Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
September 13, 2013, 10:02:45 PM |
|
There has been a lot of threads about Snowden, NSA and broken crypto started recently. Some guys asked what if NSA could break SHA-256, others answered that SHA-256 was analyzed by a lot of cryptomaniacs and noone has found a weakness yet... Ok, but Bitcoin uses double SHA-256. It's not that SHA-256, it's a completely different algo. What if Sha256() function applied to itself gives an outcome that correlates to the input? Like if we took f(x)=1/x and calculated f(f(5)) which is 5.
Of course, we can only speculate about this. I just want to point that it's not correctly to discuss security of Bitcoin mining algo applying well-studied features of conventional SHA-256.
|
|
|
|
phillipsjk
Legendary
Offline
Activity: 1008
Merit: 1001
Let the chips fall where they may.
|
|
September 13, 2013, 10:16:25 PM |
|
Why don't you read up on Tripple-DES and then restate your question?
Hint: Running SHA-256 twice does not in any way make it less secure.
|
James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE 0A2F B3DE 81FF 7B9D 5160
|
|
|
shep80
|
|
September 14, 2013, 01:16:17 AM |
|
Double SHA-256 still relies on the underlying properties of SHA-256... With 3DES and the like, it is more than just DES three times. With bitcoin, it is just SHA-256 twice. It's quite good but the argument could be made having an alternate middle hash function would be "more" secure. Regardless, if SHA-256 has serious issues bitcoin is the least of the problems
|
|
|
|
AndrewWilliams
Full Member
Offline
Activity: 182
Merit: 100
Fourth richest fictional character
|
|
September 14, 2013, 04:12:58 AM |
|
Read the latest, whether they can crack it or not, it doesn't matter since they had backdoors planted in it.
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
September 14, 2013, 07:48:42 AM |
|
Hint: Running SHA-256 twice does not in any way make it less secure.
Care to prove? With bitcoin, it is just SHA-256 twice.
Care to prove? Double SHA-2, therefore, cannot be weaker than single SHA-2.
Doubtful, sorry.
|
|
|
|
polarhei
Sr. Member
Offline
Activity: 462
Merit: 250
Firing it up
|
|
September 14, 2013, 07:51:42 AM |
|
Each arithmetic has its weakness. Even these people has to leave a small paper (never be written in direct term, just relative) about it before announces, the cracking takes long time to deal with. Even Bank-level encryption.
So, two-step just take longer before broken. This is the nature of encryption. Do you know the case of the U submarine story? Better to read again.
|
|
|
|
phillipsjk
Legendary
Offline
Activity: 1008
Merit: 1001
Let the chips fall where they may.
|
|
September 14, 2013, 10:10:44 AM |
|
Care to prove?
fpgaminer proved it; you are just bad at math (basing this partially on your previous thread). If you are of Middle-school age, the math may be just a little advanced for you. I mentioned 3DES because it is an example of a weak algorithm being strengthened by repeated application. Running SHA-256 twice buys us some time if 'single' SHA-256 is found to be broken. If you want to confirm that Bitcoin simply runs the standard SHA-256 twice, you have only to check the source-code.
|
James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE 0A2F B3DE 81FF 7B9D 5160
|
|
|
Jace
|
|
September 14, 2013, 10:26:11 AM |
|
If double SHA-2 were weaker than single SHA-2, one could simply use that construct to weaken single SHA-2. In other words, let's suppose someone discovered that double SHA-2 can be broken with 2^80 operations (instead of the usual 2^256 for a pre-image attack). Given that, anyone trying to attack SHA-2 could just, ya know, run SHA-2 on the hash they're trying to break and then perform 2^80 operations to break it and recover the original input. Not true. Given a hash value h, if you 'recover' the original some input x such that Sha2(Sha2(x))=Sha2(h), this does not imply Sha2(x)=h.
|
Feel free to send your life savings to 1JhrfA12dBMUhcgh85wYan6HL2uLQdB6z9
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
September 14, 2013, 10:35:11 AM |
|
fpgaminer proved it; you are just bad at math (basing this partially on your previous thread). If you are of Middle-school age, the math may be just a little advanced for you. Hehe. U r close to compare me with Hitler. I mentioned 3DES because it is an example of a weak algorithm being strengthened by repeated application. Running SHA-256 twice buys us some time if 'single' SHA-256 is found to be broken. If u r not a schoolboy u should use mathematical notation instead of vague words. Try again. If you want to confirm that Bitcoin simply runs the standard SHA-256 twice, you have only to check the source-code.
Ta, I know that.
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
September 14, 2013, 11:03:35 AM |
|
double sha2 is weaker then sha2 in some aspects.
im not sure that anyone have ever proven that sha2 hits its whole 'probability' space(2^256), if doesn't do that it will be loosing entropy by repeated applications.
more data in(a big fat block of data), means more random out. less data in(a single 256-bit sha2 hash), means less random out.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
AndrewWilliams
Full Member
Offline
Activity: 182
Merit: 100
Fourth richest fictional character
|
|
September 14, 2013, 04:34:38 PM |
|
Many of you seem to be lost in translation.
SHA-256 HAS BACKDOORS.
LIKE WINDOWS OS HAS BACKDOORS. That means NSA works with Windows to plant backdoors to access any system. NSA purposely weakens software and plants backdoors in it, SHA-256 is no exception.
|
|
|
|
Wilikon
Legendary
Offline
Activity: 1176
Merit: 1001
minds.com/Wilikon
|
|
September 14, 2013, 06:47:14 PM |
|
If proven, I believe this will be the end of a lot of industries based on 100% trust, like bitcoin. If bitcoin falls, the next domino will follow: Wall Streets, military top secrets all over the world, etc.
This may even fork the internet. The whole internet.
|
|
|
|
phillipsjk
Legendary
Offline
Activity: 1008
Merit: 1001
Let the chips fall where they may.
|
|
September 14, 2013, 07:45:24 PM |
|
Uh, no. If u r not a schoolboy u should use mathematical notation instead of vague words. Try again.
The wikipedia page gives a little more detail about 3DES. Encrypting 3 times does not triple the strength of the cipher. However, it also does not weaken it. double sha2 is weaker then sha2 in some aspects.
im not sure that anyone have ever proven that sha2 hits its whole 'probability' space(2^256), if doesn't do that it will be loosing entropy by repeated applications.
more data in(a big fat block of data), means more random out. less data in(a single 256-bit sha2 hash), means less random out.
So kokjo is pointing out that nobody has proven that SHA-256 has a completely uniform probability distribution. That does not imply that a second iteration makes the combined hash weaker for the reason fpgaminer pointed out. The example he used was to assume double-SHA-256 has about the same cryptographic strength as MD5. I will make a weaker assumption: assume the second hash has reduced variability because of the limited input size. Once the attacker determines the intermediate hash in 2 80 time, they have a problem: they must now break the remaining 'single' hash. I suppose I should prove that later rounds don't undo the work of earlier rounds: but frankly, I don't have the time right now.
|
James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE 0A2F B3DE 81FF 7B9D 5160
|
|
|
Kazimir
Legendary
Offline
Activity: 1176
Merit: 1011
|
|
September 15, 2013, 08:40:33 PM |
|
SHA-256 HAS BACKDOORS. PROOF OR STFU. (oh and by the way...)
|
|
|
|
AndrewWilliams
Full Member
Offline
Activity: 182
Merit: 100
Fourth richest fictional character
|
|
September 16, 2013, 07:08:54 AM |
|
Shhh.... if people hear you talk, they'll know you're dumb.
|
|
|
|
solex
Legendary
Offline
Activity: 1078
Merit: 1006
100 satoshis -> ISO code
|
|
September 16, 2013, 07:15:48 AM |
|
SHA-256 HAS BACKDOORS.
References? Papers? Links? Actor_Tom_Truong say-so? Anything?
|
|
|
|
Galahad
|
|
September 16, 2013, 12:19:42 PM |
|
Some pretty childish bickering going on here but anyway. There have been many discussions about this subject already, I would dig them out as they have already dealt with these concerns. The best thing I've heard out of it is that the Bitcoin algorithm has been testing for 20years and not even a theoretical weakness has been found by the best experts in the world. I don't think any power of resources could overcome that fact. It would be like 1000 monkeys trying to write Shakespear. The latest theory I've read is that they can decrypt RC4 only which is very old and has known weaknesses (used in WEP wifi and SSL). Despite these weaknesses it is still used very heavily across the web (god know's why). You can get an addon for Firefox called Calomel if you want to see how regularly RC4 and other is used. EDITEDhttps://bitcointalk.org/index.php?topic=288545.0https://bitcointalk.org/index.php?topic=291217.0In particular: https://bitcointalk.org/index.php?topic=288545.msg3091137#msg3091137
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
September 16, 2013, 01:15:19 PM |
|
Don't worry guys, we always can move to Litecoin...
|
|
|
|
hashman
Legendary
Offline
Activity: 1264
Merit: 1008
|
|
September 16, 2013, 03:57:55 PM |
|
Many of you seem to be lost in translation.
SHA-256 HAS BACKDOORS.
LIKE WINDOWS OS HAS BACKDOORS. That means NSA works with Windows to plant backdoors to access any system. NSA purposely weakens software and plants backdoors in it, SHA-256 is no exception.
It's worse than you think. All they need is 8 BITS of a SHA-256 message digest and they can backdoor their way to reconstructing your arbitrary length message. Incidentally this is the same tech they use to store a full year of global telecoms traffic on a thumb drive.
|
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1036
|
|
September 16, 2013, 04:11:26 PM |
|
Many of you seem to be lost in translation.
SHA-256 HAS BACKDOORS.
LIKE WINDOWS OS HAS BACKDOORS. That means NSA works with Windows to plant backdoors to access any system. NSA purposely weakens software and plants backdoors in it, SHA-256 is no exception.
It's worse than you think. All they need is 8 BITS of a SHA-256 message digest and they can backdoor their way to reconstructing your arbitrary length message. Incidentally this is the same tech they use to store a full year of global telecoms traffic on a thumb drive. Now you've gone full retard. How about I give you the first 32 bits of every Bitcoin block hash and you reconstruct the message (hint: they are all 0x00000000h). If I have a SHA256 hash, it will likely correspond to collision with two 257 bit messages, four 258 bit messages, etc. The "arbitrary length message" of Bitcoin is a never-before-seen merkle tree of 256 bit hashes; the information in the hash cannot possibly be used to derive the ~250KB of data per block.
|
|
|
|
|