Good morning Thomas, > So I think the question to ask would be "why can't we just make sure it's not > 64?"
If we accept a 60-byte tx, then SHA-256 will pad it to 64 bytes, and it may still be possible to mount CVE-2017-12842 attack with 32-bits of work. Of course some other details will be changed from the standard SHA-256 in mounting this attack, but from my poor understanding it seems safer to just avoid the area around length 64. It *might* be safe to accept 65-byte or larger (but do not believe me, I only play a cryptographer on the Internet), but that does not help your specific application, which uses 60 byte tx. Regards, ZmnSCPxj > > On Sat, May 23, 2020 at 11:24 AM Greg Sanders <gsander...@gmail.com> wrote: > > > AFAIU the number was picked to protect against CVE-2017-12842 covertly. > > See: https://github.com/bitcoin/bitcoin/pull/16885 which updated the text > > to explicitly mention this fact. > > > > On Sat, May 23, 2020 at 11:20 AM Thomas Voegtlin via bitcoin-dev > > <email@example.com> wrote: > > > > > Hello list, > > > > > > I have been trying to CPFP a transaction using OP_RETURN, because the > > > remaining output value would have been lower than the dust threshold. > > > > > > The scriptPubkey of the output was OP_RETURN + OP_0, and there was a > > > single p2wsh input. > > > > > > The result is a 60 bytes transaction (without witness), that gets > > > rejected because it is lower than MIN_STANDARD_TX_NONWITNESS_SIZE, which > > > is equal to 82 bytes. > > > > > > Why is that value so high? Would it make sense to lower it to 60? > > > > > > Thomas > > > _______________________________________________ > > > bitcoin-dev mailing list > > > firstname.lastname@example.org > > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev _______________________________________________ bitcoin-dev mailing list email@example.com https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev