On Wed, 31 Oct 2018 12:03:38 +0100 Daniele Duca wrote: > Hello everyone, > > as said some days ago I started a DNSBL based on abused/malign BTC > addresses. This list is queried by an SA plugin that takes the md5 > hash (I know, outdated algorithm, but good enough for this purpose > IMHO)
As I pointed out before hashing isn't needed to avoid FPs on case insensitive matches, and it does make things less transparent in debugging. These addresses contain a 160 bit hash of the public key and a 256 bit validity hash. When you convert an alphanumeric string to lower case you only lose about 13% of the entropy, so the probability that two valid and distinct addresses have a case insensitive match is approximately: 1 in 2^360 compare that with the probability of the same md5 hash value: 1 in 2^128 and the probability that two wallets have the same address: 1 in 2^160 With email address lookups the main reason for hashing was privacy, but that obviously doesn't apply here.
