For what I have seen and what I understand bitcoin uses double sha256, but what I didn't knew is that sha256 (the normal, not double) is used for governments, banks and others. In my opinion this is good for bitcoin because it's much more secure than all the other information in the world (double>single). But I also see a bad part in this, since, what would happen if someone found a vulnerability in sha256 which made possible to find the original hash?
Sha256 is part of the NSA Suite B Cryptography standard [1], which is a set of cryptographic hashes and encryption schemes that have been both defined and reviewed in a formal and academic process. Those are some of the most well understood and therefore most trusted and most widely used cryptographic algorithms out there.
Even if you weren't using a cryptographic hash that is part of an industry standard, you'd still want to use a cryptographic hash that is well understood and reviewed in depth by some of the smartest minds out there. As such you'll always want to rely on commonly used cryptographic hashes and not some home-brewn solution since cryptography is
hard and you're more likely to fuck it up than not.
[1]
https://en.wikipedia.org/wiki/NSA_Suite_B_CryptographyIf the algorithm is used for every important information on the net, chances are higher than if only was used in bitcoin and other cryptocurrencies. I am right or I am missing something here? Because if sha256 is "broke", would be only a matter of time that double sha256 became broke too, right?
Any cryptographic algorithm is prone to break eventually. The point of using well-reviewed standards is to make sure that this happens later rather than sooner (and optimally, can be anticipated in advance).
It would not only be a matter of time until double Sha256 is broken. Double Sha256 is broken the instant that Sha256 is broken.
So, who should be noticed in that case? If sha256 was used only in bitcoin I understand would be the bitcoin foundation or some of the first people who became miners and owners of bitcoin. But being sha256 something global, who should be contacted about this and would manage this situation?
Thank you and let me know if there is something unclear
Cryptography is a huge academic field with a lot of research going on. Vulnerabilities within a cryptographic
algorithm are most likely to be found within academic circles and will thus be addressed within research upon which future cryptographic standards and recommendations will be based on.
For example NIST has been working on post-quantum cryptography recommendations for quite a while now:
https://en.wikipedia.org/wiki/Post-Quantum_Cryptography_StandardizationOnce these algorithms are well understood and the most solid ones are determined, new cryptographic standards will emerge and replace the older ones, just as has happened many times before. After that it will be up to companies and their developers to upgrade their software and systems. Optimally all of this happens long before actual attacks on current cryptographic algorithms become feasible.
Be aware that the effects of an attack on Sha256 will be rather limited in the case of Bitcoin. At best a vulnerability within Sha256 will enable an adversary to calculate the hashes faster than a regular "user". Since the most prominent usage of Sha256 is within Bitcoin's mining progress, this would most likely merely lead to faster miners, rather than a full-on attack. The only scenario that would be worrying is if a single party manages to break Sha256 while also building mining infrastructure surpassing existing one without anyone else noticing to then lead a 51% attack. However this would be both unlikely and highly uneconomical.
