Author: Erik Aronesty 2021-03-20 01:32:46
Published on: 2021-03-20T01:32:46+00:00
In a discussion on the Bitcoin-dev mailing list, a user suggested using sha3-256 instead of sha256 for designing an HD wallet. They explained that sha256 is vulnerable to certain attacks such as length extension, which could potentially leak information depending on how things are concatenated. They suggest choosing something where padding doesn't matter.The user also shared a link to an interesting and simple HD wallet design that uses pure ECDSA and SHA-256. They asked if anyone sees any flaws in the design or if it is safe enough to implement and use in practice. The design includes a master public key and child public key derived from it using SHA-256 and a nonce. It also allows potentially unlimited custom derivation paths by using a 256-bit nonce.Overall, the discussion highlights the importance of choosing secure algorithms when designing cryptographic schemes. In this case, the suggestion to use sha3-256 over sha256 may provide better protection against certain attacks.
Updated on: 2023-06-14T19:44:09.262026+00:00