0
I'm independently working my way through an excellent online course on bitcoin, made available from Stanford. (https://crypto.stanford.edu/cs251).
One of the problems in the homework challenges the student to create a scripSig that redeems an output locked with a simple SHA1 equality check:
Alice is on a backpacking trip and is worried about her devices containing private keys getting stolen. So she would like to store her bitcoins in such a way that they can be redeemed via knowledge of only a password. Accordingly, she stores them in the following ScriptPubKey address:
OP_SHA1 <0xeb271cbcc2340d0b0e6212903e29f22e578ff69b> OP_EQUAL
a. Write a ScriptSig script that will successfully redeem this transaction. [Hint: it should only be one line long.]
While I understand why this is a terrible way to go about storing your coins, I can't come up with a 1 line scriptSig to redeem the funds without knowing the pre-image.
Granted any relaying node could just redirect the transaction output to themselves, after you give up the pre-image, but that doesn't seem to be what is being asked.
The title of your question seems unrelated to the actual question (are you asking why it is insecure - something you answer yourself, or how to solve the homework problem)? – Pieter Wuille – 2017-08-28T19:20:07.580
I was interested in the 1 line solution to the problem, which I suspected would reveal a blind spot in my understanding of bitcoin's scripting language or the locking mechanism mechanism. Thanks for taking time to provide the answer. – biff pumpkin – 2017-08-28T21:09:12.363