Author: Christophe Biocca 2014-09-12 15:33:36
Published on: 2014-09-12T15:33:36+00:00
The conversation revolves around the use of hash functions in generating QR codes for payment requests. The first suggestion is to truncate the output of SHA256 to 128 bits, but it's pointed out that the length should be determined by the person generating the QR code. It's suggested that implementers experiment with different lengths to find the optimum balance between security and convenience, which could depend on the transaction amount. When asked what hash function he would recommend, a user suggests that the first x bits of a SHA256 sum are just as good as an equally secure hash function of that length. It’s also mentioned that SHA512/224 and SHA512/256 are defined in that way. The discussion goes on to talk about how much entropy is necessary for a bitcoin URI and various options for hashing functions, including SHA1, Murmur, and MD5. Finally, there is debate about whether or not QR code scanning can replace X.509 in establishing trust anchors, and whether signing with the key in the first part of the URI could avoid the need for a hash. However, it's noted that signing is more difficult than simply calculating a hash.
Updated on: 2023-06-09T02:32:12.550084+00:00