From Open Transactions
Jump to navigation Jump to search

Samy Kamkar (of MySpace fame, for his Samy worm) suggested that the message digest algorithm should be a combination of 2 separate algorithms, XOR'd together, so that when the time inevitably comes that one of them is compromised, the system is still secure and a new one can be swapped in.

Samy's website is: ""

The SAMY hash in this implementation is:

  1. Run the plaintext through WHIRLPOOL (which has a 512 bit output.)
  2. Run the plaintext through SHA-512 (same output size.)
  3. XOR the two outputs together.

Open Transactions should still be able to read and process the other message digest algorithms, should a contract be signed with one. But the SAMY hash is the default hash algorithm.

The SAMY hash, being the default behavior of OTIdentifier, is also the source of all of the IDs in OpenTransactions. All IDs are 512 bit and though they might appear unwieldy, consider these two points: (a) You can just double click it and the entire ID will be selected perfectly every time. (b) The actual user will probably not see the ID, or see it rarely, because he will be protected from such ugliness by a nice, attractive, client GUI for his favorite platform. Perhaps you will help to create that GUI.