[bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers

Alice Wonder alice at librelamp.com
Sat Feb 25 18:19:11 UTC 2017


On 02/25/2017 08:10 AM, Ethan Heilman via bitcoin-dev wrote:
>>SHA1 is insecure because the SHA1 algorithm is insecure, not because
> 160bits isn't enough.
>
> I would argue that 160-bits isn't enough for collision resistance.
> Assuming RIPEMD-160(SHA-256(msg)) has no flaws (i.e. is a random
> oracle), collisions can be generated in 2^80 queries (actually detecting
> these collisions requires some time-memory additional trade-offs). The
> Bitcoin network at the current hash rate performs roughly SHA-256 ~2^78
> queries a day or 2^80 queries every four days.

You have to not only produce a ripemd160 collision, you have to produce 
a collision that is also a valid sha-256 hash - and that's much much 
much more difficult.



More information about the bitcoin-dev mailing list