Author: Arik Sosman 2021-03-20 02:08:39
Published on: 2021-03-20T02:08:39+00:00
In a discussion on the bitcoin-dev mailing list, a question was raised about the suitability and safety of using sha256-hmac(nonce, publicKeyPoint) as an alternative to sha3. Erik Aronesty recommended the use of sha3-256 instead, citing vulnerabilities in sha256 such as length extension attacks that could lead to information leaks depending on concatenation methods. The discussion also touched on the security of a simple HD wallet design involving only ECDSA and SHA-256, which was shared on the Bitcointalk forum. The design allows for potentially unlimited custom derivation paths and all keys start with 02 prefix. However, no major flaws were identified and it was deemed safe enough to implement and use in practice.
Updated on: 2023-06-14T19:43:00.333543+00:00