Author: Rusty Russell 2016-06-29 01:00:29
Published on: 2016-06-29T01:00:29+00:00
In a discussion on the Bitcoin-Dev mailing list, Jonas Schnelli suggests using SHA512_HMAC instead of SHA256_HMAC for key derivation, referencing the use of SHA512_HMAC in BIP32 and stating that it is cheaper and simpler than two SHA256_HMAC operations. Rusty Russell replies that he was considering using Schnelli's work for lightning inter-node communication, but adding another hash algorithm would be unnecessarily painful. He also notes that SHA256_HMAC is not used by the current p2p and consensus layer, but rather by Bitcoin-Core for HTTP RPC authentication and Tor control. Russell questions the use of HMAC, as opposed to just SHA256(key|cipher-type|mesg), but attributes this to his own lack of crypto knowledge.
Updated on: 2023-06-11T18:54:06.687785+00:00