Author: Watson Ladd 2017-02-25 20:42:56
Published on: 2017-02-25T20:42:56+00:00
In a discussion on the Bitcoin-dev mailing list, it was argued that SHA1 is insecure because of its algorithm and not because 160 bits isn't enough. Although aware of the limitations of P2SH's 160-bit hashing, the community believes that using RIPEMD160 provides a 160-bit security level against pre-image attacks and is sufficient for most cases. However, P2SH is not secure against collisions, and if two scripts have the same hash, one of which is an escrow script and the other which pays it to the attacker, someone could get the payment. Formal analysis tools may ignore the unused instructions, even if human analysis would not. SegWit will provide a 256-bit pay-to-witness-script-hash, providing a 128-bit security level against collision attacks.
Updated on: 2023-06-11T21:50:08.361933+00:00