Alice Wonder [ARCHIVE] on Nostr: 📅 Original date posted:2017-02-25 📝 Original message:On 02/25/2017 08:10 AM, ...
📅 Original date posted:2017-02-25
📝 Original message:On 02/25/2017 08:10 AM, Ethan Heilman via bitcoin-dev wrote:
>>SHA1 is insecure because the SHA1 algorithm is insecure, not because
> 160bits isn't enough.
>
> I would argue that 160-bits isn't enough for collision resistance.
> Assuming RIPEMD-160(SHA-256(msg)) has no flaws (i.e. is a random
> oracle), collisions can be generated in 2^80 queries (actually detecting
> these collisions requires some time-memory additional trade-offs). The
> Bitcoin network at the current hash rate performs roughly SHA-256 ~2^78
> queries a day or 2^80 queries every four days.
You have to not only produce a ripemd160 collision, you have to produce
a collision that is also a valid sha-256 hash - and that's much much
much more difficult.
📝 Original message:On 02/25/2017 08:10 AM, Ethan Heilman via bitcoin-dev wrote:
>>SHA1 is insecure because the SHA1 algorithm is insecure, not because
> 160bits isn't enough.
>
> I would argue that 160-bits isn't enough for collision resistance.
> Assuming RIPEMD-160(SHA-256(msg)) has no flaws (i.e. is a random
> oracle), collisions can be generated in 2^80 queries (actually detecting
> these collisions requires some time-memory additional trade-offs). The
> Bitcoin network at the current hash rate performs roughly SHA-256 ~2^78
> queries a day or 2^80 queries every four days.
You have to not only produce a ripemd160 collision, you have to produce
a collision that is also a valid sha-256 hash - and that's much much
much more difficult.