<div dir="ltr"><div><div>If people split their bitcoins in multiple addresses, then maybe there would be no need to worry(?), because the computational cost would be higher than what the attacker would get.<br><br><br></div>From Google:<br><a href="https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html">https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html</a><br><br><div style="margin-left:40px"><i>Here are some numbers that give a sense of how large scale this computation was:<span class="gmail-space"></span>
<span class="gmail-space"></span>
</i></div><ul style="margin-left:40px"><li><i>Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total</i></li><li><i>6,500 years of CPU computation to complete the attack first phase</i></li><li><i>110 years of GPU computation to complete the second phase</i></li></ul><br><a href="https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html">https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html</a><br></div>Richest address: 124,178 BTC ($142,853,079 USD)<div><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Feb 25, 2017 at 6:40 PM, Peter Todd via bitcoin-dev <span dir="ltr"><<a href="mailto:bitcoin-dev@lists.linuxfoundation.org" target="_blank">bitcoin-dev@lists.linuxfoundation.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Sat, Feb 25, 2017 at 03:34:33PM -0600, Steve Davis wrote:<br>
> Yea, well. I don’t think it is ethical to post instructions without an associated remediation (BIP) if you don’t see the potential attack.<br>
<br>
</span>I can't agree with you at all there: we're still at the point where the<br>
computational costs of such attacks limit their real-world impact, which is<br>
exactly when you want the *maximum* exposure to what they are and what the<br>
risks are, so that people develop mitigations.<br>
<br>
Keeping details secret tends to keep the attacks out of public view, which<br>
might be a good trade-off in a situation where the attacks are immediately<br>
practical and the need to deploy a fix is well understood. But we're in the<br>
exact opposite situation.<br>
<span class=""><br>
> I was rather hoping that we could have a fuller discussion of what the best practical response would be to such an issue?<br>
<br>
</span>Deploying segwit's 256-bit digests is a response that's already fully coded and<br>
ready to deploy, with the one exception of a new address format. That address<br>
format is being actively worked on, and could be deployed relatively quickly if<br>
needed.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
<a href="https://petertodd.org" rel="noreferrer" target="_blank">https://petertodd.org</a> 'peter'[:-1]@<a href="http://petertodd.org" rel="noreferrer" target="_blank">petertodd.org</a><br>
</div></div><br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href="mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.<wbr>linuxfoundation.org</a><br>
<a href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" rel="noreferrer" target="_blank">https://lists.linuxfoundation.<wbr>org/mailman/listinfo/bitcoin-<wbr>dev</a><br>
<br></blockquote></div><br></div>