Author: Ethan Heilman 2017-02-25 16:10:02
Published on: 2017-02-25T16:10:02+00:00
The SHA1 algorithm is considered insecure due to its flaws, not because 160 bits are insufficient. However, it has been argued that 160 bits may not be enough for collision resistance. RIPEMD-160(SHA-256(msg)) has been assumed to have no flaws and collisions can be generated in 2^80 queries. The impact of collisions in RIPEMD-160(SHA-256(msg)) could potentially affect the price of Bitcoin if headlines read "Bitcoin's Cryptography Broken." Google recommends migrating to safer cryptographic hashes such as SHA-256 and SHA-3 but does not mention RIPEMD-160. While there are currently no known weaknesses in RIPEMD160, it has not been studied as closely as more common hash algorithms. Bitcoin uses RIPEMD160(SHA256(msg)), which may make creating collisions harder than using RIPEMD160 alone. However, it is unclear whether this offers greater protection as the outputs only verify the public key against the final 20 byte hash. For reasons of credibility and good engineering, Bitcoin should strive to always use cryptography that is beyond reproach.
Updated on: 2023-06-11T21:48:08.686349+00:00