1. 8

  2. 3

    The author seems to think that second preimage attack and collission attack are the same. They’re not.

    Second preimage attack: Given a hash function H and an input X find Y so that H(X)=H(Y) and X!=Y.

    Collission attack: Given only a hash function find X, Y so that H(X) = H(Y).

    This is a major difference. There are plenty of hash functions that are vulnerable to the second, but not the first (most notably MD5, SHA1).

    1. 1

      My bad, thank you for pointing that out! I’ll update the post.

    2. 2

      Is the birthday paradox correct in this case? We’re not looking for any two coins the same colour, we’re looking for a coin the same colour as the one we already have?

      1. 2

        I think you’re right. The current metaphor describes a second preimage attack. I’ll update the post. Thank you.

      2. 1

        Nice post Jeff.

        2^256 is about 10^77, which happens to be an estimate for the number of atoms in the universe.

        I really like your blog layout. Have you published the code?

        1. 1

          Thanks! It’s using this Hugo theme https://github.com/htr3n/hyde-hyde with some tiny modifications.