[bitcoin-dev] Time to worry about 80-bit collision attacks or not?
gavinandresen at gmail.com
Thu Jan 7 21:06:30 UTC 2016
Maybe I'm asking this question on the wrong mailing list:
Matt/Adam: do you have some reason to think that RIPEMD160 will be broken
And do you have some reason to think that they will be so broken that the
nested hash construction RIPEMD160(SHA256()) will be vulnerable?
Adam: re: "where to stop" : I'm suggesting we stop exactly at the current
status quo, where we use RIPEMD160 for P2SH and P2PKH.
Ethan: your algorithm will find two arbitrary values that collide. That
isn't useful as an attack in the context we're talking about here (both of
those values will be useless as coin destinations with overwhelming
Dave: you described a first preimage attack, which is 2**160 cpu time and
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bitcoin-dev