Bitcoin Forum
December 05, 2016, 06:48:09 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: If SHA-2 is so secure then why?  (Read 4118 times)
becoin
Legendary
*
Offline Offline

Activity: 1428



View Profile
July 07, 2011, 12:44:44 PM
 #1

Bitcoin mining process consists of repeatedly increasing "nonce":

Quote
payload = <some data related to things happening on the Bitcoin network>
nonce = 1
hash = SHA2( SHA2( payload + nonce ) )

It merely tries to find the right number.


If SHA-2 is so secure then why have National Institute of Standards and Technology (NIST) announced an open competition for a new SHA-3 function to replace the older SHA-1 and SHA-2 after 2012?

http://en.wikipedia.org/wiki/NIST_hash_function_competition

Is SHA-2 algorithm hard coded in the bitcoin protocol or not? Is it possible to upgraded it to SHA-3 after 2012?

18sNtvUmtW6nrQXfYt1wvviGockSWxhPBX
1480963689
Hero Member
*
Offline Offline

Posts: 1480963689

View Profile Personal Message (Offline)

Ignore
1480963689
Reply with quote  #2

1480963689
Report to moderator
1480963689
Hero Member
*
Offline Offline

Posts: 1480963689

View Profile Personal Message (Offline)

Ignore
1480963689
Reply with quote  #2

1480963689
Report to moderator
1480963689
Hero Member
*
Offline Offline

Posts: 1480963689

View Profile Personal Message (Offline)

Ignore
1480963689
Reply with quote  #2

1480963689
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480963689
Hero Member
*
Offline Offline

Posts: 1480963689

View Profile Personal Message (Offline)

Ignore
1480963689
Reply with quote  #2

1480963689
Report to moderator
1480963689
Hero Member
*
Offline Offline

Posts: 1480963689

View Profile Personal Message (Offline)

Ignore
1480963689
Reply with quote  #2

1480963689
Report to moderator
elggawf
Sr. Member
****
Offline Offline

Activity: 308



View Profile
July 07, 2011, 12:48:13 PM
 #2

If SHA-2 is so secure then why have National Institute of Standards and Technology (NIST) announced an open competition for a new SHA-3 function to replace the older SHA-1 and SHA-2 after 2012?

You think they should wait until SHA-2 is broken to start looking for a replacement? Think about that for a second.

Quote
Is SHA-2 algorithm hard coded in the bitcoin protocol or not? Is it possible to upgraded it to SHA-3 after 2012?

It's possible, yes, but it's going to be a mess and require lots of cooperation.

^_^
becoin
Legendary
*
Offline Offline

Activity: 1428



View Profile
July 07, 2011, 01:06:16 PM
 #3

You think they should wait until SHA-2 is broken to start looking for a replacement? Think about that for a second.
If they think for a replacement there is a reason, right? If they think for a replacement after 2012 why you shouldn't? Or you intend to use SHA-2 until 2140?

18sNtvUmtW6nrQXfYt1wvviGockSWxhPBX
Man From The Future
Full Member
***
Offline Offline

Activity: 126


View Profile
July 07, 2011, 01:07:28 PM
 #4

You think they should wait until SHA-2 is broken to start looking for a replacement? Think about that for a second.
If they think for a replacement there is a reason, right? If they think for a replacement after 2012 why you shouldn't? Or you intend to use SHA-2 until 2140?
They need to make a replacement becqause the alternative is to wait until SHA256 isn't good enough.

Yes, bitcoin can change to not use SHA2
natman3400
Member
**
Offline Offline

Activity: 98

firstbits: 1nathana


View Profile
July 07, 2011, 01:13:17 PM
 #5

You think they should wait until SHA-2 is broken to start looking for a replacement? Think about that for a second.
If they think for a replacement there is a reason, right? If they think for a replacement after 2012 why you shouldn't? Or you intend to use SHA-2 until 2140?
SHA-1 is still unbroken (as far as i know), but that's no reason to not use SHA-2. Just means that SHA-1 had a possible future weakness that could be fixed, for the most part, but at the cost of using more computing power. The time has just come again that average computing power has yet increased that they see fit to upgrade it to nip any possible weakness in the bud. The only problem found in SHA-1 was a POSSIBLE mathematical weakness, and since SHA-2 is roughly based on SHA-1, just a bit beefed up, the search for a replacement to SHA-1 never really stopped.

Support the BitClip project:
http://bit.ly/vghQFK
Donate to bitclip: 1BCincd4sHM1ou5QcxZ4vc4hKzsxXCpQT
Dontate to me: 1NathanAubdutd4kW4VwfcEXEWvgkqEq7V
PGP key 1: http://goo.gl/TUIWe
PGP key 2: http://goo.gl/jrfaI
Proof both keys belong to me: http://goo.gl/dQSHl
sirky
Sr. Member
****
Offline Offline

Activity: 407



View Profile
July 07, 2011, 01:16:46 PM
 #6

It is simply a good idea. SHA-2 is still holding up, but it seems that these hashing functions generally only last so long before someone figures out a way to decrease the attack space enough to make you uncomfortable, or to find a collision fast enough to make you question the theory (MD-4 being the worst).

Updating the client would be a huge mess though. There would have to be a hard coded block (probably) when all the clients switched to whatever the new algorithm was.

Old clients still would be made absolutely useless though, and would create their own block chain at that point.

It would not be good.
Man From The Future
Full Member
***
Offline Offline

Activity: 126


View Profile
July 07, 2011, 01:18:54 PM
 #7

It is simply a good idea. SHA-2 is still holding up, but it seems that these hashing functions generally only last so long before someone figures out a way to decrease the attack space enough to make you uncomfortable, or to find a collision fast enough to make you question the theory (MD-4 being the worst).

Updating the client would be a huge mess though. There would have to be a hard coded block (probably) when all the clients switched to whatever the new algorithm was.

Old clients still would be made absolutely useless though, and would create their own block chain at that point.

It would not be good.
Block headers contain a version.
becoin
Legendary
*
Offline Offline

Activity: 1428



View Profile
July 07, 2011, 01:19:09 PM
 #8

They need to make a replacement becqause the alternative is to wait until SHA256 isn't good enough.
I don't reall understand what are you trying to say, Man From The Future. SHA256 is just 1 of the 4 hashing functions that are used in the SHA-2 hashing algorithm!

It's possible, yes, but it's going to be a mess and require lots of cooperation.
So, better sooner than later because if later the mess will be bigger!

18sNtvUmtW6nrQXfYt1wvviGockSWxhPBX
elggawf
Sr. Member
****
Offline Offline

Activity: 308



View Profile
July 07, 2011, 01:19:35 PM
 #9

You think they should wait until SHA-2 is broken to start looking for a replacement? Think about that for a second.
If they think for a replacement there is a reason, right? If they think for a replacement after 2012 why you shouldn't? Or you intend to use SHA-2 until 2140?

Yes, but you don't understand the reason. Designing a new hash is not something you just throw together over a weekend with a few beers and a whiteboard. If they waited until there was a credible threat to SHA-2, then that's waiting too long - the algorithm would be broken before a replacement was ready and proven strong.

So instead, they leapfrog the standards and it's merely up to users to implement it when their risk assessment decides it's time to do so - Bitcoin would be no exception: when SHA-256 is not as useful as one of it's replacements, I'm sure the devs will begin the difficulty and thorny process of replacing it in the Blockchain.

I highly doubt they'll switch just because NIST declares a great new algo and it looks shiny.

So, better sooner than later because if later the mess will be bigger!

I don't think doing it now, versus in 5 years makes it any less of a nightmare, personally. It's still going to take the cooperation of the network, and I don't think making the network more diverse makes that significantly harder. On the flipside, a giant clusterfuck of changing the algo might be another cataclysmic event for a digital currency that's taken a pounding lately.

The only real benefit I can think of is that you wouldn't fuck over the people who are building ASIC farms if you did it now - I think that's their problem though, not the network's.

^_^
becoin
Legendary
*
Offline Offline

Activity: 1428



View Profile
July 07, 2011, 01:31:27 PM
 #10

If they waited until there was a credible threat to SHA-2, then that's waiting too long
This is why they have announced an open competition to replace SHA-2 with SHA-3 after 2012...

I have a very simple question. If they don't want to wait anymore, what are you waiting for?

18sNtvUmtW6nrQXfYt1wvviGockSWxhPBX
elggawf
Sr. Member
****
Offline Offline

Activity: 308



View Profile
July 07, 2011, 01:40:31 PM
 #11

If they waited until there was a credible threat to SHA-2, then that's waiting too long
This is why they have announced an open competition to replace SHA-2 with SHA-3 after 2012...

I have a very simple question. If they don't want to wait anymore, what are you waiting for?

The competition ends in 2012, at which point the new standard will be written. They're not mandating anyone replace SHA-2 in 2012, just that's when the new standard will be written.

They didn't start SHA-3 because they expect SHA-2 to be broken in 2012, which seems to be the assumption you're blindly leaping to.

^_^
prolixus
Newbie
*
Offline Offline

Activity: 18


View Profile
July 07, 2011, 02:23:54 PM
 #12

Another factor that you're not seeing is that SHA-3 will subject to extensive analysis and testing after it's published. There's a small but real possibility that a flaw in the algorithm could be discovered that makes it less secure than SHA-2. Just jumping into the new standard is riskier than waiting until there is a clear reason to make a transition.
becoin
Legendary
*
Offline Offline

Activity: 1428



View Profile
July 08, 2011, 10:13:37 AM
 #13

Just jumping into the new standard is riskier than waiting until there is a clear reason to make a transition.
Where did I say we should jump into the new standard immediately? All I'm saying we should be prepared to jump once necessity arises.

I'm surprised an option for changing bitcoin hashing algorithm was not envisaged in the original concept. Everything that is man-made can be destroyed or counterfeited by another man. This is why everything valuable for the society should have built-in mechanisms for defence and protection improvements in case it is needed.

Think about current bank notes and bills. In the beginning of their life span they all have a cutting-edge and state-of-the-art protection in place (serial numbers, watermarks, micro seals, color-shifting ink, embedded fibers, security thread, holograms, you name it). As time passes and technologies employed mature (become cheaper to acquire and implement) it gets easier to produce counterfeit money. On top of it, very often a 'leak' occurs and 'unsanctioned' printing of genuine bank notes takes place. When that happens there is no choice but to withdraw old bank notes from circulation and emit new notes with new design and improved protection against counterfeiting.

Bitcoin is a cryptographic currency. That means its strongest line of defence is the hashing algorithm. If this line is somehow endangered there must be options in place to strengthen it by orderly introducing new 'design' with more secure hashing algorithm.

18sNtvUmtW6nrQXfYt1wvviGockSWxhPBX
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 08, 2011, 10:18:31 AM
 #14

If SHA-2 is so secure then why have National Institute of Standards and Technology (NIST) announced an open competition for a new SHA-3 function to replace the older SHA-1 and SHA-2 after 2012?
For a variety of reasons, none of which in any way bear on SHA-2's suitability for use in bitcoin. For example, one issue is to provide improved hashing performance.

Quote
Is SHA-2 algorithm hard coded in the bitcoin protocol or not? Is it possible to upgraded it to SHA-3 after 2012?
It is, but the protocol could be changed if needed. However, SHA-2 will be suitable for use in bitcoin *way* past 2012. I would be surprised if SHA-2 wasn't still ironclad for its use in bitcoin until at least 2030.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
jackjack
Hero Member
*****
Offline Offline

Activity: 868


May Bitcoin be touched by his Noodly Appendage


View Profile
July 08, 2011, 10:23:14 AM
 #15

Just jumping into the new standard is riskier than waiting until there is a clear reason to make a transition.
Where did I say we should jump into the new standard immediately?
There:
If they waited until there was a credible threat to SHA-2, then that's waiting too long
This is why they have announced an open competition to replace SHA-2 with SHA-3 after 2012...

I have a very simple question. If they don't want to wait anymore, what are you waiting for?

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
becoin
Legendary
*
Offline Offline

Activity: 1428



View Profile
July 08, 2011, 10:44:54 AM
 #16

It is, but the protocol could be changed if needed.
If it is hard coded then it should not be possible to change it. Ever! Is there anything that can not be changed if needed? I need some more bitcoins. Would you change the protocol for me?

18sNtvUmtW6nrQXfYt1wvviGockSWxhPBX
jackjack
Hero Member
*****
Offline Offline

Activity: 868


May Bitcoin be touched by his Noodly Appendage


View Profile
July 08, 2011, 10:51:57 AM
 #17

It is, but the protocol could be changed if needed.
If it is hard coded then it should not be possible to change it. Ever! Is there anything that can not be changed if needed? I need some more bitcoins. Would you change the protocol for me?
I wasn't sure you were a troll
Now I am

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 08, 2011, 10:52:53 AM
 #18

If it is hard coded then it should not be possible to change it. Ever! Is there anything that can not be changed if needed? I need some more bitcoins. Would you change the protocol for me?
Even something hard coded can be changed, including giving you more bitcoins. The process would be:

1) Obtain a community consensus on the change.

2) Develop patches to support the change without activating the change.

3) Wait for significantly more than 50% of miners to be running a build with those patches. (At minimum. Obviously, if possible, wait longer than this to minimize disruption to clients and services.)

4) Pick a block to begin the change.

5) Develop patches to make that change at that block. (Or trigger on an event.)

6) Wait.

This would be a painful process that would likely be at least somewhat harmful to at least bitcoin's perceived stability. So I doubt you could make it work just to give you a few more bitcoins. Perhaps if you gave me a few more as well ...

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
becoin
Legendary
*
Offline Offline

Activity: 1428



View Profile
July 08, 2011, 10:56:19 AM
 #19

There:
If they waited until there was a credible threat to SHA-2, then that's waiting too long
This is why they have announced an open competition to replace SHA-2 with SHA-3 after 2012...

I have a very simple question. If they don't want to wait anymore, what are you waiting for?
Where there, jackjack?

The guy that was arguing with me basically said NIST announced this competition just in case... What I'm asking is 'If they don't want to wait anymore and are acting now just in case, what are you waiting for and don't act just in case as well?'

How are you prepared for a possible change in SHA?

18sNtvUmtW6nrQXfYt1wvviGockSWxhPBX
becoin
Legendary
*
Offline Offline

Activity: 1428



View Profile
July 08, 2011, 11:05:28 AM
 #20

1) Obtain a community consensus on the change.
I have X amount of bitcoins in my wallet. Am I part of the community? Where can I read about the procedure to be followed when a community consensus for a change need to be obtained?

18sNtvUmtW6nrQXfYt1wvviGockSWxhPBX
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!