|
Bitware
|
 |
April 23, 2015, 05:17:19 AM |
|
Lots of mental masturbation posted, but no proof of a single collision with SHA-256 has been posted yet.
|
|
|
|
|
no-rice-peas
Newbie
 Offline
Activity: 14
Merit: 0
|
|
April 23, 2015, 05:21:49 PM
Last edit: April 23, 2015, 05:53:01 PM by no-rice-peas |
|
I wonder if YOU are reading it, or comprehend what you are reading.
The link you posted says:
"there hasn’t been any result that calls into question the soundness of SHA-2 at all."
Stuff like: "hacked into target computers to snare messages before they were encrypted"
or "build entry points into their products." have nothing to do with the hash function.
No doubt the NSA are bunch of vipers that should not be trusted on any level,
but I don't think they have a preimage attack on SHA-256.
Saying that they might is just baseless speculation, and none of the articles
are suggesting that.
Lots of mental masturbation posted, but no proof of a single collision with SHA-256 has been posted yet.
From the nytimes article above "The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards..." "And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world." "“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart... When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!” And that is really the milder stuff. Any person can follow the links and research a bit and most people will come to the conclusion that the NSA is deliberately giving a defective product to the public so they can derive short term benefits. I'm not going to spend a lot of time arguing this. My interest is in not losing the little that I have because of some overly ambitious jackass bureaucrats who have zero integrity. Why some people online seems to work so hard to cover the misconduct of crooked nsa vermin, anyone can speculate. If someone wants to research the subject further here are the first few links that come up on a search. I have not read any of them yet. http://arstechnica.com/security/2014/01/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/https://bitcointalk.org/index.php?topic=291217.0http://searchsecurity.techtarget.com/video/NSA-encryption-backdoor-How-likely-is-ithttp://www.wired.com/2013/09/nsa-backdoor/Now it is easy to predict that someone will again try to divert the discussion or distract attention from evidence that the NSA has subverted sha2 |
|
|
|
|
tyz
Legendary
Offline
Activity: 3360
Merit: 1533
|
|
April 23, 2015, 05:38:27 PM |
|
The coins can not be deleted in the normal way. You just need to lose or destroy the private key. I am not sure if this has not happened already. It is very strange that a such huge amount of value has not been moved and exchanges in any way so far.
|
|
|
|
|
no-rice-peas
Newbie
Offline
Activity: 14
Merit: 0
|
|
April 23, 2015, 05:56:46 PM |
|
Now it is easy to predict that someone will again try to divert the discussion or distract attention from evidence that the NSA has subverted sha2
The coins can not be deleted in the normal way. You just need to lose or destroy the private key. I am not sure if this has not happened already. It is very strange that a such huge amount of value has not been moved and exchanges in any way so far.
http://www.bangkokmafia.com/wp-content/uploads/2009/07/retard.jpg |
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
April 23, 2015, 06:59:15 PM
Last edit: April 23, 2015, 08:06:52 PM by jonald_fyookball |
|
Any person can follow the links and research a bit and most people will come to the conclusion that the NSA is deliberately giving a defective product to the public so they can derive short term benefits.
Yes, any person can follow the links but I honestly haven't seen anyone come to that conclusion specifically about SHA-256 or SHA-2. I think this quote sums it up: SHA-2 is an open algorithm and it uses as its constants the sequential prime cube roots as a form of "nothing up my sleeve numbers". For someone to find a weakness or backdoor in SHA would be the equivalent of the nobel prize in cryptography. Everyone who is anyone in the cryptography community has looked at SHA-2. Not just everyone with a higher degree in mathematics, computer science, or cryptography in the last 20 years but foreign intelligence agencies and major financial institutions. Nobody has found a flaw, not even an theoretical one (a faster than brute force solution which requires so much energy/time as to be have no real world value).
To believe the the NSA has broken SHA-2 would be to believe that the NSA found something the entire rest of the world combined hasn't found for twenty years. Also NIST still considers SHA-2 secure and prohibits the use of any other hashing algorithm (to include SHA-3 so far) in classified networks. So that would mean the NSA is keeping a flaw/exploit from NIST compromising US national security.
Anything is possible but occam's razor and all that.
Anyway, you seem to have made up your own mind about the matter, so I guess that's the end of the discussion.  cheers. |
|
|
|
no-rice-peas
Newbie
Offline
Activity: 14
Merit: 0
|
|
April 23, 2015, 10:35:06 PM |
|
Any person can follow the links and research a bit and most people will come to the conclusion that the NSA is deliberately giving a defective product to the public so they can derive short term benefits.
Yes, any person can follow the links but I honestly haven't seen anyone come to that conclusion specifically about SHA-256 or SHA-2. I think this quote sums it up: SHA-2 is an open algorithm and it uses as its constants the sequential prime cube roots as a form of "nothing up my sleeve numbers". For someone to find a weakness or backdoor in SHA would be the equivalent of the nobel prize in cryptography. Everyone who is anyone in the cryptography community has looked at SHA-2. Not just everyone with a higher degree in mathematics, computer science, or cryptography in the last 20 years but foreign intelligence agencies and major financial institutions. Nobody has found a flaw, not even an theoretical one (a faster than brute force solution which requires so much energy/time as to be have no real world value).
To believe the the NSA has broken SHA-2 would be to believe that the NSA found something the entire rest of the world combined hasn't found for twenty years. Also NIST still considers SHA-2 secure and prohibits the use of any other hashing algorithm (to include SHA-3 so far) in classified networks. So that would mean the NSA is keeping a flaw/exploit from NIST compromising US national security.
Anything is possible but occam's razor and all that.
Anyway, you seem to have made up your own mind about the matter, so I guess that's the end of the discussion. cheers. Cheers. http://arstechnica.com/security/2014/01/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/https://bitcointalk.org/index.php?topic=291217.0http://searchsecurity.techtarget.com/video/NSA-encryption-backdoor-How-likely-is-ithttp://www.wired.com/2013/09/nsa-backdoor/... |
|
|
|
|
|
|
|
no-ice-please (OP)
|
|
May 01, 2015, 11:00:38 PM |
|
A quote from http://web.archive.org/web/20140912134430/https://cdt.org/blog/what-the-heck-is-going-on-with-nist%e2%80%99s-cryptographic-standard-sha-3/"In 2005, researchers developed an attack that called into question the security guarantees of an earlier secure hash algorithm, SHA-1. The characteristics of this 2005 attack seemed to hint that it could be refined to attack many of the secure hash functions at the time, including SHA-0, MD4, MD5 and even SHA-2. At the time, for many cryptographers, the message was clear: a new hash algorithm is needed and it should be based on completely different underlying mathematics that are not susceptible to the attacks threatening known hash functions." I'm not saying anything is wrong with sha. Just saying something doesn't look kosher. |
|
|
|
|
|
moni3z
|
|
May 01, 2015, 11:33:51 PM |
|
A quote from http://web.archive.org/web/20140912134430/https://cdt.org/blog/what-the-heck-is-going-on-with-nist%e2%80%99s-cryptographic-standard-sha-3/"In 2005, researchers developed an attack that called into question the security guarantees of an earlier secure hash algorithm, SHA-1. The characteristics of this 2005 attack seemed to hint that it could be refined to attack many of the secure hash functions at the time, including SHA-0, MD4, MD5 and even SHA-2. At the time, for many cryptographers, the message was clear: a new hash algorithm is needed and it should be based on completely different underlying mathematics that are not susceptible to the attacks threatening known hash functions." I'm not saying anything is wrong with sha. Just saying something doesn't look kosher. Plenty of time for developers to move to SHA512 or whatever hash they wish, whenever they deem it's necessary. Bitcoin is not carved in stone |
|
|
|
|
|
no-ice-please (OP)
|
|
May 02, 2015, 12:45:57 AM
Last edit: May 02, 2015, 01:13:50 AM by no-ice-please |
|
A quote from http://web.archive.org/web/20140912134430/https://cdt.org/blog/what-the-heck-is-going-on-with-nist%e2%80%99s-cryptographic-standard-sha-3/"In 2005, researchers developed an attack that called into question the security guarantees of an earlier secure hash algorithm, SHA-1. The characteristics of this 2005 attack seemed to hint that it could be refined to attack many of the secure hash functions at the time, including SHA-0, MD4, MD5 and even SHA-2. At the time, for many cryptographers, the message was clear: a new hash algorithm is needed and it should be based on completely different underlying mathematics that are not susceptible to the attacks threatening known hash functions." I'm not saying anything is wrong with sha. Just saying something doesn't look kosher. Plenty of time for developers to move to SHA512 or whatever hash they wish, whenever they deem it's necessary. Bitcoin is not carved in stone I am not trying to be rude, but doesn't the above quoted paragraph indicate that there might have been an indication of some developing problem in 2005. Some posts on another thread from 2011: Interesting discussion, hate to see it stopped there. Having 2 levels of hashing with different algorithms will be much safer. In the New to BitCoin thread ( http://forum.bitcoin.org/?topic=7269.0) it says The cryptography used in BitCoin is so strong that all the world's online banking would be compromised before BitCoin would be, and it can even be upgraded if that were to start to happen. It's like if each banknote in your pocket had a 100-digit combination lock on it that couldn't be removed without destroying the bill itself. BitCoin is that secure.I sensed a lot of complacency here. What it didn't mention is bitcoin network is much more accessible than online banking systems, which usually are monitored by security staff. If SHA256 is suddenly broken -- however a remote possibility it is -- very likely the fully automated Bitcoin network will suffer the most, as SHA256 is THE cornerstone bitcoin is built on, and all the eggs are in one basket. The banking industry on the other hand has many ways to make human intervention under similar circumstance. If all online banking service is shut down, they still can run computers on their private network and physically secure the communication lines. Please excuse my paranoia but unfortunately with the appreciation of btc, a single private/public key pair can now hold millions dollar of value, the incentive for finding and hacking any weakness has increased exponentially too The cryptography used in BitCoin is so strong that all the world's online banking would be compromised before BitCoin would be, and it can even be upgraded if that were to start to happen. It's like if each banknote in your pocket had a 100-digit combination lock on it that couldn't be removed without destroying the bill itself. BitCoin is that secure.
this is just false, and it's unfortunate that people often claim this. it applies to the public-key encryption that bitcoin uses but to no other feature of the system. 'all the world's online banking' does not depend fully on sha-2 for its security, for example. sha-2 is likely secure for the foreseeable future (although there's too much complacency around certain features of its use in bitcoin), so it may not make much difference in practice. i just hate to see the repetition of the false comparison between bitcoin and the security of unnamed 'banks' when it's patently false. No disrespect to mr Andreson but his comment seems to recall that reply: As you can see, this tries to be more secure by hashing twice. However, this actually reduces security. To break pure SHA256, an attacker needs to find a d' such that SHA256(d') == SHA256(d), for a known d. This is also sufficient to break Hash(). However the attacker can also attack the outer layer of the hash, finding a d' such that SHA256(SHA256(d')) == SHA256(SHA256(d)), even though SHA256(d') != SHA256(d). As you can see, the double hashing here makes it _easier_ to break the hash!
If I understand correctly, you've got two chances to find a collision instead of one. So this decreases the security of SHA256 by a factor of 2... which is just Not a Big Deal. Bitcoin is using, essentially SHA255 instead of SHA256. It'll still take longer than forever to find a collision... Shor's Algorithm. A quantum algorithm which can evidently be used to break RSA encryption. $10M for a quantum computer is not a lot of money to many corporations or even individuals. http://en.wikipedia.org/wiki/Shor's_algorithmJust when you thought it was safe to go back into the water. Amazing that the amount $10 million was chosen. http://www.infosecurity-magazine.com/news/rsa-received-10-million-from-the-nsa-to-make/ |
|
|
|
|
gjhiggins
Legendary
Offline
Activity: 2254
Merit: 1278
|
|
May 02, 2015, 08:34:33 AM |
|
I'm not saying anything is wrong with sha.
Just saying something doesn't look kosher.
It may well not ”look kosher“ but that's primarily because your own reasoning is being spared the standard of rigour that you insist should be applied to cryptography. The unanimous rejection of your argument by those from whom you sought an opinion in the first place should be a cue for you to re-examine your underlying assumptions. It's likely that your conclusions are flawed because an incorrect assumption is resulting in false premises, an instance of GIGO. OTOH, you may be experiencing a cognitive illusion (PDF, sry) which I've observed to be particularly prevalent in cryptography. Cheers Graham |
|
|
|
|
rax
Member
Offline
Activity: 86
Merit: 12
|
|
May 02, 2015, 10:21:24 AM |
|
SHA-1 and SHA-2 have zilch in common, moron. They are totally different algorithms.
|
|
|
|
|
moodis
Newbie
Offline
Activity: 25
Merit: 0
|
|
May 02, 2015, 12:01:21 PM |
|
Who knows where to take blockchain.info Second Wallet Password?
|
|
|
|
|
|
achow101_alt
|
|
May 02, 2015, 03:49:06 PM |
|
As you have established earlier, SHA-2 is based on SHA-1 which is based on SHA-0 which is based on MD5 which has some known weaknesses. SHA-1, SHA-0, and MD5 all have known collision attacks, but reasearchers have not been able to get any of the attacks used in these algorithms to work on SHA-2. There has obviously been an evolution of the algorithms from MD5, as the attacks for each broken algorithm is different from the previous.
All cryptographic algorithms and such will at some point be broken, however, Bitcoin's developers can have the time to shift Bitcoin to another algorithm which will be more secure than SHA-256 once SHA-2 is broken. As stated earlier, algorithms are not broken overnight, and there is plenty of warning between the time that a paper is released announcing a successful attack and a working exploit which can damage things.
As for the NSA or other government agencies for having known exploits or vulnerabilities in SHA-2. These agencies, by having these exploits, would severly undermine entire industries as many many companies, organizations, other governments, and industries rely on SHA-2 for their security. Furthermore, SHA-2 is one of the most popular hashing algorithms, and has been studied by almost every cryptographer since its release in 2001. It has been more than a decade since its release, and no one has found a working attack against SHA-2.
Even if the NSA has broken SHA-2, why would they go after Bitcoin? Once people realize that SHA-2 is broken, Bitcoin would become unused, have no value, or be shifted to a new algorithm which would take the NSA more time to break. It would be a waste of time and money for them to break Bitcoin and for almost no gain whatsoever.
Now onto the technical aspect. As we know, SHA-1, SHA-0, and MD5 all have collision attacks but not preimage attacks. The collision attacks allows someone to find the same hash for different inputs. The current attacks on these three algorithms involve knowing the hash output for the attack to work. Now, if these could be applied to SHA-256, it still would be pointless. In order for this attack to be able to steal Bitcoin, the owner of the sign the transaction first in order for the hash to become available. The signature comprises of essentially the entire transaction, all of the inputs and the outputs, and the private key, in order for the transaction to verified and used in further transactions. In order to use a collision attack, you would need to have the owner of the transaction create and sign the transaction in order to get the hash. Thus, the attack would not work because the Bitcoins would already be spent and an attacker could not use a collision attack without first knowing the hash that would spend such bitcoins. A collision attack on SHA-256 would then not work to break Bitcoin or allow someone to steal Bitcoins.
As for a preimage attack, if one were to be found, Bitcoin would be screwed. However, its none of its predecessors have working preimage attacks. If one were to be found, an attacker could get the private key and use that to steal Bitcoins. It would then be possible to reverse a signature and find the private key from the input, take the key, import it and steal all of the Bitcoins associated with said key. This kind of theoretical attack would work to break Bitcoin, but a preimage attack has yet to be found in all of the aforementioned hash algorithms.
The preimage attack would also allow someone to mine Bitcoin much faster than the current miners do, and give said miner a massive advantage. At this point though, the developers could switch Bitcoin to another algorithm to make it secure.
Thus, your concern, though valid, is not yet applicable. At some point, SHA-256 will be broken, but it has not been broken yet. If a collision attack were found, it could not undermine Bitcoin. If a preimage attack were found, it could screw over Bitcoin. But, neither attack has been found and none of the previous attacks on older hash algorithms have been applied successfully to SHA-256
|
|
|
|
|
no-ice-please (OP)
|
|
May 03, 2015, 09:13:23 PM |
|
SHA-1 and SHA-2 have zilch in common, moron. They are totally different algorithms.
Both are derived from sha http://en.m.wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions and as has been mentioned previously, experts have said that some of the hacks used against md5 may be applicable to sha. I'm not saying anything is wrong with sha.
Just saying something doesn't look kosher.
It may well not ”look kosher“ but that's primarily because your own reasoning is being spared the standard of rigour that you insist should be applied to cryptography. The unanimous rejection of your argument by those from whom you sought an opinion in the first place should be a cue for you to re-examine your underlying assumptions. It's likely that your conclusions are flawed because an incorrect assumption is resulting in false premises, an instance of GIGO. OTOH, you may be experiencing a cognitive illusion (PDF, sry) which I've observed to be particularly prevalent in cryptography. Cheers Graham Kind of a polite ad hominem but you did not address a single one of the points raised by others in the previous post. Here it is again A quote from http://web.archive.org/web/20140912134430/https://cdt.org/blog/what-the-heck-is-going-on-with-nist%e2%80%99s-cryptographic-standard-sha-3/"In 2005, researchers developed an attack that called into question the security guarantees of an earlier secure hash algorithm, SHA-1. The characteristics of this 2005 attack seemed to hint that it could be refined to attack many of the secure hash functions at the time, including SHA-0, MD4, MD5 and even SHA-2. At the time, for many cryptographers, the message was clear: a new hash algorithm is needed and it should be based on completely different underlying mathematics that are not susceptible to the attacks threatening known hash functions." I'm not saying anything is wrong with sha. Just saying something doesn't look kosher. Plenty of time for developers to move to SHA512 or whatever hash they wish, whenever they deem it's necessary. Bitcoin is not carved in stone I am not trying to be rude, but doesn't the above quoted paragraph indicate that there might have been an indication of some developing problem in 2005. Some posts on another thread from 2011: Interesting discussion, hate to see it stopped there. Having 2 levels of hashing with different algorithms will be much safer. In the New to BitCoin thread ( http://forum.bitcoin.org/?topic=7269.0) it says The cryptography used in BitCoin is so strong that all the world's online banking would be compromised before BitCoin would be, and it can even be upgraded if that were to start to happen. It's like if each banknote in your pocket had a 100-digit combination lock on it that couldn't be removed without destroying the bill itself. BitCoin is that secure.I sensed a lot of complacency here. What it didn't mention is bitcoin network is much more accessible than online banking systems, which usually are monitored by security staff. If SHA256 is suddenly broken -- however a remote possibility it is -- very likely the fully automated Bitcoin network will suffer the most, as SHA256 is THE cornerstone bitcoin is built on, and all the eggs are in one basket. The banking industry on the other hand has many ways to make human intervention under similar circumstance. If all online banking service is shut down, they still can run computers on their private network and physically secure the communication lines. Please excuse my paranoia but unfortunately with the appreciation of btc, a single private/public key pair can now hold millions dollar of value, the incentive for finding and hacking any weakness has increased exponentially too The cryptography used in BitCoin is so strong that all the world's online banking would be compromised before BitCoin would be, and it can even be upgraded if that were to start to happen. It's like if each banknote in your pocket had a 100-digit combination lock on it that couldn't be removed without destroying the bill itself. BitCoin is that secure.
this is just false, and it's unfortunate that people often claim this. it applies to the public-key encryption that bitcoin uses but to no other feature of the system. 'all the world's online banking' does not depend fully on sha-2 for its security, for example. sha-2 is likely secure for the foreseeable future (although there's too much complacency around certain features of its use in bitcoin), so it may not make much difference in practice. i just hate to see the repetition of the false comparison between bitcoin and the security of unnamed 'banks' when it's patently false. No disrespect to mr Andreson but his comment seems to recall that reply: As you can see, this tries to be more secure by hashing twice. However, this actually reduces security. To break pure SHA256, an attacker needs to find a d' such that SHA256(d') == SHA256(d), for a known d. This is also sufficient to break Hash(). However the attacker can also attack the outer layer of the hash, finding a d' such that SHA256(SHA256(d')) == SHA256(SHA256(d)), even though SHA256(d') != SHA256(d). As you can see, the double hashing here makes it _easier_ to break the hash!
If I understand correctly, you've got two chances to find a collision instead of one. So this decreases the security of SHA256 by a factor of 2... which is just Not a Big Deal. Bitcoin is using, essentially SHA255 instead of SHA256. It'll still take longer than forever to find a collision... Shor's Algorithm. A quantum algorithm which can evidently be used to break RSA encryption. $10M for a quantum computer is not a lot of money to many corporations or even individuals. http://en.wikipedia.org/wiki/Shor's_algorithmJust when you thought it was safe to go back into the water. Amazing that the amount $10 million was chosen. http://www.infosecurity-magazine.com/news/rsa-received-10-million-from-the-nsa-to-make/ |
|
|
|
|
|
achow101_alt
|
|
May 04, 2015, 12:54:48 AM |
|
The NSA has a history of promoting flawed cryptography deliberately, so that it can access encrypted material.
Is that true?
Historically, the NSA has published, promoted and standardized their own broken cryptography, most notably Dual_EC_DRBG, a random number generator. Since Dual_EC_DRBG is a broken RNG, any algorithm using it for random numbers is thus broken, which happened to on of RSA Security's products. The NSA had paid RSA a lot of money to use the broken Dual_EC_DRBG in their flagship encryption products so that the NSA could decrypt the information. However, Dual_EC_DRBG's flaws were discovered very quickly, and attacks were developed in a short amount of time. The cryptography community discovered the flaw within a year of its publishing. Now, if the NSA did backdoor SHA-256, they must have done it extraordinarily well since no working flaws and attacks have been found against SHA-2 in the past 14 years. Furthermore, they must have hidden the backdooring from the docs that Snowden took since those docs also revealed and proved that the NSA did backdoor Dual_EC_DRBG and did pay RSA to use that RNG in one of their products. Since no flaw has been found nor any docs revealed backdooring so far, it is highly unlikely, though not impossible, that the NSA backdoored SHA-2. |
|
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
May 04, 2015, 02:52:36 AM |
|
you're chasing ghosts with this SHA-256 thing.
You seem to keep ignoring the fact that
even MD-5 doesn't have pre-image attacks.
Instead, if you want to look for weakness in
Bitcoin, you should look into the ECDSA, as that is far
more likely to be exploitable.
|
|
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
May 04, 2015, 03:35:34 AM |
|
you're chasing ghosts with this SHA-256 thing.
You seem to keep ignoring the fact that
even MD-5 doesn't have pre-image attacks.
Instead, if you want to look for weakness in
Bitcoin, you should look into the ECDSA, as that is far
more likely to be exploitable.
Not to be disrespectful, but you seem to be ignoring both the history of cryptography and what we know about the NSA. There isn't much to add to previous posts. It seems like a poor choice for bitcoin to continue with an NSA algorithm post Snowden, considering huge questions existed pre Snowden. The recent history of the NSA and the fact that it's intelligence has been used to harm dissidents in numerous repressive countries should be enough, even without cryptography questions. If they do have, or do develop, some control over bitcoin it will not be to help vulnerable people in poor countries. http://www.usatoday.com/story/news/politics/2013/10/16/nsa-drone-campaign-cia/2998439/No offense but you don't seem to be a very good listener. I'm telling you that a better place to search for vulnerabilities would be the elliptic curves used in Bitcoin. I believe those were used and/or created by agencies of the USA as well. |
|
|
|
|
