HorseRider (OP)
Donator
Legendary
Offline
Activity: 1120
Merit: 1001
|
|
March 26, 2012, 10:01:55 AM |
|
http://www.itweb.co.za/office/securitysummit2012/PressRelease.php?StoryID=228225Scratches on the Surface of SHA256 A closer look at the cryptography in use for digital currency Bitcoin shows new vulnerabilities in SHA256, says Absa information security researcher Frans Lategan. Issued by: ITP Communications [Johannesburg, 26 March 2012] - Frans Lategan – Absa information security researcher and speaker at the ITWeb Security Summit. Frans Lategan, who will be one of the expert speakers at the annual ITWeb Security Summit, in May, says he will reveal for the first time at the Summit newly-discovered weaknesses in the gold standard cryptography. Describing the vulnerabilities as “scratches in the paintwork, rather than a train smash”, Lategan says his findings nevertheless indicate that vulnerabilities can exist even in trusted algorithms in use to protect currency as valuable and widespread as Bitcoin. Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks. “The downside of virtual currency such as Bitcoin is that there is no recourse if it is hacked or stolen,” he says. Which is why any vulnerability in the security around it is of interest. ITWeb Security Summit The ITWeb Security Summit and Awards takes place from 15 to 17 May 2012. For more information and to reserve your seat, please click here. Lategan points out that SHA256, in use for over a decade, will be replaced by the SHA3 hash family in the foreseeable future. The annual ITWeb Security Summit will take place from 15 - 17 May 2012 at the Sandton Convention Centre. For more information and to book your seat, go to www.securitysummit.co.za. EDITORIAL CONTACTS ITP Communications Leigh Angelo (011) 869 9153 leigh@tradeprojects.co.za
|
16SvwJtQET7mkHZFFbJpgPaDA1Pxtmbm5P
|
|
|
|
|
|
|
"Bitcoin: the cutting edge of begging technology." -- Giraffe.BTC
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
bulanula
|
|
March 26, 2012, 10:08:04 AM |
|
Probably FUD.
Sell all the BTC !
|
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
March 26, 2012, 10:49:04 AM |
|
see also the brief bio: So it seems the original title was 'SHA256 vulnerabilites exposed by Bitcoin'. Ahh.. who would have thought bitcoin would be so useful to the banking industry as to help expose cryptographic weaknesses!?
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1136
All paid signature campaigns should be banned.
|
|
March 26, 2012, 11:14:00 AM Last edit: March 26, 2012, 12:21:33 PM by BurtWagner |
|
Someone was paid by the banking industry to discredit Bitcoin?
(sarcasm attempt fail)
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
Koekiemonster
Sr. Member
Offline
Activity: 321
Merit: 250
Bitbuy.nl!
|
|
March 26, 2012, 11:20:12 AM |
|
Someone was paid by the banking industry to discredit Bitcoin?
How does this discredit Bitcoin?
|
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
March 26, 2012, 11:25:56 AM |
|
Someone was paid by the banking industry to discredit Bitcoin?
Doesn't seem that way to me. Assuming he's correct... The bitcoin system has proved useful in revealing a minor issue with SHA256 ... which the banks (and military) also use. Note that many US military systems are still in the process of migrating *to* SHA256. It's highly unlikely that these surface scratches indicate a massive reduction in the security and utility of SHA256. It's more a case of 'orderly migration' to something stronger - rather than 'panic exit'.
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
March 26, 2012, 11:44:29 AM |
|
FUD
Lol, bitcoin, wich has a market cap of less than 50 millions of $ discover a weakness that no one in all the world governments and banks and whatelse and trillions of $ discovered? Yeeeah sure. And what about Area 51? I've heard they have aliens there!!!
|
|
|
|
Hawkix
|
|
March 26, 2012, 12:49:43 PM |
|
Bitcoin with its current hashrate may be the most powerfull SHA256 testing tool that has been running so far ...
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
March 26, 2012, 01:57:40 PM |
|
Someone was paid by the banking industry to discredit Bitcoin?
Doesn't seem that way to me. Assuming he's correct... The bitcoin system has proved useful in revealing a minor issue with SHA256 ... which the banks (and military) also use. what minor issue?
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
triplehelix
Member
Offline
Activity: 84
Merit: 10
|
|
March 26, 2012, 02:00:40 PM |
|
any vulnerability can and will be verified. why are so many so quick to write this off? just because he works for a bank?
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 26, 2012, 02:06:38 PM |
|
Frans Lategan, who will be one of the expert speakers at the annual ITWeb Security Summit, in May, says he will reveal for the first time at the Summit newly-discovered weaknesses in the gold standard cryptography. Describing the vulnerabilities as “scratches in the paintwork, rather than a train smash”, Lategan says his findings nevertheless indicate that vulnerabilities can exist even in trusted algorithms in use to protect currency as valuable and widespread as Bitcoin. Ok so it is only academic. Obviosuly one wouldn't wait 2+ months to release findings on a flaw unless it is minor ... Also I love the " protect currency as valuable and widespread as Bitcoin." Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks. How exactly does he know Bitcoin has been a victim? Unless he is talking about things like DDOS and thefts which have nothing to do with the vulnerability? Hmm... Either he is full of shit trying to pump up his presentation ahead of the conference or his is the single most unethical cryptographer on the planet. "I know of a vulnerability which is costing other money and undermining public trust in cryptography so I will wait for two months before telling anyone about it ... er I will tell me about it, just not what it is."
|
|
|
|
Etlase2
|
|
March 26, 2012, 02:14:29 PM |
|
Also I love the " protect currency as valuable and widespread as Bitcoin." .. How exactly does he know Bitcoin has been a victim? Unless he is talking about things like DDOS and thefts which have nothing to do with the vulnerability? Hmm... Either he is full of shit trying to pump up his presentation ahead of the conference or his is the single most unethical cryptographer on the planet. I love how on one hand you love what he said, then one sentence later you turn into a raving, rabid bitcoiner. Obviously he was referring to other attacks. Does he really need to spell this out?
|
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
March 26, 2012, 02:16:54 PM |
|
why are so many so quick to write this off? just because he works for a bank?
We are writing off this "news", because there isn't any news. At this point he's just pimping his conference presentation. If he announces anything substantial, we can consider it on its merits.
|
|
|
|
finway
|
|
March 26, 2012, 02:44:23 PM |
|
WangXiaoYun(王小云) uses 10 years to find the vulnerability of MD5 and SHA-1 This guy cracks SHA256, HE must be another WangXiaoYun!
|
|
|
|
finway
|
|
March 26, 2012, 02:55:27 PM |
|
I guess the "vulnerability" of SHA256 may refers to BIP30 -- the same tx hash.
A Big Finding.
|
|
|
|
triplehelix
Member
Offline
Activity: 84
Merit: 10
|
|
March 26, 2012, 02:57:35 PM |
|
the guy himself said its just a scratch in the paint, not a deep rooted issue.
|
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
March 26, 2012, 07:24:57 PM |
|
Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks. Lol i missed that before. Bitcoin has been the victim? Didn't know linode=bitcoin. And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make
|
|
|
|
triplehelix
Member
Offline
Activity: 84
Merit: 10
|
|
March 26, 2012, 07:41:52 PM |
|
Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks. Lol i missed that before. Bitcoin has been the victim? Didn't know linode=bitcoin. And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make you could argue that the worm stealing wallets was a direct attack on bitcoin.
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 26, 2012, 07:45:38 PM |
|
Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks. Lol i missed that before. Bitcoin has been the victim? Didn't know linode=bitcoin. And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make you could argue that the worm stealing wallets was a direct attack on bitcoin. They didn't break the protocol.
|
|
|
|
triplehelix
Member
Offline
Activity: 84
Merit: 10
|
|
March 26, 2012, 08:20:07 PM |
|
Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks. Lol i missed that before. Bitcoin has been the victim? Didn't know linode=bitcoin. And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make you could argue that the worm stealing wallets was a direct attack on bitcoin. They didn't break the protocol. no, but they exposed a weakness in the default client which is provided by the core dev team.
|
|
|
|
|