Quote from: Red on July 25, 2010, 07:22:14 PM
Satoshi pointed out that my scenario still required the hash function to be broken. That is true, but I was surprised to learn how successful some have been with that. MD4 and MD5 are obvious examples. But work is well underway at colliding SHA-1 and siblings like SHA-256.
What they often don’t mention though is collision generating still takes a lot of CPU time.
If I figure out that Public Key 123456 generates Hash ABCD and Public Key 654321 also generates Hash ABCD I’m still left without the Private Key.
But from what you are saying, all I need is Public Key 654321 and I can spend coin pretending to be Public Key 123456.