[bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers
pieter.wuille at gmail.com
Sun Feb 26 06:36:25 UTC 2017
On Feb 25, 2017 22:26, "Steve Davis" <steven.charles.davis at gmail.com> wrote:
> On Feb 25, 2017, at 4:14 PM, Pieter Wuille <pieter.wuille at gmail.com>
> Any alternative to move us away from RIPEMD160 would require:
“Any alternative”? What about reverting to:
Could that be the alternative?
Ok, fair enough, that is an alternative that avoids the 160-bit hash
function, but not where it matters. The 80-bit collision attack only
applies to jointly constructed addresses like multisig P2SH, not single-key
ones. As far as I know for those we only rely preimage security, and
RIPEMD160 has 160 bit security there, which is even more than our ECDSA
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bitcoin-dev