You can choose exactly what > output you want. That's why XOR is a very bad digest scheme. You're close, but not quite. So, imagine you have a merkle tree, and you're trying to timestamp some data at the bottom of the tree. Now you can successfully timestamp the top digest in the Bitcoin blockchain right, and be sure that digest existed before some time. But what about the digests at the bottom of the tree? What can an attacker do exactly to make a fake timestamp if the tree is using XOR rather than a proper hash function? --=20 'peter'[:-1]@petertodd.org 000000000000000075829f6169c79d7d5aaa20bfa8da6e9edb2393c4f8662ba0 --BXVAT5kNtrzKuDFl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQGrBAEBCACVBQJS8Q99XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDA3NTgyOWY2MTY5Yzc5ZDdkNWFhYTIwYmZhOGRhNmU5ZWRi MjM5M2M0Zjg2NjJiYTAvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkft3SQf9Gd1WpzYVwjFAP/W846WvvsE2 U11R67s2oRjAQYwJ9pV8bsSsVmME0Ckg6GNSmlMjpPmTR3rynL+CBo0Ov0HRsuoY UuqQsU82V0JrrLcSTckvd5pxA0RhAJa+cBkLMnGXwyWoJUX12IfSX/Wa/3sb1k1h fo5SgQHv/Vf2ICRAaOMAgU8a84YVk/qnR3/OYM1Lh5PAdfVIjGL97g7g5h8wT+mp dqMxVuDVuDiD53bTrqFHdZ6y+euorD/ojdOsmZQSypCWTjK8f9v/BH8IRDttOA7X N8CweRJmDAmEkG2xv8KxW0UBzdCscWWaSdxFX4CX8hALq3bJgLqxixyeAwzLpg== =uQBg -----END PGP SIGNATURE----- --BXVAT5kNtrzKuDFl--