Security/SA-1
Overview
Date: 2020.10.30 Severity: minor Description: ECDSA signing using SHA1 hash
Transaction signing for ECDSA uses SHA1 hash. This means, signed data is first hashed with SHA-1 and then the output of that hash is signed with ECDSA. SHA-1 is no longer considered a cryptographically secure hash algorithm. This is not considered a best practice of in fact something we picked. It is an oversight that we weren't using a stronger hash in the signing process. However, the impact is very low. See #Impact section.
The ECDSA signing is the default for seed type wallets or old wallets before seed support was added to the clients.
Suggested User Actions
None
Impact
Developer Actions
Regardless of this being very minor, we should fix it anyways. There are two main ways we can address this:
- Introduce new signature types to replace current ECDSA and ECDSA_Compressed. This will involve a breaking protocol change (and associated SIP vote) and wallets having new addresses with the new signing type.
- Add a signature mode field to the SignatureEntry protobuf. This will also involve a breaking protocol change (and associated SIP vote) but as it would not change the SigSpecs, the addresses wouldn't change avoiding a lot of confusion. The software will just consider lacking the flag to the old mode, SHA1 signatures. And if present the field can specify SHA256 hashes (or even SHA3 if we want).
Option 2 seems to be the clear winner.