Bitcoin Forum
March 19, 2024, 08:12:10 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 ... 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 [265] 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 ... 800 »
5281  Bitcoin / Development & Technical Discussion / Re: SHA-2* family maybe broken in several years. on: July 30, 2013, 09:59:05 PM
if sha-2 had to be replaced with something else, would that make any ASICs operating at that point in time obsolete?  hashing power would plummet?

It depends.  If the POW algorithm is replaced, they would become instant paperweights.   However if SHA-1 is any indication it is very likely that any cryptographic weakness will take years to develop.  It will be interesting to see how that plays out as there likely will be alarmist who want to change instantly no matter the cost.  This could actually reduce security as it would overnight obsolete a massive amount of hashing power.  On the other hands large ASIC owners will likely want to drag out any transition possibly longer than would be safe.

A more likely scenario is that SHA-2 becomes cryptographically weak but that weakness has no relevance in mining.  Remember though that SHA-2 is used in the creation of addresses and a preimage vulnerability here could allow theft of funds.  If SHA-2 is weakened it would be prudent to design new address types which doesn't use SHA-2.  The timeline could be measured in months if not years but users a plan forward would be to allow users to transfer funds from existing "version1" addresses to some new more secure "version 2" addresses.
5282  Bitcoin / Development & Technical Discussion / Re: SHA-2* family maybe broken in several years. on: July 30, 2013, 09:47:15 PM
The chart is correct, it just doesn't apply to us.

I get that but the chart is STILL incorrect.  There is no known weakness of SHA-2.  Period.  There is a known weakness against an algorithm (not used by anyone anywhere for any purpose) which is similar to SHA-2 except it uses 42 rounds instead of 64.

That is the criteria for getting marked "weak".  When it progresses to an actual weakness against a full-round version, they call it "broken".

This is the standard progression of academic cryptanalysis.  Ponder MD5.

No it isn't not in any official capacity.  Maybe this user (and you) have recoined the term "weak" to mean any derivitive function has greater than brute force efficiency but no standards body uses that alternative definition.  Please link to a single cite by any reputable cryptographer or recognized body which defines SHA-2 as cryptographically weak/weakened.

I am well aware of the history of MD5.   SHA-1 is a better example.  It is considered cryptographically weak because there is a theoretical attack possible on the full algorithm , it is theoretically possible to produce a SHA-1 collision with "only" 2^61 operations, vs the 2^80 required for a brute force search.  Still it is important to point out that at this point no SHA-1 collision (in any system, under any conditions) has ever been found/reported.  However that vulnerability was sufficient in 2004 for NIST (and other standards bodies) to deprecate SHA-1 in favor of SHA-2 and other algorithms. If Bitcoin used SHA-1 it likely would be safe in the short term (as 2^61 operations is still a staggering amount of computing power) but since SHA-1 is genuinely weakened it would be prudent for developers to consider a transition plan to SHA-2 or some other secure algorithm.
5283  Bitcoin / Development & Technical Discussion / Re: SHA-2* family maybe broken in several years. on: July 30, 2013, 09:28:55 PM
The chart is correct, it just doesn't apply to us.  ... He is concerned with compare-by-hash, as it applies to identifiers for arbitrary data.

I get that but the chart is STILL incorrect.  There is no known weakness of SHA-2.  Period.  There is a known weakness against an algorithm (not used by anyone anywhere for any purpose) which is similar to SHA-2 except it uses 42 rounds instead of 64.  Had SHA-2 used 42 rounds it would indeed be weakened but it does not.  Even given infinite energy and time the weakness can no be used to produce a preimage of a SHA-2.  

The only method of preimage of an SHA-2 hash is pure brute force requiring 2^256 operations.
The only merhod of collision of a SHA-2 hash is pure brute force requiring 2^128 operations.

As these are the maximum possible based on the hash length it by definition not "weakened".  The amount of operations required to attack an SHA-2 hash are exactly the same as they day the algorithm was created and exactly the same as any other 256 bit hash that has no known weaknesses.

Quote
So yes, if you are making systems that provide absolutely no security beyond the hash, his chart is exactly right and you should really be thinking about SHA3.

No you shouldn't as there is no weakness of SHA-2 at this time and SHA-3 has insufficient real world crypto-analysis.  This is why NIST currently prohibits (as in it is criminal charge) for using SHA-3 in classified systems.  The only authorized cryptographic hash for use in classified systems is SHA-2.  Eventually SHA-3 will be allowed and possibly sometime in the future if/when SHA-2 develops a known weakness SHA-2 will be deprecated but that day isn't today and it might not be for decades (if ever).

The chart is absolutely incorrect and such a simple mistake indicates a lack of entry level knowledge by the author.  Please provide a cite from a reputable cryptography advising anyone for any production system for any purpose to dump SHA-2 in favor of the significantly less vetted SHA-3 TODAY.

Lastly I would point out that while the "winner" of SHA-3 has been decided this doesn't mean the final SHA-3 algorithm will be bit for bit identical to the candiate algorithm which won.  NIST has not published the SHA-3 specification and based on internal reviews it is possible NIST will make tweaks to the algorithm before releasing the finalized spec.  Anyone claiming to implement SHA-3 is more accurately implementing the " Keccak" algorithm or "SHA-3 draft".  Implementing so called "SHA-3" today runs the risk that your implementation will NOT be the standard and thus in the future when there is SHA-3 hardware acceleration it will NOT apply to your similar yet incompatible implementation.


TL/DR: the chart is wrong for all usages in all scenarios.
5284  Bitcoin / Development & Technical Discussion / Re: SHA-2* family maybe broken in several years. on: July 30, 2013, 04:32:21 PM
Other academic weaknesses are common in hashing algorithms.  These weaknesses often propose methods of slightly shortening an all-out bruteforce attack on the alrogithm.  Current, meet-in-the-middle preimage attacks exist against SHA-2 - these show that the first x number of steps can be preimaged, and reduce the work required to compute a hash.  The best attack so far reduces SHA-256 to 42 steps (about 66% of the total 64 steps), but requires significant memory and disk resources to achieve this minimal reduction. (attacks reference: http://eprint.iacr.org/2009/477.pdf http://eprint.iacr.org/2009/479.pdf) IMO, so far, no publication about SHA-2 has shown anything that would cause real worry about the algorithm's security for bitcoin's purposes.

None of this really matters to bitcoin's use of SHA-256 for Proof of Work.  Unless SHA-2 is completely broken with a way to reliably generate data with a given hash, any further weaknesses are unlikely to affect it's usefulness for PoW.  Future vulerabilities may make SHA-2 based hashing algorithms a poor choise for password hashing and data signing, but are unlikely to break it in a way that damages its effectiveness as bitcoin uses the algorithm.

This is technically incorrect.

The 256 bit version of SHA-2 uses 64 rounds of operations.

The "weakness" cited above only applies to a non-exist "version" of SHA-2 which uses 42 rounds.  It takes 2^251 operations to achieve a pre-image collision as opposed to 2^256 by brute force.

Two things are important to note
1) This only applies IF SHA-2 uses 42 rounds (which it doesn't it uses 64 rounds for 256 bit version and 80 rounds for 512 bit version)
2) Even so it requires 2^251 operations (vs 2^256) which makes it 32x as efficient as brute force attack.
3) Merely counting to 2^266 requires many billions times more energy than is available in the lifespan of our star.  This attack vector at best reduces the energy requirements to many tens of millions times more energy than is available in the lifespan of our star.

I agree with you the site mislabels SHA-2 however it isn't even a "minor weakness" at this point it is more like "an academical curiosity which doesn't apply to the real SHA-2 and even if it did would require more energy than what is available to the human race to complete an attack" category. 
5285  Bitcoin / Development & Technical Discussion / Re: SHA-2* family maybe broken in several years. on: July 30, 2013, 04:24:24 PM
The site has a lot of factual errors.  SHA-2 has not been weakened.  Reduced round version of SHA-2 have been weakened, which at this point means absolutely nothing unless Bitcoin used a modified reduced round version of SHA-2.

At the current time only SHA-2 not SHA-3 is approved by NIST for use on classified (SECRET & TOP SECRET) systems.  At this point there is no known attack vector against SHA-2 which is why the algorithm chosen for SHA-3 is radically different.  Today SHA-3 is merely an insurance policy.
5286  Bitcoin / Development & Technical Discussion / Re: Cancelling unconfirmed transactions on: July 30, 2013, 04:14:16 PM
Bloody client program holds my funds neither bouncing them back nor pushing to the network acting as The Dog in the Manger. Which part of this is good for the network?

It does rebroadcast just not at a rate which would be seen as a denial of service attack.
5287  Alternate cryptocurrencies / Altcoin Discussion / Re: [NUG] - Nugget Bounty Thread on: July 30, 2013, 04:11:56 PM
The good news is that the creator may be getting a job as a janitor soon which means he can pay for significantly more broken development in the future.  I hope for the sake of NUG his salary is a form of God's numbers.
5288  Bitcoin / Hardware / Re: KNC ROI Figures on: July 30, 2013, 06:26:07 AM
The amusing thing is that people keep shouting out, "It'll never make ROI," based on the assumption that the hashrate can continue its exponential increase in computational power at several fold the rate of Moore's law (never mind anything else) and that the price of Bitcoin will always stay the same.

Forever?  No but in the short term it is fairly easy.

Miners tend to be pretty stupid when it comes to ROI% on capital costs so the difficulty tends to track the average electrical effeciency and exchange rate.  Assuming exchange rate remains the same we are talking on average a 150:1 improvement in electrical efficiency.  That means the watts per block and thus electrical cost per block falling by 1/150.  The network could easily suppport difficulty rising to 2-3 billion.  So yeah it can rise 60% a month for some time before reaching a new equilibrium due to higher efficiency.  
5289  Bitcoin / Press / Re: 2013-07-28 Aftenposten.no: Slik Road has doubled since 2012 on: July 30, 2013, 02:49:32 AM
So it looks like "reverse stings" are legal, but the buyers can get away with it with a pretty lame excuse (the lawyer argued that since the police never intended for the buyers to get away, they were never in possession).

http://www.kpho.com/story/22102426/police-reverse-sting-operations-under-scrutiny-by-az-supreme-court

Also, I know in the state of Maryland and I think Virginia as well, the cops will not sell real drugs. Because buying fake drugs with the intent to distribute as if they were real is illegal, they do this instead.

Finally, trying to sell drugs through an anonymous market would be pointless, as they can't prove that it was the recipient of the package who placed the order. Plus, it seems counterintuitive to distribute drugs to stop distributors...

The risk is likely low but it isn't zero.  Receiving the drugs would likely be sufficient evidence to get a search warrant for home and computers.  How many drug users have 0 (as in passes a CSI inspection) evidence of drug use in their home.  Home many bitcoin users are so perfect in their security that no evidence of bitcoin transactions can be found.  If you graphed these two populations how often would they intersect.

Most people are "safe" because Police are more interested in major dealers not end users and such stings would be expensive and manpower intensive for little gain.  However potential users shouldn't confuse Police "not" doing something with an "inability" to do something.
5290  Alternate cryptocurrencies / Altcoin Discussion / Re: Supposed ASIC Scrypt Miner | Scrypt ASIC International on: July 29, 2013, 11:24:40 PM
I just got an email back from them, they have added a forum section now to answer any questions, of which I have loads.

They even have a project running of a miner that can mine scrypt but then with a push of a button mine SHA-256.

This could be just a wind up but if it true this could change a lot of things.

I mean if that wanted to scam, wouldn't they be asking for money right now?

I am tempted to throw some Bitcoins at it and see what happens, its only Bitcoins a few Bitcoins after all.

A Scrypt ASIC chip cannot just magically switch to SHA and vice versa, this company is telling porky pies, don't send them any money. Bitcoins are valuable why waste them on something as unprofessional and scammy as this dog and pony show.

Yeah that idiotic statement reduced the chance of it being legit from 0.0001% to 0.0000% even.  No sense in even wasting time.
5291  Alternate cryptocurrencies / Altcoin Discussion / Re: Miner's Official Coin LAUNCH - NUGGETS (NUGs) on: July 29, 2013, 08:53:38 PM
No doubt some bankers make a lot but that is hardly the claim that EVERYONE with an MBA makes $250K.  Case in point you are currently making nothing. Imagine that.  I would point out that unemployment in the IT sector is about 3%.  Why?  Oh yeah because developers, network engineers, database architects, etc are indispensible.  Any company which fired their IT staff would no longer exist in a few months.

According to Salary average salary for application programmers in CA is $94,000 with 25% making more than $108K.  BTW less than 1% of application developers have a PhD, so yes that means it is a statistical impossibility for most of the high paid (say top 10%) programmers to have doctorates.  Some of those filthy programmers making six figures have lowly bachelors degrees and in some cases ... <GASP> no degree at all.   The horrors.

http://swz.salary.com/salarywizard/Applications-Programmer-Salary-Details-San-Jose-CA.aspx?&hdcbxbonuse=off&isshowpiechart=false&isshowjobchart=false&isshowsalarydetailcharts=true&isshownextsteps=true&isshowcompanyfct=true&isshowaboutyou=true

As for as every MBA making $250K the second they get their degree.  That has never been true and certainly isn't now.
http://www.businessweek.com/articles/2013-05-23/mba-salary-expectations-sober-reckoning-or-wishful-thinking

Salary expections for MBA drops 10% to $113K.


So simple version you are not right (but you should be used to it by now).
5292  Alternate cryptocurrencies / Altcoin Discussion / Re: Miner's Official Coin LAUNCH - NUGGETS (NUGs) on: July 29, 2013, 08:17:38 PM
Incorrect, programmers can be bought from India for /10th the price and or course they'll pay Americsn programmers their $70K, that's not big money.  An MBA grad starts at $250K, plus bonuses, this is a fact.

Experienced programmers make a lot more than $70K.  There are very few software developers with PhD.  That is just your nonsense that Phd = better.  I have worked for a lot of senior project developers and none had PhDs.  One might have had a masters but honestly nobody cared.  What matters is experience solving real world problems none of which is learned in college.

Quote
And no, it's not the programmers that make the big money as far as coding - it's the PhD physicists and mathematicians who then fell the programmers what models and programs to build and these are called black boxes which do high frequency trading which do in fact are responsive for a huge % of the trading activity and they make lots if money, but the bulk of the money, the big money is still made by traders, economists, heads if hedge finds, etc because a black box can't predict the future I'd see a good buy it simply trades in milliseconds based on a preprogrammed trend or news and it simply beats the human reaction time.

Once again I actually worked on statistical models for risk analysis and nobody on our team had a PhD.  None.  Models that were used in the pricing of tens of billions of dollars in distress assets.  A half dozen computer science professionals (db engineers, developers, project managers) and a few statisticans no PhD.  

Then again this is like a chef explaining to a guy who ate a hamburger once how culinary arts works.   As for every MBA making $250K starting well that is just silly.  Then again how much are you making on unemployment?  My guess is less than $250K.
5293  Other / Beginners & Help / Re: BTC Inflation? on: July 29, 2013, 05:15:17 PM

Naa, it may be not exactly the same, that's right. But I own still 1 Bitcoin after I spent it for a share. This Bitcoin has a double-usage: For the company to buy things like asics, and for me as a sleeping money ...

No you no longer own 1 Bitcoin, you own a share in a company and while it may have the same value as 1 Bitcoin, it isn't a Bitcoin.  If you spent 400 Bitcoins and bought a car would you also say you still own 400 Bitcoins?  You may have a car and that car may be worth 400 Bitcoins (today) but it isn't 400 Bitcoins.  The money supply hasn't inflated, money was simply transfered.

A transfer of wealth is never inflationary. 
5294  Other / Beginners & Help / Re: BTC Inflation? on: July 29, 2013, 04:44:58 PM
If bitcoins are unregulated, this means that bitcoins are constantly circulating right?  It's not like government money that is constantly tossed while new crisp bills are being made.  Eventually this means that there will be so many bitcoins as they get mined that a single bitcoin will have nearly no value, right?  Or am I missing something?

You couldn't have it more wrong.

Money circulating doesn't create new money. If I have one Bitcoin and I spend it with you, now you have one Bitcoin and I have none. There is no increase in the number of Bitcoins.

Ah, crazy-hazy-money-economics! If I invest one btc in a miner's company, I still own one BTC, but the miner's company also owns one btc ... it's the same with the banks: I give some sum on my account, the bank lends it to another bank, this to a customer, the customer to a friend and so on ... officially the sum remains the same, but for the use of it it's rising.



Yeah no that isn't the case.  You no longer have 1 BTC. You have 1 share of a company which have different valuation, liquidity, and counterparty risk as an ACTUAL BTC. 

In fractional reserve banking when you deposit $x and the bank loans out $0.9x both "monies" are functionally identical.  They all shares the same counterparty risk, the same liquidity, the same valuation.  No store is going to say "hey is this dollar bill the product of a loan deposit or is it unencumbered".   Name me one BTC merchant which accepts shares of mining companies as a equivalence for BTC.  I will wait.
5295  Bitcoin / Press / Re: 2013-07-28 Aftenposten.no: Slik Road has doubled since 2012 on: July 29, 2013, 04:39:41 PM
This article is very interesting. In particular, the small section about the site "Atlantis" peaked my interest. Could it really be the police? Are the police allowed to sell drugs? I thought that they could only pretend to be interested in buying them in order to catch dealers.

At least in the US the courts have found that the police can use deception, lies, trickery, etc to catch criminals.  Undercover police officers pose as prostitutes so posing as a drug dealer wouldn't be materially different.
5296  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] GAS Coin is now dead. r3wt snuck in a premine and scammed the community on: July 29, 2013, 04:35:28 PM
Is there any reason you guys don't just use an existing coin, that already has an established userbase and secure network, to trade for gas cards?

Because obviously fungibility of a currency is a stupid idea.  I mean it makes so much sense to have SexCoin for buying sex, and GameCoin for buying games, and Casino coin for buying Casino chips, and GoldCoin for buying Gold, and WeedCoin for buying Weed (I guess so you can ruin your neighbors lawn), and GasCoin for buying Gas.  A large single well supported currency for buying sex, porn, games, casino chips, gold, weed, gas, and countless other products and services?  Are you off your meds again?  That would almost be the start of an economy or something.  



 
5297  Bitcoin / Bitcoin Discussion / Re: Is bitcoin 2 coming out next month? on: July 29, 2013, 04:31:50 PM
To answer the question (serious or not, some may not understand), we normally use base 10 ...

All number systems are base 10 if you think about it.  The word "base 10" is horribly ambiguous for meaning base-ten.  Smiley





5298  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] GAS Coin is now dead. r3wt snuck in a premine and scammed the community on: July 29, 2013, 04:15:09 PM
I know there are a lot of naive people in the world, but ~$40 to make a client and launch a coin?  I know the ONLY way I'd ask that little is if all I had to do was take the existing source code and then search and replace the names and maybe do 1 or 2 tweaks.

What do you think 90%+ of the launched coins are.  EXACTLY that.  Hell most of the time they don't even modify everything that needs to be modified.  They use the same alertkey as LTC, they don't change magic numbers so nodes running multiple blockchains end up confused spamming LTC blocks into xCoin network for example.  Hell in some coins they don't even change user facing strings so some error messages or confirmations will say "Litecoin".

To date there has been very little innovation in the alt-coin space:
LTC, PPC, Freicoin (I think it is a stupid idea but it is at least innovative), Powercoin.  That is about it.  Everything else has been copy, replace, tweak, launch.
you forgot primecoin

Fixed I meant primecoin not powercoin.  So many stupid names nearly impossible to keep it straight.
5299  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] GAS Coin is now dead. r3wt snuck in a premine and scammed the community on: July 29, 2013, 04:12:22 PM
I know there are a lot of naive people in the world, but ~$40 to make a client and launch a coin?  I know the ONLY way I'd ask that little is if all I had to do was take the existing source code and then search and replace the names and maybe do 1 or 2 tweaks.

What do you think 90%+ of the launched coins are.  EXACTLY that.  Hell most of the time they don't even modify everything that needs to be modified.  They use the same alertkey as LTC, they don't change magic numbers so nodes running multiple blockchains end up confused spamming LTC blocks into xCoin network for example.  Hell in some coins they don't even change user facing strings so some error messages or confirmations will say "Litecoin".

To date there has been very little innovation in the alt-coin space:
LTC, PPC, Freicoin (I think it is a stupid idea but it is at least innovative), Powercoin Primecoin.  That is about it.  Everything else has been copy, replace, tweak, launch.

Now I am still not sold that these coins will be successful.  For example I don't think merchants really care which POW is used as long as the network is secure.  However all these coins required a little more work than copy, paste, tweak, and launch.
5300  Other / Beginners & Help / Re: BTC Inflation? on: July 29, 2013, 07:33:43 AM
Bitcoin is regulated.  The protocol is regulated by math, algorithms, and cryptography.  I trust that kind of regulation far more than gubbermints made up of fallible humans.

The rate of new generation (and thus inflation) is tightly controlled by the protocol with the rate of new coins in each block being halved every 210,000 blocks.
Pages: « 1 ... 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 [265] 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 ... 800 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!