Can SHA256 have a backdoor?

[thejaytiesto]

I was reading this thread:

https://bitcointalk.org/index.php?topic=1345897.0

And I considered the possibility of hashing algorithm used in Bitcoin having some sort of backdoor. There has been some articles in certain websites talking about this too, which lead to the conspiracy theories with your favorite 3 letter agencies. I want to know what are the chances that this is certain and someone that is technically sound to give this any credit or discard it as absolutely tinfoilhat nonsense.

[Lauda]

I was reading this thread:
https://bitcointalk.org/index.php?topic=1345897.0

You should ignore anyone who starts these kinds of threads or people who seriously believe in these conspiracy theories. These people obviously have nothing better to do in their lives (flat Earth believers anyone?) which implies a lack of education as well. Don't let them get to you.

And I considered the possibility of hashing algorithm used in Bitcoin having some sort of backdoor. There has been some articles in certain websites talking about this too, which lead to the conspiracy theories with your favorite 3 letter agencies. I want to know what are the chances that this is certain and someone that is technically sound to give this any credit or discard it as absolutely tinfoilhat nonsense.

Anyhow, there is always a possibility of this. Now calculating the odds here would be quite difficult. If you ask me, tt is a very tiny possibility since someone would have most likely discovered the backdoor/flaw by now. You should not be worried about this. If SHA256 does appear to be broken (e.g. in the news; evidence of someone tempering with it in Bitcoin) the whole financial system would most likely collapse and the world goes into chaos. Bitcoin would be the least of your worries then. Remember that most of these institutions (e.g. Banks) use SHA256.

[watashi-kokoto]

And I considered the possibility of hashing algorithm used in Bitcoin having some sort of backdoor. There has been some articles in certain websites talking about this too, which lead to the conspiracy theories with your favorite 3 letter agencies. I want to know what are the chances that this is certain and someone that is technically sound to give this any credit or discard it as absolutely tinfoilhat nonsense.

What type of Backdoor? Collision? Partial Collision? Second pre image attack?

Are you aware that SHA256 and RIPEMD160 are the most heavily scrutinized cryptographic hash function out there?

This is the whole thing:
http://www.opensource.apple.com/source/zfs/zfs-59/zfs_kext/zfs/sha256.c
Just one table and two procedures. Care to explain to us what may be hidden in there?

[franky1]

This is the whole thing:
http://www.opensource.apple.com/source/zfs/zfs-59/zfs_kext/zfs/sha256.c
Just one table and two procedures. Care to explain to us what may be hidden in there?

not quite 2 procedures.. check the <includes>..

[watashi-kokoto]

Let's talk. What would they do? Open that file and change one of the numbers? Then fake all books about crypto and update it on all websites?

[jonald_fyookball]

Backdoor is doubtful.  

Read this.

https://bitcointalk.org/index.php?topic=598903.5

RIPEMD-160 and SHA-256 are well understood Merkle–Damgard designs which have been extensively studied for over a decade.  So I believe ECDSA will be weakened long before either of the hashing algorithms.

[Soros Shorts]

What type of Backdoor? Collision? Partial Collision? Second pre image attack?

"Decryption" backdoor - recover first preimage from hash. 

[watashi-kokoto]

Backdoor is doubtful.  

You're right.

Let me just add, as a reference, these people have been testing crypto hash functions in the lab, SHA256 since 2004.

http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm

So for example they tested in 2004 the 234 F-Secure® Cryptographic Library for Windows 2000 . If you are interested you can buy this product and test if it's the indeed the same function Bitcoin uses. Protip: yes

[watashi-kokoto]

What type of Backdoor? Collision? Partial Collision? Second pre image attack?

"Decryption" backdoor - recover first preimage from hash.  

Yes and they secretly mine using it That explains the high difficulty

[Erkallys]

No, I don't think that it is possible. A lot more things than Bitcoin run on SHA-256. If Bitcoin was manipulated this way, we'll simply swicth to another cryptocurrency. However, this would the chaos !

[franky1]

No, I don't think that it is possible. A lot more things than Bitcoin run on SHA-256. If Bitcoin was manipulated this way, we'll simply swicth to another cryptocurrency. However, this would the chaos !

but in some ways signature hashing of sha256 can be manipulated to give false readings.
   hash length extension attack

so although sha256 is safe in regards to how bitcoin uses it.. other applications have been misused

[Erkallys]

No, I don't think that it is possible. A lot more things than Bitcoin run on SHA-256. If Bitcoin was manipulated this way, we'll simply swicth to another cryptocurrency. However, this would the chaos !

but in some ways signature hashing of sha256 can be manipulated to give false readings.
   hash length extension attack

so although sha256 is safe in regards to how bitcoin uses it.. other applications have been misused

So, if I understood correctly your message, that's only Bitcoin that make a proper use of SHA-256 ?

[franky1]

No, I don't think that it is possible. A lot more things than Bitcoin run on SHA-256. If Bitcoin was manipulated this way, we'll simply swicth to another cryptocurrency. However, this would the chaos !

but in some ways signature hashing of sha256 can be manipulated to give false readings.
   hash length extension attack

so although sha256 is safe in regards to how bitcoin uses it.. other applications have been misused

So, if I understood correctly your message, that's only Bitcoin that make a proper use of SHA-256 ?

no. other things do too.. but some dont.