Is it computationally feasible to find two transaction IDs with the same first 20 bytes?


I guess it depends on what you want to do with it. If for example you're using those 20 bytes as keys in a lookup table, then you should be fine as long as you remember you might get an occasional false positive so you always double check if it really is the transaction you were looking for. For that purpose less than 20 bytes is probably already enough.

If 20 bytes is everything that you store while throwing away everything else, and you make important decisions based only on those 20 bytes, then you might run into problems at some point.

Remember that it's not mere chance. If your application plays an important role and an attacker knows about your 20 bytes limitation, they might try to forge 2 conflicting transactions IDs to and crash your system or scam you out of some...

0 0

The following sets up the situation I had, using table variables.

DECLARE @Object_Table TABLE ( Id INT NOT NULL PRIMARY KEY ) DECLARE @Link_Table TABLE ( ObjectId INT NOT NULL, DataId INT NOT NULL ) DECLARE @Data_Table TABLE ( Id INT NOT NULL Identity(1,1), Data VARCHAR(50) NOT NULL ) -- create two objects '1' and '2' INSERT INTO @Object_Table (Id) VALUES (1) INSERT INTO @Object_Table (Id) VALUES (2) -- create some data INSERT INTO @Data_Table (Data) VALUES ('Data One') INSERT INTO @Data_Table (Data) VALUES ('Data Two') -- link all data to first object INSERT INTO @Link_Table (ObjectId, DataId) SELECT Objects.Id, Data.Id FROM @Object_Table AS Objects, @Data_Table AS Data WHERE Objects.Id = 1

Thanks to another answer that pointed me towards the OUTPUT clause I can demonstrate a solution:

-- now I want to copy the data from from object 1 to object 2 without looping INSERT INTO @Data_Table (Data) OUTPUT 2, INSERTED.Id INTO @Link_Table (ObjectId, DataId) SELECT...
0 0

If you’re reading this post I assume that like many others, you sent a bitcoin transaction and was kind of confused as to why it’s still listed as “unconfirmed” or “pending” after a few hours or so.

I mean Bitcoin transactions are supposed to be instant right?

In this post I want to try and explain in a very basic way how a Bitcoin transaction works and why the fee that you attach to each transaction has a crucial role in how long it will take the transaction to go through the network.

Here’s what happens when you send Bitcoins to someone

Whenever you send someone Bitcoins, the transaction goes through different computers running the Bitcoin protocol around the world that make sure the transaction is valid. Once the transaction is verified it then “waits” inside the Mempool (i.e. in some sort of a “limbo” state).

It’s basically waiting to be picked up by a Bitcoin miner and entered into a block of transaction on the Blockchain. Until it is picked...

0 0
0 0
0 0

It’s well known that SHA-1 is no longer considered a secure cryptographic hash function. Researchers now believe that finding a hash collision (two values that result in the same value when SHA-1 is applied) is inevitable and likely to happen in a matter of months. This poses a potential threat to trust on the web, as many websites use certificates that are digitally signed with algorithms that rely on SHA-1. Luckily for everyone, finding a hash collision is not enough to forge a digital certificate and break the trust model of the Internet.

We’ll explore how hash collisions have been used to forge digital signatures in the past. We’ll also discuss how certificate authorities can make this significantly harder for attackers in the future by including randomness in certificate serial numbers.

The Internet relies on trust. Whether it’s logging in to your bank or reading Reddit, HTTPS protects you by encrypting the data you exchange with a site and authenticating the...

0 0
0 0

I'm still struggling with this. Using the following config works to a point, I can authenticate with the API using just a token, I can authenticate with the MVC controllers using a cookie.

However I can still authenticate against the API with the cookie and I don't want to be able to do that, it means I have to handle XSRF somehow, I'd rather just use a token for API access.

If I call SuppressDefaultHostAuthentication on the API configuration it breaks all authentication for the API.

public void Configuration(IAppBuilder app) { var identityServerUri = ConfigurationManager.AppSettings[IdentityServerUrlKey]; var redirectUri = ConfigurationManager.AppSettings[RedirectUriKey]; identityServerUri = "https://b3ncr.auth:44340/identity"; redirectUri = "https://b3ncr.comms:44341/"; app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies" }); // Enable the application to use a cookie to store information for the signed...
0 0