I'm not an expert at all, but after a quick search BLAKE2s came up, for example?
Did BLAKE2 exist when Satoshi was coding Bitcoin? Also RIPEMD-160 wasn't "sponsored" by the US govt, was it?
Topic: "New address for each payment" is a logic bomb - page 5. (Read 9160 times)
Did BLAKE2 exist when Satoshi was coding Bitcoin? Also RIPEMD-160 wasn't "sponsored" by the US govt, was it?
So why take the risk of restraining the 256 bit key pairs to fit in a collision-more-likely 160 bit public address?
For security reason. If NSA knows how to reverse SHA-256, it may not know how to do the same with RIPEMD-160.
I can understand and agree with that, but there are other hash functions, it seems...
I'm not an expert at all, but after a quick search BLAKE2s came up, for example?
So why take the risk of restraining the 256 bit key pairs to fit in a collision-more-likely 160 bit public address?
For security reason. If NSA knows how to reverse SHA-256, it may not know how to do the same with RIPEMD-160.
I agree that public address should be a 256bit hash, too.
Why do we care about the size of the public base58 address, anyways?
It's either copied/pasted or QR-code-scanned, I'm pretty sure nobody ever typed-in an address char by char using a keyboard.
So why take the risk of restraining the 256 bit key pairs to fit in a collision-more-likely 160 bit public address?
Why do we care about the size of the public base58 address, anyways?
It's either copied/pasted or QR-code-scanned, I'm pretty sure nobody ever typed-in an address char by char using a keyboard.
So why take the risk of restraining the 256 bit key pairs to fit in a collision-more-likely 160 bit public address?
Media will be happy to publish articles with "Bitcoin completely broken" title...
They wouldn't be the first completely moronic, uninformed media attention Bitcoin has survived.
I'm not sure we should make technical decisions based on the moronic, uninformed opinions of, well, morons. Seems the current system is inevitably going to lead to some measurable problems, while the alternative leads to a nearly unmeasurable chance of a problem. Also, if that completely breaks Bitcoin, then the mere existence of brain wallets using bad passphrases is much more of a worry.
Maybe. As time passes probability of 51% attack goes to zero, while probability of collision attack goes to 100%.
We all know that Bitcoin will have to evolve or face technical obsolescence. We have no way to know *today* what changes will be correct in the future though. Bitcoin still uses a near optimum set of tradeoffs for today's technology because those decisions were made just a few years ago.Bring this up again in about eight years.
It's a PR attack.
You can launch a 51% attack just by expending more effort than all miners expend. Worrying about a PR attack that requires you to expend hundreds of times that effort is senseless.Maybe. As time passes probability of 51% attack goes to zero, while probability of collision attack goes to 100%.
It's a PR attack.
You can launch a 51% attack just by expending more effort than all miners expend. Worrying about a PR attack that requires you to expend hundreds of times that effort is senseless.
It's a PR attack. An attacker can even invest freshly printed millions dollars.
U can generate addresses much faster coz u don't need to know the private key. Pick any set of bytes and say it's a public key. 2^80 is not a big number.
If you don't know the private key, then there's no attack. But even so ..Quote
Edit:
2^80 == (2^10)^8 ~ 1000^8 == 10^24.
And now look at the hash rate of Bitcoin network.
Okay, it's 7 years with the full hashing power of all Bitcoin mining. And all such an attacker would have is an account that he himself had compromised. He'd be a long way from compromising anyone else's account. 2^80 == (2^10)^8 ~ 1000^8 == 10^24.
And now look at the hash rate of Bitcoin network.
But still, even if someone is generating billions of addresses a second for millions of years, the statistical odds are extremely low they would find a collision even under those circumstances. I'm not a math whiz or I'd show you the proof, but I know the calculations have been done many times before, and always check out.
U can generate addresses much faster coz u don't need to know the private key. Pick any set of bytes and say it's a public key. 2^80 is not a big number.
Edit:
2^80 == (2^10)^8 ~ 1000^8 == 10^24.
And now look at the hash rate of Bitcoin network.
I think the math works out that there's more Bitcoin addresses than there are atoms in the universe. Basically, it's been talked about many times, and it's nothing to worry about.
True, BUT there is still the possibility of a collision!
I think the math works out that there's more Bitcoin addresses than there are atoms in the universe. Basically, it's been talked about many times, and it's nothing to worry about.
U r talking about a case when u need to create a collision for one special address. Read http://en.wikipedia.org/wiki/Birthday_problem plz.
I think the math works out that there's more Bitcoin addresses than there are atoms in the universe. Basically, it's been talked about many times, and it's nothing to worry about.
U r talking about a case when u need to create a collision for one special address. Read http://en.wikipedia.org/wiki/Birthday_problem plz.
I think the math works out that there's more Bitcoin addresses than there are atoms in the universe. Basically, it's been talked about many times, and it's nothing to worry about.
As u know, each time u make a payment Satoshi's client generates a new address to send change to. He (or someone else) also advised to create a new address each time someone needs to receive a payment (for anonymity reason). Entropy of an address is 160 bits (due to RIPEMD-160 "compression"). Applying Birthday Paradox we get that when 2^80 addresses are created we will, likely, get a collision. This is not critical, coz "older" address will be empty, probably. But this can be used in black PR against Bitcoin. An adversary (who is generating addresses non-stop) will be able to show 2 different public keys with the same address. Media will be happy to publish articles with "Bitcoin completely broken" title...
Jump to: