Author: Ethan Heilman 2016-06-29 14:38:43
Published on: 2016-06-29T14:38:43+00:00
A discussion on the Bitcoin developer mailing list has been had regarding BIP-0151 and the inclusion of cipher-type into the symmetric cipher key to avoid weak-cipher attacks. It was questioned whether the cipher-type referred to ECDH negotiation parameters. In response, Pieter Wuille explains that SHA256(key|cipher-type|mesg) is insecure due to the length extension property of SHA256. Although this property does not technically apply here, it is an example of why a hash function cannot be used generically in places where a MAC is needed. Furthermore, if a hash function is already being used, HMAC is easy to construct on top of it.
Updated on: 2023-06-11T18:53:35.659324+00:00