Author: Gavin Andresen 2016-01-12 12:08:18
Published on: 2016-01-12T12:08:18+00:00
It is advised to worry about 80-bit collision attacks as it is likely that they will cost less than $1 million in the next ten to twenty years. If one agrees to lock up funds with someone else and they control the public key, they become susceptible to these attacks. It is suggested to avoid pay-to-script-hash addresses and instead use payment protocol and "raw" multisig outputs when dealing with significant amounts of money. Alternatively, one can ask for a hierarchical deterministic (BIP32) seed and derive a public key for them to use. To ensure maximum security, one should follow security in depth and validate all input secure coding principles by avoiding p2sh and exchanging HD seeds, adding randomness, and using resulting public keys in the transaction. Gavin Andresen thanks those who contributed to this discussion and acknowledged that he learned a lot from them about collision attacks.
Updated on: 2023-06-11T03:01:44.467963+00:00