[bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers

Peter Todd pete at petertodd.org
Sat Feb 25 01:01:22 UTC 2017


On Fri, Feb 24, 2017 at 05:49:36PM -0600, Steve Davis via bitcoin-dev wrote:
> If the 20 byte SHA1 is now considered insecure (with good reason), what about RIPEMD-160 which is the foundation of Bitcoin addresses?

SHA1 is insecure because the SHA1 algorithm is insecure, not because 160bits isn't enough.

AFAIK there aren't any known weaknesses in RIPEMD160, but it also hasn't been
as closely studied as more common hash algorithms. That said, Bitcoin uses
RIPEMD160(SHA256(msg)), which may make creating collisions harder if an attack
is found than if it used RIPEMD160 alone.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170224/85794f98/attachment.sig>


More information about the bitcoin-dev mailing list