If SHA-2 is so secure then why?

[becoin]

Bitcoin mining process consists of repeatedly increasing "nonce":

payload = <some data related to things happening on the Bitcoin network>
nonce = 1
hash = SHA2( SHA2( payload + nonce ) )

It merely tries to find the right number.


If SHA-2 is so secure then why have National Institute of Standards and Technology (NIST) announced an open competition for a new SHA-3 function to replace the older SHA-1 and SHA-2 after 2012?

http://en.wikipedia.org/wiki/NIST_hash_function_competition

Is SHA-2 algorithm hard coded in the bitcoin protocol or not? Is it possible to upgraded it to SHA-3 after 2012?

[1713905258]

1713905258

[elggawf]

If SHA-2 is so secure then why have National Institute of Standards and Technology (NIST) announced an open competition for a new SHA-3 function to replace the older SHA-1 and SHA-2 after 2012?

You think they should wait until SHA-2 is broken to start looking for a replacement? Think about that for a second.

Is SHA-2 algorithm hard coded in the bitcoin protocol or not? Is it possible to upgraded it to SHA-3 after 2012?

It's possible, yes, but it's going to be a mess and require lots of cooperation.

[becoin]

You think they should wait until SHA-2 is broken to start looking for a replacement? Think about that for a second.

If they think for a replacement there is a reason, right? If they think for a replacement after 2012 why you shouldn't? Or you intend to use SHA-2 until 2140?

[Man From The Future]

You think they should wait until SHA-2 is broken to start looking for a replacement? Think about that for a second.

If they think for a replacement there is a reason, right? If they think for a replacement after 2012 why you shouldn't? Or you intend to use SHA-2 until 2140?

They need to make a replacement becqause the alternative is to wait until SHA256 isn't good enough.

Yes, bitcoin can change to not use SHA2

[natman3400]

You think they should wait until SHA-2 is broken to start looking for a replacement? Think about that for a second.

If they think for a replacement there is a reason, right? If they think for a replacement after 2012 why you shouldn't? Or you intend to use SHA-2 until 2140?

SHA-1 is still unbroken (as far as i know), but that's no reason to not use SHA-2. Just means that SHA-1 had a possible future weakness that could be fixed, for the most part, but at the cost of using more computing power. The time has just come again that average computing power has yet increased that they see fit to upgrade it to nip any possible weakness in the bud. The only problem found in SHA-1 was a POSSIBLE mathematical weakness, and since SHA-2 is roughly based on SHA-1, just a bit beefed up, the search for a replacement to SHA-1 never really stopped.

[sirky]

It is simply a good idea. SHA-2 is still holding up, but it seems that these hashing functions generally only last so long before someone figures out a way to decrease the attack space enough to make you uncomfortable, or to find a collision fast enough to make you question the theory (MD-4 being the worst).

Updating the client would be a huge mess though. There would have to be a hard coded block (probably) when all the clients switched to whatever the new algorithm was.

Old clients still would be made absolutely useless though, and would create their own block chain at that point.

It would not be good.

[Man From The Future]

It is simply a good idea. SHA-2 is still holding up, but it seems that these hashing functions generally only last so long before someone figures out a way to decrease the attack space enough to make you uncomfortable, or to find a collision fast enough to make you question the theory (MD-4 being the worst).

Updating the client would be a huge mess though. There would have to be a hard coded block (probably) when all the clients switched to whatever the new algorithm was.

Old clients still would be made absolutely useless though, and would create their own block chain at that point.

It would not be good.

Block headers contain a version.

[becoin]

They need to make a replacement becqause the alternative is to wait until SHA256 isn't good enough.

I don't reall understand what are you trying to say, Man From The Future. SHA256 is just 1 of the 4 hashing functions that are used in the SHA-2 hashing algorithm!

It's possible, yes, but it's going to be a mess and require lots of cooperation.

So, better sooner than later because if later the mess will be bigger!

[elggawf]

You think they should wait until SHA-2 is broken to start looking for a replacement? Think about that for a second.

If they think for a replacement there is a reason, right? If they think for a replacement after 2012 why you shouldn't? Or you intend to use SHA-2 until 2140?

Yes, but you don't understand the reason. Designing a new hash is not something you just throw together over a weekend with a few beers and a whiteboard. If they waited until there was a credible threat to SHA-2, then that's waiting too long - the algorithm would be broken before a replacement was ready and proven strong.

So instead, they leapfrog the standards and it's merely up to users to implement it when their risk assessment decides it's time to do so - Bitcoin would be no exception: when SHA-256 is not as useful as one of it's replacements, I'm sure the devs will begin the difficulty and thorny process of replacing it in the Blockchain.

I highly doubt they'll switch just because NIST declares a great new algo and it looks shiny.

So, better sooner than later because if later the mess will be bigger!

I don't think doing it now, versus in 5 years makes it any less of a nightmare, personally. It's still going to take the cooperation of the network, and I don't think making the network more diverse makes that significantly harder. On the flipside, a giant clusterfuck of changing the algo might be another cataclysmic event for a digital currency that's taken a pounding lately.

The only real benefit I can think of is that you wouldn't fuck over the people who are building ASIC farms if you did it now - I think that's their problem though, not the network's.

[becoin]

If they waited until there was a credible threat to SHA-2, then that's waiting too long

This is why they have announced an open competition to replace SHA-2 with SHA-3 after 2012...

I have a very simple question. If they don't want to wait anymore, what are you waiting for?

[elggawf]

If they waited until there was a credible threat to SHA-2, then that's waiting too long

This is why they have announced an open competition to replace SHA-2 with SHA-3 after 2012...

I have a very simple question. If they don't want to wait anymore, what are you waiting for?

The competition ends in 2012, at which point the new standard will be written. They're not mandating anyone replace SHA-2 in 2012, just that's when the new standard will be written.

They didn't start SHA-3 because they expect SHA-2 to be broken in 2012, which seems to be the assumption you're blindly leaping to.

[prolixus]

Another factor that you're not seeing is that SHA-3 will subject to extensive analysis and testing after it's published. There's a small but real possibility that a flaw in the algorithm could be discovered that makes it less secure than SHA-2. Just jumping into the new standard is riskier than waiting until there is a clear reason to make a transition.

[becoin]

Just jumping into the new standard is riskier than waiting until there is a clear reason to make a transition.

Where did I say we should jump into the new standard immediately? All I'm saying we should be prepared to jump once necessity arises.

I'm surprised an option for changing bitcoin hashing algorithm was not envisaged in the original concept. Everything that is man-made can be destroyed or counterfeited by another man. This is why everything valuable for the society should have built-in mechanisms for defence and protection improvements in case it is needed.

Think about current bank notes and bills. In the beginning of their life span they all have a cutting-edge and state-of-the-art protection in place (serial numbers, watermarks, micro seals, color-shifting ink, embedded fibers, security thread, holograms, you name it). As time passes and technologies employed mature (become cheaper to acquire and implement) it gets easier to produce counterfeit money. On top of it, very often a 'leak' occurs and 'unsanctioned' printing of genuine bank notes takes place. When that happens there is no choice but to withdraw old bank notes from circulation and emit new notes with new design and improved protection against counterfeiting.

Bitcoin is a cryptographic currency. That means its strongest line of defence is the hashing algorithm. If this line is somehow endangered there must be options in place to strengthen it by orderly introducing new 'design' with more secure hashing algorithm.

[JoelKatz]

If SHA-2 is so secure then why have National Institute of Standards and Technology (NIST) announced an open competition for a new SHA-3 function to replace the older SHA-1 and SHA-2 after 2012?

For a variety of reasons, none of which in any way bear on SHA-2's suitability for use in bitcoin. For example, one issue is to provide improved hashing performance.

Is SHA-2 algorithm hard coded in the bitcoin protocol or not? Is it possible to upgraded it to SHA-3 after 2012?

It is, but the protocol could be changed if needed. However, SHA-2 will be suitable for use in bitcoin *way* past 2012. I would be surprised if SHA-2 wasn't still ironclad for its use in bitcoin until at least 2030.

[jackjack]

Just jumping into the new standard is riskier than waiting until there is a clear reason to make a transition.

Where did I say we should jump into the new standard immediately?

There:

If they waited until there was a credible threat to SHA-2, then that's waiting too long

This is why they have announced an open competition to replace SHA-2 with SHA-3 after 2012...

I have a very simple question. If they don't want to wait anymore, what are you waiting for?

[becoin]

It is, but the protocol could be changed if needed.

If it is hard coded then it should not be possible to change it. Ever! Is there anything that can not be changed if needed? I need some more bitcoins. Would you change the protocol for me?

[jackjack]

It is, but the protocol could be changed if needed.

If it is hard coded then it should not be possible to change it. Ever! Is there anything that can not be changed if needed? I need some more bitcoins. Would you change the protocol for me?

I wasn't sure you were a troll
Now I am

[JoelKatz]

If it is hard coded then it should not be possible to change it. Ever! Is there anything that can not be changed if needed? I need some more bitcoins. Would you change the protocol for me?

Even something hard coded can be changed, including giving you more bitcoins. The process would be:

1) Obtain a community consensus on the change.

2) Develop patches to support the change without activating the change.

3) Wait for significantly more than 50% of miners to be running a build with those patches. (At minimum. Obviously, if possible, wait longer than this to minimize disruption to clients and services.)

4) Pick a block to begin the change.

5) Develop patches to make that change at that block. (Or trigger on an event.)

6) Wait.

This would be a painful process that would likely be at least somewhat harmful to at least bitcoin's perceived stability. So I doubt you could make it work just to give you a few more bitcoins. Perhaps if you gave me a few more as well ...

[becoin]

There:

If they waited until there was a credible threat to SHA-2, then that's waiting too long

This is why they have announced an open competition to replace SHA-2 with SHA-3 after 2012...

I have a very simple question. If they don't want to wait anymore, what are you waiting for?

Where there, jackjack?

The guy that was arguing with me basically said NIST announced this competition just in case... What I'm asking is 'If they don't want to wait anymore and are acting now just in case, what are you waiting for and don't act just in case as well?'

How are you prepared for a possible change in SHA?

[becoin]

1) Obtain a community consensus on the change.

I have X amount of bitcoins in my wallet. Am I part of the community? Where can I read about the procedure to be followed when a community consensus for a change need to be obtained?