[p2p-hackers] BitWeav: open P2P micropublishing
CodesInChaos
codesinchaos at gmail.com
Fri Sep 27 07:49:52 PDT 2013
Bitcoin only uses RIPEMD160(SHA256(x)) only in places where the relevant
attack is a second pre-image, not a collision. If neither hashfunction is
pathological, the pre-image resistance of this construction can't be broken
without breaking both hashes. So this construction isn't that silly.
> As for length extension attacks, I don't believe I should be concerned,
should I? The transfer of messages within the network is dependent on a
defined protocol, so any extra bytes would just be interpreted as a
malformed message.
If you use it in a broken construction, you should be concerned. If you're
not, then there is little reason to worry.
Length extensions are only a problem with a few specific constructions. In
particular using SHA256(k||m) as MAC is broken. If you want a hash based
MAC with SHA-2, use HMAC instead.
_______________________________________________
p2p-hackers mailing list
p2p-hackers at lists.zooko.com
http://lists.zooko.com/mailman/listinfo/p2p-hackers
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the Testlist
mailing list