Bitcoin Forum

Do you guys think SHA256 obsolete and is it enough to guarantee security?

SHA256 is used on almost everything that you use in your daily life that includes your credit card transactions or your bank account's password. The whole world would collapse if SHA256 wasn't safe enough. In the future this might change but for now It is as safe as it gets.

Why do you think that? There are no collisions reported against SHA256 and its 2^256 output space is far too large for any kind of brute force or specialized search methods.

It's too secure. The number 2²⁵⁶ may not say much, but an example I had seen on a video might give you a taste.

2²⁵⁶ is 2³² multiplied with itself 8 times. To round things up, let's just use 4,000,000,000⁸. A GPU can calculate a little less than 1 billion hashes, but let's assume that you've bought enough and have crammed your computer with them to achieve the 4 billion hashes per second.

So the first 4 billion will represent the hashes per second per computer.


The next 4 Billion would be the total computers like the one above. Google owns some millions of servers that are much less powerful than that computer, but let's say that they replaced them all with a machine like this, referenced as KiloGoogle. Four billion machines would mean about a thousand copies of Google's possession.


There are around 8 billion people one Earth. Picture half of them owning a KiloGoogle.


Imagine that on our Milky Way, there were 4 billion copies of the Earth where half people on each Earth had their personal KiloGoogle.


Let's assume the existence of 4 billion Milky Ways with these characteristics. We've now reached 2¹⁶⁰ per second.


Four billion seconds are around 126 years and if you also multiply that with 4 billion, you get 507 billion years, which is about 37 times the age of the universe.

---

So even if 4 billion people used their KiloGoogle on 4 billion different Earths of 4 billion different Milky Ways, it'd take 507 billion years to cover the 1/4,000,000,000 of the total hashes. I think it's secure.

[Link for the video: How secure is 256 bit security? (https://www.youtube.com/watch?v=S9JGmA5_unY)]

to say SHA256 is secure by only focusing on its digest size is a bit misleading because the security of it mainly comes from its algorithm being secure.

to give you an example SHA1 is not insecure because of it's 160 bit size (otherwise RIPEMD160 would have also been insecure) but instead it is unsafe because of its weak algorithm that could be exploited for certain attacks.

SHA256 is the same. being 256-bit is part of the reason for its security but also its algorithm is secure.

Not really. SHA256 isn't used in everything; for example, passwords usually uses some KDF to provide some resistance against bruteforcing. In comparison, if we figure out P = NP, the cryptography and possibly most things on earth will fail. Not really related to topic but just a nice tidbit.

Anyways, the nature of how Bitcoin uses SHA256 makes the issue not as serious as it seems. The possibility of collision or preimage attack would introduce forks by blocks or TXID with different content but same hash, tricking people into signing unintended transactions, etc. SHA256 is strong as it is currently, the complexity for something like this is still out of reach.

"Any headline that ends in a question mark can be answered by the word no." -- Ian Betteridge (https://en.wikipedia.org/wiki/Betteridge%27s_law_of_headlines)