[p2p-hackers] BitWeav: open P2P micropublishing

Eugen Leitl eugen at leitl.org
Fri Sep 27 07:54:09 PDT 2013


----- Forwarded message from CodesInChaos <codesinchaos at gmail.com> -----

Date: Fri, 27 Sep 2013 16:49:52 +0200
From: CodesInChaos <codesinchaos at gmail.com>
To: theory and practice of decentralized computer networks <p2p-hackers at lists.zooko.com>
Subject: Re: [p2p-hackers] BitWeav: open P2P micropublishing
Reply-To: theory and practice of decentralized computer networks <p2p-hackers at lists.zooko.com>

Bitcoin only uses RIPEMD160(SHA256(x)) only in places where the relevant
attack is a second pre-image, not a collision. If neither hashfunction is
pathological, the pre-image resistance of this construction can't be broken
without breaking both hashes. So this construction isn't that silly.

>  As for length extension attacks, I don't believe I should be concerned,
should I? The transfer of messages within the network is dependent on a
defined protocol, so any extra bytes would just be interpreted as a
malformed message.

If you use it in a broken construction, you should be concerned. If you're
not, then there is little reason to worry.

Length extensions are only a problem with a few specific constructions. In
particular using SHA256(k||m) as MAC is broken. If you want a hash based
MAC with SHA-2, use HMAC instead.

_______________________________________________
p2p-hackers mailing list
p2p-hackers at lists.zooko.com
http://lists.zooko.com/mailman/listinfo/p2p-hackers


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the cypherpunks mailing list