I always worry about the security impact of serializing like this.
If my data was "10" and the index was "110", can I just claim the data was "101" and the index was "10" and have the blockchain assert my statement is correct?
Or in other words, can I claim to own 91 more dollars than I should?
Depending upon the types of "timestamp", "data", "index", and "previousHash", the value, "timestamp+data+index+previousHash", may be interpreted as a number or a string, affecting the final hash.
FYI: Big fan of building your own blockchains (learn by doing), thus, I've started to collect starter blockchains (in 20 lines of JavaScript, Python, Ruby, ...) and articles (like BrewChain) over at the Awesome Blockchains page [1]. Anything missing? Contributions welcome. Happy blockchaining.
[1]: https://github.com/openblockchains/awesome-blockchains
12 comments
[ 5.1 ms ] story [ 34.1 ms ] threadhttps://github.com/lhartikk/naivechain
https://github.com/LiskHQ/lisk
https://coinmarketcap.com/currencies/lisk/
https://lisk.io/
If my data was "10" and the index was "110", can I just claim the data was "101" and the index was "10" and have the blockchain assert my statement is correct?
Or in other words, can I claim to own 91 more dollars than I should?
I don't have an immediate reference, but I've seen this situation addressed in may tutorials concerning properly salting passwords.
The general rule of thumb is to not serialize and hash data this way precisely because of the risk of collision that you have outlined.
I believe that something more along the lines of
though, that isn't a complete fix.Depending upon the types of "timestamp", "data", "index", and "previousHash", the value, "timestamp+data+index+previousHash", may be interpreted as a number or a string, affecting the final hash.
Splitting it up prevents this uncertainty.