From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from <drak@zikula.org>) id 1WK2Yx-0000Bv-L9 for bitcoin-development@lists.sourceforge.net; Sun, 02 Mar 2014 09:19:59 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of zikula.org designates 74.125.82.169 as permitted sender) client-ip=74.125.82.169; envelope-from=drak@zikula.org; helo=mail-we0-f169.google.com; Received: from mail-we0-f169.google.com ([74.125.82.169]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WK2Yw-00078i-9w for bitcoin-development@lists.sourceforge.net; Sun, 02 Mar 2014 09:19:59 +0000 Received: by mail-we0-f169.google.com with SMTP id w62so156807wes.14 for <bitcoin-development@lists.sourceforge.net>; Sun, 02 Mar 2014 01:19:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=19HjnkaD+f6hAO2B0xinpV2d/A59v7t8ywJ01nMkyaA=; b=WAbWi4X9fcOuGnhZxhJxNtRUpSdggiVVNtw+6MHWM4cAgog6ZKfEueK/PZnBf6nx34 MMm8Zgs2sSaMlSCH8ke7K1orG7o7Y1ct/CUecss1N4m18FkCzLBaPW4tM5JX8WO40hCF NlNGNxLfv7TQrI/abTaV4AZ+QqKEC9m7mH5JBbVSAnXIjX0ELsfcRbK2mwRdiFmwP3fH kRx+gfE8GTz8U9fu7unz8IjRZDwkfxKumFFHzPjBQlXmEZHXw11KIus0AYdTfwD3IW4r r0q2buGuDNEGSgYiVjLiW2cHaLFlLGA+6VPu0iSINe+UV60d+ul+SfnpYsSFXf+Sreyx mnMA== X-Gm-Message-State: ALoCoQlS3keHOoQWRb+jfY6fWyi0844CpqNAp0vGxQf+CyB77AGtHvdqtrZ5dgvBw5xoMegH2d/I MIME-Version: 1.0 X-Received: by 10.194.84.144 with SMTP id z16mr10162805wjy.23.1393750361352; Sun, 02 Mar 2014 00:52:41 -0800 (PST) Received: by 10.194.205.69 with HTTP; Sun, 2 Mar 2014 00:52:41 -0800 (PST) Received: by 10.194.205.69 with HTTP; Sun, 2 Mar 2014 00:52:41 -0800 (PST) In-Reply-To: <CANEZrP22SF4bD2pA3MyNmAojUmtZ20r=eL2Lgt=Fa4ZJyG=5SA@mail.gmail.com> References: <op.xb05iptvyldrnw@laptop-air> <op.xb2352ezyldrnw@laptop-air> <CANEZrP22SF4bD2pA3MyNmAojUmtZ20r=eL2Lgt=Fa4ZJyG=5SA@mail.gmail.com> Date: Sun, 2 Mar 2014 08:52:41 +0000 Message-ID: <CANAnSg1fwkzXebbCMEf6XeGD0SG+ny=vKW-2nC_40yhkn1LVkg@mail.gmail.com> From: Drak <drak@zikula.org> To: Mike Hearn <mike@plan99.net> Content-Type: multipart/alternative; boundary=089e0102ddae31c3ff04f39bcbeb X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1WK2Yw-00078i-9w Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> Subject: Re: [Bitcoin-development] Payment Protocol Hash Comments X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: <bitcoin-development.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> List-Post: <mailto:bitcoin-development@lists.sourceforge.net> List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> X-List-Received-Date: Sun, 02 Mar 2014 09:19:59 -0000 --089e0102ddae31c3ff04f39bcbeb Content-Type: text/plain; charset=UTF-8 Not true, PHP does support sha2 http://php.net/manual/en/mhash.constants.php http://php.net/manual/en/function.hash-algos.php#refsect1-function.hash-algos-examples On 2 Mar 2014 08:44, "Mike Hearn" <mike@plan99.net> wrote: > SHA-1 support is there for PHP developers. Apparently it can't do SHA-2. > On 2 Mar 2014 08:53, "Jeremy Spilman" <jeremy@taplink.co> wrote: > >> From BIP70: >> >> If pki_type is "x509+sha256", then the Payment message is hashed using >> the >> SHA256 algorithm to produce the message digest that is signed. If >> pki_type >> is "x509+sha1", then the SHA1 algorithm is used. >> >> A couple minor comments; >> >> - I think it meant to say the field to be hashed is 'PaymentRequest' not >> 'Payment' message -- probably got renamed at some point and this is an old >> reference calling it by its original name. >> >> - Could be a bit more explicit about the hashing, e.g. 'copy the >> PaymentRequest, set the signature field to the empty string, serialize to >> a byte[] and hash. >> >> - SHA1 is retiring, any particular reason to even have it in there at >> all? >> >> - Should there any way for the end-user to see details like the pki_type >> and the certificate chain, like browser do? >> >> >> Thanks, >> Jeremy >> >> >> >> ------------------------------------------------------------------------------ >> Flow-based real-time traffic analytics software. Cisco certified tool. >> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer >> Customize your own dashboards, set traffic alerts and generate reports. >> Network behavioral analysis & security monitoring. All-in-one tool. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --089e0102ddae31c3ff04f39bcbeb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <p dir=3D"ltr">Not true, PHP does support sha2</p> <p dir=3D"ltr"><a href=3D"http://php.net/manual/en/mhash.constants.php">htt= p://php.net/manual/en/mhash.constants.php</a><br> <a href=3D"http://php.net/manual/en/function.hash-algos.php#refsect1-functi= on.hash-algos-examples">http://php.net/manual/en/function.hash-algos.php#re= fsect1-function.hash-algos-examples</a></p> <div class=3D"gmail_quote">On 2 Mar 2014 08:44, "Mike Hearn" <= <a href=3D"mailto:mike@plan99.net">mike@plan99.net</a>> wrote:<br type= =3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8= ex;border-left:1px #ccc solid;padding-left:1ex"> <p dir=3D"ltr">SHA-1 support is there for PHP developers. Apparently it can= 't do SHA-2.</p> <div class=3D"gmail_quote">On 2 Mar 2014 08:53, "Jeremy Spilman" = <<a href=3D"mailto:jeremy@taplink.co" target=3D"_blank">jeremy@taplink.c= o</a>> wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" = style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> =C2=A0From BIP70:<br> <br> =C2=A0 =C2=A0If pki_type is "x509+sha256", then the Payment messa= ge is hashed using<br> the<br> =C2=A0 =C2=A0SHA256 algorithm to produce the message digest that is signed.= If<br> pki_type<br> =C2=A0 =C2=A0is "x509+sha1", then the SHA1 algorithm is used.<br> <br> A couple minor comments;<br> <br> =C2=A0 - I think it meant to say the field to be hashed is 'PaymentRequ= est' not<br> 'Payment' message -- probably got renamed at some point and this is= an old<br> reference calling it by its original name.<br> <br> =C2=A0 - Could be a bit more explicit about the hashing, e.g. 'copy the= <br> PaymentRequest, set the signature field to the empty string, serialize to<b= r> a byte[] and hash.<br> <br> =C2=A0 - SHA1 is retiring, any particular reason to even have it in there a= t all?<br> <br> =C2=A0 - Should there any way for the end-user to see details like the pki_= type<br> and the certificate chain, like browser do?<br> <br> <br> Thanks,<br> Jeremy<br> <br> <br> ---------------------------------------------------------------------------= ---<br> Flow-based real-time traffic analytics software. Cisco certified tool.<br> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer<br> Customize your own dashboards, set traffic alerts and generate reports.<br> Network behavioral analysis & security monitoring. All-in-one tool.<br> <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D126839071&iu= =3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam= pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk</a><br> _______________________________________________<br> Bitcoin-development mailing list<br> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla= nk">Bitcoin-development@lists.sourceforge.net</a><br> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development= " target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment</a><br> </blockquote></div> <br>-----------------------------------------------------------------------= -------<br> Flow-based real-time traffic analytics software. Cisco certified tool.<br> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer<br> Customize your own dashboards, set traffic alerts and generate reports.<br> Network behavioral analysis & security monitoring. All-in-one tool.<br> <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D126839071&iu= =3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam= pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk</a><br>__________________= _____________________________<br> Bitcoin-development mailing list<br> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo= pment@lists.sourceforge.net</a><br> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development= " target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment</a><br> <br></blockquote></div> --089e0102ddae31c3ff04f39bcbeb--