Add warning about the merkle-tree algorithm duplicate txid flaw #4952

pull petertodd wants to merge 1 commits into bitcoin:master from petertodd:build-merkle-tree-warning changing 1 files +7 −0
  1. petertodd commented at 4:35 PM on September 20, 2014: contributor

    Lots of people read the Bitcoin Core codebase to learn more about crypto; better to warn about flaws explicitly so they don't blindly copy the code for other uses and create broken systems.

    Example: https://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg06219.html

  2. jgarzik commented at 4:44 PM on September 20, 2014: contributor

    Does not meet stated newbie education goal. IMO "serious flaw related to duplicate txids" is not explicit enough.

  3. petertodd commented at 4:50 PM on September 20, 2014: contributor

    @jgarzik I didn't want to educate in the comment itself; I wanted to warn people there was a problem and give them just enough info to learn more. The BIP's themselves are the appropriate place to the in-depth discussion IMO.

  4. sipa commented at 5:11 PM on September 20, 2014: member

    BIP30/34 have nothing to do with the double-hash-merkle-tree weirdness. The latter was fixed by considering blocks with duplicate txids as if their merkle root was invalid. BIP30/34 were about preventing (u)txo entries from being overwritten.

  5. Add warning about the merkle-tree algorithm duplicate txid flaw
    Lots of people read the Bitcoin Core codebase to learn more about
crypto; better to warn about flaws explicitly so they don't blindly copy
the code for other uses and create broken systems.
    01c28073ba
  6. petertodd force-pushed on Sep 20, 2014
  7. petertodd commented at 5:25 PM on September 20, 2014: contributor

    @sipa Yup, you're right.

    Changed language to reference the exploit instead - exploits are better pedagogy too.

  8. sipa commented at 5:26 PM on September 20, 2014: member

    ACK

  9. BitcoinPullTester commented at 5:38 PM on September 20, 2014: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/p4952_01c28073ba2cae5a53124c7dc7123240b98513ce/ for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  10. laanwj commented at 7:03 AM on September 22, 2014: member

    Untested ACK

  11. laanwj merged this on Sep 22, 2014
  12. laanwj closed this on Sep 22, 2014
  13. laanwj referenced this in commit 5547f08ec7 on Sep 22, 2014
  14. petertodd deleted the branch on Sep 22, 2014
  15. DrahtBot locked this on Sep 8, 2021
Contributors
petertoddjgarziksipaBitcoinPullTesterlaanwj
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-17 12:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me