π
Original date posted:2014-09-12
π Original message:On 12 Sep 2014, at 20:43 , bitcoin-development-request at lists.sourceforge.net wrote:
> Specifically relevant here:
> http://security.stackexchange.com/questions/34796/truncating-the-output-of-sha256-to-128-bits.
>
> If you're going to truncate though, why not just leave the amount of
> bits up the the person generating the QR code? The client simply takes
> the hash prefix (any length up to full 256-bits) and makes sure it's a
> strict prefix of the actual hash of the payment request.
If you do so, please make sure the length of the hash is included in the PaymentDetails/PaymentRequest. If someone parses the URI and doesnβt have an authenticated way of knowing the expected length of the hash, a MITM attacker can just truncate the hash to lower security.
/Mark
Mark van Cuijk [ARCHIVE] /
npub13lβ¦273cc
2023-06-07 15:25:43
in reply to nevent1qβ¦3rrr
Author Public Key
npub13lftpp7g0zz6pjhvjhqqlka53e358xctk4c4fzr52yywt5cqhkvqe273ccPublished at
2023-06-07 15:25:43Event JSON
{
"id": "668c79ffd121e2d674d8ca1607b3137e2eeb5aaf60c2b404625ed5c59a541541",
"pubkey": "8fd2b087c87885a0caec95c00fdbb48e63439b0bb5715488745108e5d300bd98",
"created_at": 1686151543,
"kind": 1,
"tags": [
[
"e",
"5045235f447739204820462b94c541446b82ef26097d3889eeeed0767ae1d197",
"",
"root"
],
[
"e",
"5f0d47b55eb2917af7931de319032d40ad9cc2b721a0b437a6cfedfe2f983d9a",
"",
"reply"
],
[
"p",
"f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2"
]
],
"content": "π
Original date posted:2014-09-12\nπ Original message:On 12 Sep 2014, at 20:43 , bitcoin-development-request at lists.sourceforge.net wrote:\n\n\u003e Specifically relevant here:\n\u003e http://security.stackexchange.com/questions/34796/truncating-the-output-of-sha256-to-128-bits.\n\u003e \n\u003e If you're going to truncate though, why not just leave the amount of\n\u003e bits up the the person generating the QR code? The client simply takes\n\u003e the hash prefix (any length up to full 256-bits) and makes sure it's a\n\u003e strict prefix of the actual hash of the payment request.\n\nIf you do so, please make sure the length of the hash is included in the PaymentDetails/PaymentRequest. If someone parses the URI and doesnβt have an authenticated way of knowing the expected length of the hash, a MITM attacker can just truncate the hash to lower security.\n\n/Mark",
"sig": "a7c2ab72ca8be81fcf8e4fa81eb8f6bd9543e64a927f54d7db63642e49f0950d8bb22c1afa59f690cc83a51b9a3c561f2557f3bf4053a59155e098d4cb514c25"
}