----- Forwarded message from CodesInChaos <codesinchaos@gmail.com> ----- Date: Fri, 27 Sep 2013 16:49:52 +0200 From: CodesInChaos <codesinchaos@gmail.com> To: theory and practice of decentralized computer networks <p2p-hackers@lists.zooko.com> Subject: Re: [p2p-hackers] BitWeav: open P2P micropublishing Reply-To: theory and practice of decentralized computer networks <p2p-hackers@lists.zooko.com> Bitcoin only uses RIPEMD160(SHA256(x)) only in places where the relevant attack is a second pre-image, not a collision. If neither hashfunction is pathological, the pre-image resistance of this construction can't be broken without breaking both hashes. So this construction isn't that silly.
As for length extension attacks, I don't believe I should be concerned, should I? The transfer of messages within the network is dependent on a defined protocol, so any extra bytes would just be interpreted as a malformed message.
If you use it in a broken construction, you should be concerned. If you're not, then there is little reason to worry. Length extensions are only a problem with a few specific constructions. In particular using SHA256(k||m) as MAC is broken. If you want a hash based MAC with SHA-2, use HMAC instead. _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5