Author: Mark van Cuijk 2014-09-12 20:59:19
Published on: 2014-09-12T20:59:19+00:00
On September 12, 2014, a message was sent to bitcoin-development-request at lists.sourceforge.net which included a link to a discussion about truncating the output of sha256 to 128 bits. The author suggests leaving the length of the hash up to the person generating the QR code, with the client taking the hash prefix and making sure it is a strict prefix of the actual hash of the payment request. However, in doing so, it is important to include the length of the hash in the PaymentDetails/PaymentRequest to prevent a MITM attacker from truncating the hash to lower security.
Updated on: 2023-06-09T02:30:30.900011+00:00