Author: Tim Ruffing 2017-02-24 16:30:49
Published on: 2017-02-24T16:30:49+00:00
A discussion has been initiated on the bitcoin-dev mailing list about the use of hash functions and their vulnerability to attacks. One participant argues that hashing files continuously instead of hashing intermediate steps gives latitude to attackers. However, another participant points out that the attacker would have no control over past files. The conversation then turns to whether it is easy to find a collision between two files computed in the next round given the hash state. It is suggested that if the original use of the hash function was vulnerable, then the new scheme would also be vulnerable for the initial state. Finally, a concrete attack is proposed involving finding x and y with H(x) = H(y), which can also be used to find m, x, and y with H(m||x) = H(m||y). The discussion concludes with uncertainty as to whether this is the appropriate forum for such discussions.
Updated on: 2023-06-11T21:47:45.010348+00:00