[hashcash] Re: Improvements of SHA-1 attacks

• From: Jonathan Morton <chromi@xxxxxxxxxxxxxxxxxxxxx>
• To: hashcash@xxxxxxxxxxxxx
• Date: Wed, 17 Aug 2005 13:35:46 +0100

This does not affect hashcash, because contrary to some descriptions,
hashcash is not based on hash collisions. Technically it is based on
partial preimages of zero. No attacks are known to speed up searching
for such values with SHA-1. The brute force search that hashcash depends
on is still the best you can do.

The only effect might be if people begin to perceive SHA-1 as "broken"
then they might mistakenly mistrust hashcash.

In any case, it is reasonably easy to fix by redefining the token relative to SHA-256 or similar. I don't mind re-doing the relevant optimisations for that case - in fact, I think SHA-256 has a structure that's slightly more compiler-friendly with respect to heavily optimised implementations, though these would still consume slightly more CPU time per bit than SHA-1.

The question is whether to make that move sooner or later?

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi@xxxxxxxxxxxxxxxxxxxxx
website:  http://www.chromatix.uklinux.net/
tagline:  The key to knowledge is not to rely on people to teach you it.

• Follow-Ups:
  • [hashcash] Re: Improvements of SHA-1 attacks
    • From: Adam Back

• References:
  • [hashcash] Improvements of SHA-1 attacks
    • From: "Hal Finney"

Other related posts:

• » [hashcash] Improvements of SHA-1 attacks
• » [hashcash] Re: Improvements of SHA-1 attacks
• » [hashcash] Re: Improvements of SHA-1 attacks

1. Home
2. hashcash
3. Archive
4. 08-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---