Bitmessage/PyBitmessage-2024-08-21
Archived
2
0
Fork 0
Code Issues 168 Pull Requests 53 Actions Packages Projects Releases 5 Wiki Activity

Move from SHA1 to SHA256 #953

New Issue
Open
opened 2017-02-24 23:52:18 +01:00 by kewde · 9 comments
kewde commented 2017-02-24 23:52:18 +01:00 (Migrated from github.com)
Copy Link

Recently the team at Google have found the first SHA1 collision,
the ECDSA signatures use SHA1 and most of the code for a switch to SHA256 is in the comments already.

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

  • allow signing with SHA256 for people who want to experiment
  • make all signatures SHA256
  • disable support for SHA1 verification
Recently the team at Google have found the first SHA1 collision, the ECDSA signatures use SHA1 and most of the code for a switch to SHA256 is in the comments already. https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html - [x] allow signing with SHA256 for people who want to experiment - [ ] make all signatures SHA256 - [ ] disable support for SHA1 verification
PeterSurda commented 2017-02-24 23:55:14 +01:00 (Migrated from github.com)
Copy Link

See here: https://www.reddit.com/r/bitmessage/comments/5vt3la/sha1_and_bitmessage/

See here: https://www.reddit.com/r/bitmessage/comments/5vt3la/sha1_and_bitmessage/
martinvahi commented 2017-03-09 03:40:23 +01:00 (Migrated from github.com)
Copy Link

A few related links:

http://www.shattered.io/

https://www.fossil-scm.org/fossil/doc/trunk/www/hashpolicy.wiki

https://github.com/cr-marcstevens/sha1collisiondetection

A few related links: http://www.shattered.io/ https://www.fossil-scm.org/fossil/doc/trunk/www/hashpolicy.wiki https://github.com/cr-marcstevens/sha1collisiondetection
g1itch commented 2017-03-11 14:36:24 +01:00 (Migrated from github.com)
Copy Link

Wouldn't this potentially make it possible to use the bitcoin ASICs to spam bitmessage?

Wouldn't this potentially make it possible to use the bitcoin ASICs to spam bitmessage?
kewde commented 2017-03-11 15:03:10 +01:00 (Migrated from github.com)
Copy Link

@g1itch I doubt it.
The ASICs operate under a very specific format that I doubt is applicable to BitMessage.

@g1itch I doubt it. The ASICs operate under a very specific format that I doubt is applicable to BitMessage.
PeterSurda commented 2017-03-11 15:07:44 +01:00 (Migrated from github.com)
Copy Link

@g1itch Bitmessage uses double SHA512 for PoW, so no. The SHA1 -> SHA256 migration is only for sender authentication.

@g1itch Bitmessage uses double SHA512 for PoW, so no. The SHA1 -> SHA256 migration is only for sender authentication.
😕 1
kewde commented 2017-09-13 23:20:39 +02:00 (Migrated from github.com)
Copy Link

Has there been any progress on this issue?

Has there been any progress on this issue?
👍 1
martinvahi commented 2017-09-14 10:43:37 +02:00 (Migrated from github.com)
Copy Link

Wouldn't this potentially make it possible to use the bitcoin ASICs to spam bitmessage?

The ASICs operate under a very specific format that I doubt is applicable to BitMessage.

If the ASIC's are implemented by using FPGAs, which might be the case to allow the same hardware, server park, to be reconfigured and reused for mining other cryptocoins after the Bitcoin "mine" has become "depleted enough", then the switch from one hash algorithm to another is not that big of an impediment for the server park owners.

> Wouldn't this potentially make it possible to use the bitcoin ASICs to spam bitmessage? > The ASICs operate under a very specific format that I doubt is applicable to BitMessage. If the ASIC's are implemented by using FPGAs, which might be the case to allow the same hardware, server park, to be reconfigured and reused for mining other cryptocoins after the Bitcoin "mine" has become "depleted enough", then the switch from one hash algorithm to another is not that big of an impediment for the server park owners.
PeterSurda commented 2017-09-14 10:49:52 +02:00 (Migrated from github.com)
Copy Link

@kewde You can specify that you want to send SHA256-hashed messages by specifying

digestalg = sha256

in the bitmessagemain section of keys.dat. The other steps outlined will progress as new releases are made.

@kewde You can specify that you want to send SHA256-hashed messages by specifying digestalg = sha256 in the bitmessagemain section of keys.dat. The other steps outlined will progress as new releases are made.
PeterSurda commented 2019-11-16 10:42:13 +01:00 (Migrated from github.com)
Copy Link

This probably should be expedited, it's been waiting for too long. I've been running with digestalg = sha256 for a long time and haven't had issues.

This probably should be expedited, it's been waiting for too long. I've been running with `digestalg = sha256` for a long time and haven't had issues.
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bug

Something isn't working as it's supposed to

  
build

Related to building or build system

  
dependencies

Pull requests that update a dependency file

  
developers

The issue is relevant mainly for developers rather than users

  
documentation

   
duplicate

   
enhancement

New feature

  
formatting

Code or UI text formatting

  
invalid

   
legal

   
mobile

Frontend for mobile devices (kivy)

  
obsolete

   
packaging

   
performance

   
protocol

Protocol change

  
question

   
refactoring

   
regression

Some issue, fixed in the past, appears again

  
security

   
test

   
translation

   
usability

   
wontfix
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
Milestone
Clear milestone
No items
No Milestone
v0.6.5
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2024-08-21#953
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?