Bitcoin Forum

This article, over a year old, presaged the recent revelations about NSA and its total war on privacy. The article mentions a "breakthrough" in code-breaking.

http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 (http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1)


Just wondering if anyone in the cryptographic community knows anything about this. Did they really discover something new or is this just journalistic hype?

I thought I read something about a breakthrough they had where they could emulate the entire range of SHA256 hashes. That was a really long time ago though. I probably misunderstood it though, as it was years ago.

the NSA released SHA256 according to wikipedia. The NSA never endorses anything that they can't themselves decrypt, ever.

Yes, I did read those bits. Basically, they might be able to decrypt data that's so old it uses smaller key sizes. But given what's been accomplished with bitcoin mining ASICs and 60 Ghash/sec performance, they just might hit the crypto-lottery every now and then. Too bad the combined hashing power of the bitcoin network makes their puny peta-flop machines look weak.

Think of the staff size of the NSA. Then think of the amount of people that have been working on SHA256 and TRYING to break it. Nobody has. Nobody has found a single leak, a single hole. Not even a hint. There isn't a way for them to decrypt it. Based off the way SHA256 works, you theoretically just cant.

http://www.wired.com/threatlevel/2012/03/nsa-denies-wired/

Just because they might not have the ability now, doesn't mean they're not planning to have it soon. http://www.dslreports.com/forum/r27012462-Wired-article-explains-NSA-decrypting-plans-new-facility

If all you need is a private key to import to a bitcoin wallet, why would the NSA bother "mining" bitcoins when they could just open up all the wallets in existence and send the contents to themselves or a black hole?

Ugh, the NSA is a rouge organization with attacks solely directed via boredom and pointless funding.

That's certainly a reasonable suspicion, but there are a lot of very smart crypto-mathematicians outside the NSA, too. Also it's a public algorithm. There aren't any secret places to hide code.

They don't have a monopoly on brainpower. I think if there was a vulnerability, it would have been discovered by now. But, maybe not. They're certainly not going to tell us, right? :)

and don't forget communism/socialism fear mongering.

IIf this were true, they would have just classified it and ATF would be knocking on the door of anyone using anything like it.

They wouldn't do that because it would tip their hand. One of the prime directives of a code-breaking organization is not to reveal your capabilities until it's really necessary and then ideally use the information in such a way that it does not reveal that you can do it.

Because the private key keyspace is so humongously large nobody/nothing can just cycle through it.

Rogue, rouge implies they wear makeup.  :D

Basically, if they wanted to stay on the down low, they could 51% attack the network for a short amount of time. Just short enough to reverse transactions they know they don't want to go through, then back off.

In fact I am surprised intelligent people work for them, because they must understand how revolting and broken that organization and its activity is. Well, there are always some souls that are disturbed beyond repair.

This wouldn't really do anything. The transactions would just be re-broadcasted, problem solved. You cannot "reverse" a transaction, you can only delay it by "removing" the block that contained it.

But you can't "quietly" launch a 51% attack. It would be patently obvious someone was attacking the network.

If that hack group Anonymous wanted to do anything right, they'd hack into this data center for spying on us and destroy it's software somehow.


Couldn't we detect that happened though?

The NSA is deplorable, and despite this level of intrusion many will do nothing about it. It's interesting this was released on a Friday in the US as many are not reading this sort of information. By Monday I wouldn't be surprised if this all blows over. Once again the US government has swept a major issue under the rug.

Come now, settle down everyone, no one is going to find your stash.

And no one remembered to mention DES? Shame on you for your limited historical scope.

That was my point, thank you Vlad.

NSA is unable to decrypt SHA256, because there is nothing to decrypt. Simply is no such thing. SHA256 has nothing to do with encryption whatsoever.

You seem to confuse encryption and decryption with hashing (which is just a checksum that works one-way by definition).



I doubt that very much. You know there are 2²⁵⁶ such hashes? See here:
https://i.imgur.com/DzSM78n.jpg (https://i.imgur.com/cVA0D.jpg) (click=large)
 
So if "emulate" means even as much as just counting them, then no.

Jace is correct in his assumption and statement. The NSA uses SHA256 hashes in its suite B protocols http://www.nsa.gov/ia/programs/suiteb_cryptography/ that are used for secure communications for other government agencies. It would be a terrible idea for any government agency to transmit information from a protocol that is known to be broken.

I am not aware of a good hash collision attack for SHA256 nor any work that introduces a significant flaw in the scheme.

That is true for algorithms they can put backdoors in (where it's obvious to everyone that it's possible the NSA could have done so because the constants are "magic"). But it is not true for public algorithms (like SHA256, RSA, and so on) where the constants have known derivations. If the NSA can break it, they know that other intelligence agencies can too, and they can't get the public to change algorithms often. US companies have the most valuable intelligence. Such a strategy would be most unwise.

Update: And what oakpacific said below me.

Seriously, get a clue, there is no such thing as "breaking" SHA256, other than quick collison finding, which will only affect address hashing(can be updated to something theoretically unbreakable), and most certainly it doesn't affect mining at all.(to quote Gavin, we would have been just fine using MD5).

But what about my rainbow tables.......

http://www.lexode.com/galerie/galerie/p/t/ptiteclo/113308897248.jpg

That's the whole point, it has nothing to do with all the easy collision-finding algorithms you can come up with.

Yes, they finally broke the CD-ROM tray of cryptographic computer using brute force attack.

Realistically they could with such datacenter:

1. Collect unencrypted communications from every source available and then run trough "intellignet" search to find communications that require closer attention by human spy piece of shit.

2. Have copy of certificate authority private keys to silently do MITM attacks with their own certificates. This might be that "breakthrough" article is about. Then feed the "encrypted and then decrypted" communications in step 1.

3. Collect and store everything about everyone to later blackmail persons of interest or to know who to send to death camp first. Stalin did that to his closest comrades, why capitalist pigs cannot do the same?

SHA-256 is a hashing algorithm, not an encryption algorithm.  The most you can do to compromise a hash is to find a way to create a hash collision, as happened with MD5 a while back.  While it's possible the NSA withheld such a method from release, that they released the algorithm as open source makes backdoors less feasible.

there is no freedom in the country of freedom