Author: Mike Hearn 2014-09-12 13:49:19
Published on: 2014-09-12T13:49:19+00:00
The discussion highlights a few thoughts on the use of Base64 of SHA256 as overkill for the payment request. It is suggested that 80 bits of entropy would still be sufficient, while keeping QR codes compact for better scannability. Additionally, in the common HTTPS context, there seems to be no reasonable attacker who can MITM the request for the BIP70 message but not the request to get the QR code. Therefore, adding a hash makes QR codes more bloated and harder to scan. This approach may be useful in the Bluetooth context; however, signing with the key in the first part of the URI can also avoid the need for a hash. The author suggests that this BIP does not fix any existing problem in the previous spec and exists only because Andreas thinks SSL is useless.
Updated on: 2023-06-09T02:31:58.812752+00:00