Author: Wladimir 2014-09-13 08:53:34
Published on: 2014-09-13T08:53:34+00:00
In an email conversation between Mark van Cuijk and Wladimir, the importance of the length of a hash in PaymentDetails/PaymentRequest was discussed. Mark suggested that if the hash length is not included in the PaymentDetails/PaymentRequest, then a MITM attacker can easily truncate the hash to lower security. However, Wladimir argued that if an attacker can change the bitcoin: URI, this scheme is broken. The proposal aims to ensure that the payment request matches the URI, so if the URI is communicated through secure means, it authenticates the associated payment request even if fetched by insecure means such as http:...
Updated on: 2023-06-09T02:31:27.863707+00:00