Author: Andreas Schildbach 2014-09-12 14:36:41
Published on: 2014-09-12T14:36:41+00:00
In an email exchange on December 9th, 2014, Mike Hearn suggested that using Base64 of SHA256 was overkill when it comes to bitcoin transactions. As the payment request is typically requested just seconds after the QR code is vended, he argues that 80 bits of entropy would still be secure enough against brute force attacks. He also provided a bitcoin: URI as an example of how this would look in practice. Mike then goes on to evaluate different hash functions, and asks for recommendations on which one to use. He rules out using SHA1 due to its bad reputation, and MD5 because it has been proven to be broken. Regarding the need for scanning QR codes or tapping two devices together, Mike argues that X.509 can't replace the trust anchor established by these methods. He provides several reasons why X.509 is not a suitable replacement, including issues with security and centralization. Finally, Mike suggests that signing with the key in the first part of the URI could be a viable alternative in the Bluetooth context, but acknowledges that it may be more difficult than simply calculating a hash.
Updated on: 2023-06-09T02:30:59.807042+00:00