Move from SHA1 to SHA256 #953
Labels
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
No Milestone
No project
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Bitmessage/PyBitmessage-2024-12-22#953
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Recently the team at Google have found the first SHA1 collision,
the ECDSA signatures use SHA1 and most of the code for a switch to SHA256 is in the comments already.
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
See here: https://www.reddit.com/r/bitmessage/comments/5vt3la/sha1_and_bitmessage/
A few related links:
http://www.shattered.io/
https://www.fossil-scm.org/fossil/doc/trunk/www/hashpolicy.wiki
https://github.com/cr-marcstevens/sha1collisiondetection
Wouldn't this potentially make it possible to use the bitcoin ASICs to spam bitmessage?
@g1itch I doubt it.
The ASICs operate under a very specific format that I doubt is applicable to BitMessage.
@g1itch Bitmessage uses double SHA512 for PoW, so no. The SHA1 -> SHA256 migration is only for sender authentication.
Has there been any progress on this issue?
If the ASIC's are implemented by using FPGAs, which might be the case to allow the same hardware, server park, to be reconfigured and reused for mining other cryptocoins after the Bitcoin "mine" has become "depleted enough", then the switch from one hash algorithm to another is not that big of an impediment for the server park owners.
@kewde You can specify that you want to send SHA256-hashed messages by specifying
in the bitmessagemain section of keys.dat. The other steps outlined will progress as new releases are made.
This probably should be expedited, it's been waiting for too long. I've been running with
digestalg = sha256
for a long time and haven't had issues.