I wouldn't be surprised if the Russian government has managed it. As for why civilians haven't broke it, it has to do with the fact they are dirt poor compared to the higher echelons of society and that academic research is highly controlled. At least, that's my theory. Again, cryptanalysis isn't equivalent to auditing source code.
Quick google searches will turn up many results for peer-reviewed, highly cited, public articles discussing attacks on SHA-2. These come from many different countries, and cover many old and new attacks. Do you have any evidence to back up your theory that academic research worldwide on SHA-2 is being highly controlled? That's a pretty wild claim to make with no supporting facts.
The federal government isn't a unified organization. In fact, if I were higher up in the NSA, I would want the lower branches of the government to use weak cryptography so I could have access to all their communications and resources.
And who says the NSA uses SHA256? Do you work for the NSA? I doubt even the President knows their operating procedures. They likely use cryptography that isn't available to the public.
And why would an organization with a classified budget have their real and full policy out in the open on the web?
You mentioned you wouldn't be surprised if Russia has broken SHA-256. Do you believe that the NSA would tell the rest of the government to use hashes that Russia could compromise? What you're suggesting is that the NSA is scheming against the rest of the government, opening them up to surveillance from the NSA and other countries. Again, this is an extraordinary claim. Do you have any evidence for it?
I provided premises which required no stretch of the imagination to accept. Is it unreasonable to think that the entire public research world can come close to matching the intelligence of one small group? Is it unreasonable to believe that the NSA is acting with national security in mind when suggesting Suite B? You have responded to both of these premises with completely ungrounded ideas about conspiracies and schemes. How am I supposed to prove you wrong? You ever hear about
the teapot? What could I say to convince you that your ideas are probabilistically unlikely and are not reasonable beliefs to hold?
They could have rigged the contest indirectly. A lot of the contestants weren't even revealed and tons of them were rejected. The NIST could have very well intentionally chosen a weak hash function that only the NSA could compromise.
How the winning hash function was chosen was not totally open and clear. They gave some vague requirements but not much beyond that. They could say it's "fast and secure" but that's taking their word on it. In the end, you're relying on trust.
No.
http://keccak.noekeon.org/third_party.html. Are you saying we can't trust ANY of these well-respected third part verifiers? There's been so much public work done on analyzing Keccak, and results are very promising.
It doesn't but it's still based on the core DSA technology. The bit security is improved but in the end it is a slight modification. ECDSA is directly based on DSA. It's equivalent technology.
The math is entirely different. EC multiplication is nothing like standard multiplication. You want to claim a vulnerability in DSA implies a weakness in ECDSA? Prove it. Give me a link to some research showing that, or point out where in the math there might be some similarity.
