š
Original date posted:2016-01-07
š Original message:Maybe I'm asking this question on the wrong mailing list:
Matt/Adam: do you have some reason to think that RIPEMD160 will be broken
before SHA256?
And do you have some reason to think that they will be so broken that the
nested hash construction RIPEMD160(SHA256()) will be vulnerable?
Adam: re: "where to stop" : I'm suggesting we stop exactly at the current
status quo, where we use RIPEMD160 for P2SH and P2PKH.
Ethan: your algorithm will find two arbitrary values that collide. That
isn't useful as an attack in the context we're talking about here (both of
those values will be useless as coin destinations with overwhelming
probability).
Dave: you described a first preimage attack, which is 2**160 cpu time and
no storage.
--
--
Gavin Andresen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160107/a777b3e1/attachment.html>;
Gavin Andresen [ARCHIVE] /
npub1s4ā¦d44kw
2023-06-07 17:47:38
in reply to nevent1qā¦3e64
Author Public Key
npub1s4lj77xuzcu7wy04afcr487f0r3za0f8n2775xrpkld2sv639mjqsd44kwPublished at
2023-06-07 17:47:38Event JSON
{
"id": "a3b6a7a19448fac5c27ba3116094a75fdd3e376ddfc062b345d2eccdf5b63960",
"pubkey": "857f2f78dc1639e711f5ea703a9fc978e22ebd279abdea1861b7daa833512ee4",
"created_at": 1686160058,
"kind": 1,
"tags": [
[
"e",
"e1f46f49861d474f81d81bf43d690af02c9b35e1c9c4fe5cc415112a34c1c041",
"",
"root"
],
[
"e",
"c9149732bdb197c7a82972b6ea51099241536a7ce344a80be71242b5d3eec107",
"",
"reply"
],
[
"p",
"a384795310cea1937dda4d01ee8f14ca734b9a7ab60c62114a5656706e15e47f"
]
],
"content": "š
Original date posted:2016-01-07\nš Original message:Maybe I'm asking this question on the wrong mailing list:\n\nMatt/Adam: do you have some reason to think that RIPEMD160 will be broken\nbefore SHA256?\nAnd do you have some reason to think that they will be so broken that the\nnested hash construction RIPEMD160(SHA256()) will be vulnerable?\n\nAdam: re: \"where to stop\" : I'm suggesting we stop exactly at the current\nstatus quo, where we use RIPEMD160 for P2SH and P2PKH.\n\nEthan: your algorithm will find two arbitrary values that collide. That\nisn't useful as an attack in the context we're talking about here (both of\nthose values will be useless as coin destinations with overwhelming\nprobability).\n\nDave: you described a first preimage attack, which is 2**160 cpu time and\nno storage.\n\n\n-- \n--\nGavin Andresen\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160107/a777b3e1/attachment.html\u003e",
"sig": "8d5577afbb78804f9fd44568a43e984ade043cf9e0474574ae98d279932c1662751fe18b9a2871a65e6c5347872b0f1d24e05b3907868ee2ac0265ef07a57665"
}