Very nice. another reason why I love open source
As I understand it then, and please correct me if I’m wrong
Since the hash of the public key is smaller than the actual public key itself, one need only find a collision that matches the hash and when that collision is found you’ll know the public/private key combo. Then you simply spend coin using the known ones and the other clients will think it’s a valid transfer because the clients are only concerned that your hash matches the hash of the victim and the transaction is recorded for all time.
Currently the hash is 35 characters long, alpha-numeric 26 (upper case) +26 (lower case) +10 (numbers) = 62 possible per character So we have 541,638,008,296,341,754,635,824,011,376,225,346,986,572,413,939,634,062,667,808,768 possible combinations.
So I think we have about half of much work to do compared to going brute force against the main private/public key. Never hurts to plan for the future Wink