From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XSRyA-0004bd-Fs for bitcoin-development@lists.sourceforge.net; Fri, 12 Sep 2014 14:37:02 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of m.gmane.org designates 80.91.229.3 as permitted sender) client-ip=80.91.229.3; envelope-from=gcbd-bitcoin-development@m.gmane.org; helo=plane.gmane.org; Received: from plane.gmane.org ([80.91.229.3]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1XSRy8-0002I1-JI for bitcoin-development@lists.sourceforge.net; Fri, 12 Sep 2014 14:37:02 +0000 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1XSRy2-0002Ra-0S for bitcoin-development@lists.sourceforge.net; Fri, 12 Sep 2014 16:36:54 +0200 Received: from f053001030.adsl.alicedsl.de ([78.53.1.30]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 12 Sep 2014 16:36:54 +0200 Received: from andreas by f053001030.adsl.alicedsl.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 12 Sep 2014 16:36:54 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: bitcoin-development@lists.sourceforge.net From: Andreas Schildbach Date: Fri, 12 Sep 2014 16:36:41 +0200 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: f053001030.adsl.alicedsl.de User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1 In-Reply-To: X-Spam-Score: -2.6 (--) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.1 DKIM_ADSP_ALL No valid author signature, domain signs all mail -0.0 SPF_PASS SPF: sender matches SPF record -2.2 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1XSRy8-0002I1-JI Subject: Re: [Bitcoin-development] BIP72 amendment proposal X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Sep 2014 14:37:02 -0000 On 09/12/2014 03:49 PM, Mike Hearn wrote: > (1) Base64 of SHA256 seems overkill. 256 bits of hash is a lot. The risk > here is that a MITM intercepts the payment request, which will be > typically requested just seconds after the QR code is vended. 80 bits of > entropy would still be a lot and take a long time to brute force, whilst > keeping QR codes more compact, which impacts scannability. To put that into perspective, here is how a bitcoin: URI would look like: bitcoin:?h=J-J-4mra0VorfffEZm5J7mBmHGKX86Dpt-TnnmC_fhE&r=http://wallet.schildbach.de/bip70/r1409992884.bitcoinpaymentrequest (obviously for real-world usage you would optimize the "r" parameter) I looked at the list in this doc to evaluate what's easily available: https://code.google.com/p/guava-libraries/wiki/HashingExplained I thought SHA1 has a bad reputation these days, and we don't save much by using it. I don't know anything about Murmur. MD5 is clearly broken. What hash function would you recommend? > (2) This should *not* be necessary in the common HTTPS context. It is. People can't check names. People don't want to check names. People can't get certificates for lots of reasons. X.509 is centralized. X.509 has had serious security issues in the past. And shit continues to happen. To sum up, X.509 can't replace the trust anchor that is established by scanning a QR code or tapping two devices together. > (3) This can be useful in the Bluetooth context, but then again, we > could also do things a different way by signing with the key in the > first part of the URI, thus avoiding the need for a hash. Sure. But signing is harder than just calculating a hash.