Author: Gavin Andresen 2016-01-07 21:06:30
Published on: 2016-01-07T21:06:30+00:00
In this email thread, the participants are discussing the security of RIPEMD160 and SHA256 hash functions. The author asks whether there is any reason to believe that RIPEMD160 will be broken before SHA256 and whether the nested hash construction RIPEMD160(SHA256()) will be vulnerable if either of these were broken. Adam suggests sticking with the current status quo where RIPEMD160 is used for P2SH and P2PKH. Ethan comments that an algorithm finding two arbitrary values that collide is not useful as an attack in the context they are discussing. Dave describes a first preimage attack which requires 2**160 cpu time and no storage.
Updated on: 2023-06-11T03:00:02.581771+00:00