From eugen@leitl.org Fri Sep 27 10:54:12 2013 From: Eugen Leitl To: cypherpunks@lists.cpunks.org Subject: Re: [p2p-hackers] BitWeav: open P2P micropublishing Date: Fri, 27 Sep 2013 16:54:09 +0200 Message-ID: <20130927145408.GZ10405@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3583947597936646124==" --===============3583947597936646124== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ----- Forwarded message from CodesInChaos ----- Date: Fri, 27 Sep 2013 16:49:52 +0200 From: CodesInChaos To: theory and practice of decentralized computer networks Subject: Re: [p2p-hackers] BitWeav: open P2P micropublishing Reply-To: theory and practice of decentralized computer networks Bitcoin only uses RIPEMD160(SHA256(x)) only in places where the relevant attack is a second pre-image, not a collision. If neither hashfunction is pathological, the pre-image resistance of this construction can't be broken without breaking both hashes. So this construction isn't that silly. > As for length extension attacks, I don't believe I should be concerned, should I? The transfer of messages within the network is dependent on a defined protocol, so any extra bytes would just be interpreted as a malformed message. If you use it in a broken construction, you should be concerned. If you're not, then there is little reason to worry. Length extensions are only a problem with a few specific constructions. In particular using SHA256(k||m) as MAC is broken. If you want a hash based MAC with SHA-2, use HMAC instead. _______________________________________________ p2p-hackers mailing list p2p-hackers(a)lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============3583947597936646124==--