From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id D1448414 for ; Sat, 25 Feb 2017 19:12:07 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from outmail148107.authsmtp.com (outmail148107.authsmtp.com [62.13.148.107]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id E9D35139 for ; Sat, 25 Feb 2017 19:12:06 +0000 (UTC) Received: from mail-c232.authsmtp.com (mail-c232.authsmtp.com [62.13.128.232]) by punt22.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v1PJC4NK042892; Sat, 25 Feb 2017 19:12:04 GMT Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com [52.5.185.120]) (authenticated bits=0) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v1PJC2sZ012288 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 25 Feb 2017 19:12:03 GMT Received: from [127.0.0.1] (localhost [127.0.0.1]) by petertodd.org (Postfix) with ESMTPSA id 1D1B34008A; Sat, 25 Feb 2017 19:12:02 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id 56A43204AB; Sat, 25 Feb 2017 14:12:01 -0500 (EST) Date: Sat, 25 Feb 2017 14:12:01 -0500 From: Peter Todd To: Ethan Heilman , Bitcoin Protocol Discussion Message-ID: <20170225191201.GA15472@savin.petertodd.org> References: <8F096BE1-D305-43D4-AF10-2CC48837B14F@gmail.com> <20170225010122.GA10233@savin.petertodd.org> <208F93FE-B7C8-46BE-8E00-52DBD0F43415@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Server-Quench: 4ad188e7-fb8e-11e6-829f-00151795d556 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR bgdMdAcUHlAWAgsB AmEbWl1eUV97WWc7 bghPaBtcak9QXgdq T0pMXVMcUgQIe28D RXQeUxtwfw0IeX1x bU4sWiEPXUxyIEFg FBxcQHAHZDJmdWgd WRZFdwNVdQJNdxoR b1V5GhFYa3VsNCMk FAgyOXU9MCtqYB91 a1hFJlUWRUcQHzk6 XFgHFDYiVWIEW20t MhggJ0QVFkIcelk1 eVI9RVsbOARaABw8 V11NATVVYkEIXTYq ABgeFUgZDHVfXDxA SgclOhgABzVTXDZR BU1IUQpn X-Authentic-SMTP: 61633532353630.1037:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 52.5.185.120/25 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Steve Davis Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2017 19:12:08 -0000 --huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 25, 2017 at 11:10:02AM -0500, Ethan Heilman via bitcoin-dev wro= te: > >SHA1 is insecure because the SHA1 algorithm is insecure, not because > 160bits isn't enough. >=20 > I would argue that 160-bits isn't enough for collision resistance. Assumi= ng > RIPEMD-160(SHA-256(msg)) has no flaws (i.e. is a random oracle), collisio= ns That's something that we're well aware of; there have been a few discussion= s on this list about how P2SH's 160-bits is insufficient in certain use-cases su= ch as multisig. However, remember that a 160-bit *security level* is sufficient, and RIPEMD= 160 has 160-bit security against preimage attacks. Thus things like pay-to-pubkey-hash are perfectly secure: sure you could generate two pubkeys that have the same RIPEMD160(SHA256()) digest, but if someone does that it doesn't cause the Bitcoin network itself any harm, and doing so is something you choose to do to yourself. In any case, segwit will provide a 256-bit pay-to-witness-script-hash(1), w= hich provides a 128-bit security level against collision attacks. 1) https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki#Native_P2= WSH --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --huq684BweRXVnRxX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJYsdb9AAoJECSBQD2l8JH7718H/js71HapsFmrnOQ1dJuulnds AckgBgUr1tH3duZgOYCbEJ77rcngo1GjsEPaE6xMSQOGqrO0mDqbK7URWA6BzWVr bD1KdxZaw7fM0rO5Gx8qXhjvDRIm1Xn2eJAvPoiYDUluuQ+TdICI8eOfiGhS/Je+ m1EMp0Tfjpvu9x7J8mM3U4vr48IVdalIbiI9Gi3JWzkS2u98wz/FpYyTI53lFLe/ krw6TJ7WvFqbmRhiBDvaxFOEmCc8F+/9nqaiHDCTGrUDignzi1N6JEIpI2qPm6cu okmauAOsCAjkqpboz7Rse04mOFgc80BVHiiStS7bNviaWPAsp4ZEPIiSNZHTE2Q= =ATaN -----END PGP SIGNATURE----- --huq684BweRXVnRxX--