scarsbergholden
|
|
October 21, 2013, 10:27:35 PM |
|
so what's the consensus here? NSA does or does not have a backdoor into SHA-256? that would be pretty worrisome.... thinking this is FUD, though.
|
|
|
|
foggyb
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
October 21, 2013, 10:41:06 PM |
|
I'm reading this book right now. Pretty on topic. In this novel the NSA can decrypt any algorithm except one... I'm sorry for your loss. That book is total junk. At least with the other formulaic dan brown novels, they touch on something he knows about (religious history). This one does not. I'm reading about 1 novel a year. Much more than that when I was younger. I don't expect everything in this book to be accurate. I'm 50% done and enjoying it. The rest of the years, I'm reading technical books and stuff so this is relaxing for my mind. Even his books on religious history are purely for entertainment and are seriously 'out there' on doctrine. If his cryptography treatment is similar, then accept it with a ten-ton salt boulder. Don't take Dan Brown so seriously.
|
Hey everyone! 🎉 Dive into the excitement with the Gamble Games Eggdrop game! Not only is it a fun and easy-to-play mobile experience, you can now stake your winnings and accumulate $WinG token, which has a finite supply of 200 million tokens. Sign up now using this exclusive referral link! Start staking, playing, and winning today! 🎲🐣
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
October 22, 2013, 12:25:42 AM |
|
The NSA created Bitcoin and used ECDSA in it because they already had it broken.
This risk is already mitigated for any bitcoin address that has not been used for spending (i.e. its public key is not yet known). Even if ECDSA is broken wide open, it doesn't really matter with respect to bitcoins that have been received at addresses that have never been used for spending, because the corresponding ECDSA public key is not known and cannot be determined without also breaking both RIPEMD160 and SHA256 simultaneously. Can anyone speak to the issue, if I use a deterministic wallet (eg electrum,) and I spend from one address, thus ECDSA is all that is needed to be cracked, can that private key be used to access the rest of the address even though Unspent. Thus would it be safer if I use multibit or the QT, as the issue is in the random generation only but the secon vulnerability is no their as those addresses are not determanisitc. Where is the best place to generate the safest addresses keys, as I like the electrum interface and could always import keys. I have tried to raise this in the elctrum sub boards, and the answer was not as definitive as I would have hoped. My understanding (and please double verify) is that a known private key only will not enable you to find another private key, even multiple known private keys won't. However if the master seed public key AND one private key from the wallet are known it is possible to compute the master seed private key and from that compute all private keys in the wallet. Then again there is no need to ever reveal your master seed public key or a private key so I don't see it as much of an enhanced threat. Random Wallet reveal private key - compromise one address reveal wallet.dat (and passphrase) - compromise entire wallet Detemrinistic Wallet reveal private key - compromise one address reveal wallet file (and passphrase) - compromise entire wallet reveal master private key - compromise entire wallet reveal private key AND master seed public key - compromise entire wallet The first two vulnerabilities are the same. The third one I just included to be explicit but honestly if an attacker can gain your master seed private key (which resides only in the wallet) it is highly likely your computer is compromised and a random wallet wouldn't provide any more security. The last scenario is one where a user could (in theory) out themselves. For example say a user puts master public key seed on a website (so site can generate public keys and a compromise won't result in a loss of a private key). The user also foolishly gives someone some funds by giving them a single private key. If an attacker took the known private key and compromised the website to gain the master public key seed then the two could be used together to compromise the entire wallet. Simple solution don't reveal private keys and if you do generate a new wallet (and thus new master private & public keys) and transfer all funds to the new wallet.
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
October 22, 2013, 12:37:21 AM |
|
so what's the consensus here? NSA does or does not have a backdoor into SHA-256? that would be pretty worrisome.... thinking this is FUD, though.
The NSA has no need to put a backdoor in SHA-256 when all they need to do is backdoor the developers. For the most part, the primary developers all: - are married
- have children
- have established careers with companies or academic institutions which are not easy to replace
Those three things are notable because those characteristics make them more vulnerable to extortion and blackmail than they might otherwise be. Backdooring SHA-256 is presumably difficult. On the other hand, threatening a core developer or two until they play ball is easy. Then their handlers just need to tell them to backdoor bitcoin in two steps: First, build a trackable alternative to Bitcoin's most troublesome (from the NSA's perspective) features, such as the ability to send funds to an arbitrary public key. Next, deprecate and remove the old function so that users no longer have the ability to avoid tracking.
|
|
|
|
oakpacific
|
|
October 22, 2013, 12:59:46 AM |
|
Breaking SHA256 is pretty unlikely, that being said I still think we may change the wallet address hashing into something like SHA256(XOR(PubKey,SHA256(PubKey))), that will make any preimage attack against SHA256 useless.
|
|
|
|
jubalix
Legendary
Offline
Activity: 2632
Merit: 1022
|
|
October 22, 2013, 04:08:00 PM |
|
so what's the consensus here? NSA does or does not have a backdoor into SHA-256? that would be pretty worrisome.... thinking this is FUD, though.
The NSA has no need to put a backdoor in SHA-256 when all they need to do is backdoor the developers. For the most part, the primary developers all: - are married
- have children
- have established careers with companies or academic institutions which are not easy to replace
Those three things are notable because those characteristics make them more vulnerable to extortion and blackmail than they might otherwise be. Backdooring SHA-256 is presumably difficult. On the other hand, threatening a core developer or two until they play ball is easy. Then their handlers just need to tell them to backdoor bitcoin in two steps: First, build a trackable alternative to Bitcoin's most troublesome (from the NSA's perspective) features, such as the ability to send funds to an arbitrary public key. Next, deprecate and remove the old function so that users no longer have the ability to avoid tracking. nah, Gav addressed this and that's the point of the open surce, you can see the code, and you would just for back to the earlier version. This years 0.8 --> 0.7 for show how quickly this can happen an how transitory its effect was on price
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
October 22, 2013, 04:18:52 PM |
|
am i correct that a PRNG on a pc is used 2 ways in Bitcoin; generating a nonce for ECDSA signed tx's and generating SHA256 private keys? any other function i'm missing?
|
|
|
|
vesperwillow
|
|
October 22, 2013, 04:44:08 PM |
|
nah, Gav addressed this and that's the point of the open surce, you can see the code, and you would just for back to the earlier version. This years 0.8 --> 0.7 for show how quickly this can happen an how transitory its effect was on price
The point made a few pages back was that opensource is a ruse--backdoors in closed source software on the host and client machines bypass the in-between security, rendering the opensource safety net moot.
|
|
|
|
jubalix
Legendary
Offline
Activity: 2632
Merit: 1022
|
|
November 05, 2013, 11:32:15 AM |
|
nah, Gav addressed this and that's the point of the open surce, you can see the code, and you would just for back to the earlier version. This years 0.8 --> 0.7 for show how quickly this can happen an how transitory its effect was on price
The point made a few pages back was that opensource is a ruse--backdoors in closed source software on the host and client machines bypass the in-between security, rendering the opensource safety net moot. what close source.....and you can air gap
|
|
|
|
vesperwillow
|
|
November 05, 2013, 01:21:16 PM |
|
nah, Gav addressed this and that's the point of the open surce, you can see the code, and you would just for back to the earlier version. This years 0.8 --> 0.7 for show how quickly this can happen an how transitory its effect was on price
The point made a few pages back was that opensource is a ruse--backdoors in closed source software on the host and client machines bypass the in-between security, rendering the opensource safety net moot. what close source.....and you can air gap Any closed source.. anything running on your computer which isn't open source. And as mentioned before, there are developers in the open source world who are planted by various agencies for XYZ reasons. The old x files adage is true, trust no one, and presume your system is compromised.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
November 05, 2013, 09:02:53 PM |
|
am i correct that a PRNG on a pc is used 2 ways in Bitcoin; generating a nonce for ECDSA signed tx's and generating SHA256 private keys? any other function i'm missing?
For QT wallet (and probably othets) the encryption passphrase is salted using a nonce. For deterministic wallets the master private key seed would be randomly generated.
|
|
|
|
IsaacGoldbourne
Member
Offline
Activity: 112
Merit: 10
Looking to start various enterprises
|
|
November 05, 2013, 09:41:34 PM |
|
I don't believe it... I could never think of any sci-fi-ass machine capable of cracking SHA256. Of course with Snowden's verification, how could it be false? I'm horrified. Are our savings subject to overnight destruction?
Even if they have broken encryption hashing has not been broken. Bitcoin users not effected. Plus we know how SHA works and lots of people had analysed it. Its safe
|
Vote for me for CEO/CNO of MemoryCoin! CEO: MVTEceoa86dYRsxc2rWCexBMjJmaawMkHZ CNO: MVTEcno2tbsJWj7AQEyEjgk72j94hbPHFm
|
|
|
|
|
|
vesperwillow
|
|
January 24, 2014, 12:34:37 PM |
|
How is our owning a data analysis center going to ruin the economy?
|
|
|
|
MarketNeutral
|
|
January 24, 2014, 12:35:18 PM |
|
Not quite the proverbial "box of fans," but nothing to panic over yet. Search for previous threads on this topic. They're very interesting.
|
|
|
|
whtchocla7e
Full Member
Offline
Activity: 392
Merit: 116
Worlds Simplest Cryptocurrency Wallet
|
|
January 24, 2014, 01:58:37 PM |
|
I have a fantastic idea - lets use an NSA algorithm to secure Bitcoin!! They're good people. Who's with me?
|
▂▂▂▂▂▂▂▂▂▂▂▂▂▃▅▆█ L E A D █▆▅▃▂▂▂▂▂▂▂▂▂▂▂▂ World's Simplest and Safest Decentralized Cryptocurrency Wallet! ▬▬▬▬▬▬▬ • STORE • SEND • SPEND • SWAP • STAKE • ▬▬▬▬▬▬
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
January 24, 2014, 02:38:09 PM |
|
Guys I think the community need to take it seriously about NSA breaking the encryption. I will as soon as you can explain in specific terms exactly what the NSA can do to Bitcoin with a quantum computer.
|
|
|
|
vesperwillow
|
|
January 24, 2014, 02:58:11 PM |
|
Guys I think the community need to take it seriously about NSA breaking the encryption. I will as soon as you can explain in specific terms exactly what the NSA can do to Bitcoin with a quantum computer. ^-- Lol, this.
|
|
|
|
|