Bitcoin Forum
November 07, 2024, 01:52:12 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: what is the "scratch"? it's FUD or truth?  (Read 4320 times)
HorseRider (OP)
Donator
Legendary
*
Offline Offline

Activity: 1120
Merit: 1001


View Profile
March 26, 2012, 10:01:55 AM
 #1

http://www.itweb.co.za/office/securitysummit2012/PressRelease.php?StoryID=228225


Scratches on the Surface of SHA256
A closer look at the cryptography in use for digital currency Bitcoin shows new vulnerabilities in SHA256, says Absa information security researcher Frans Lategan.

Issued by: ITP Communications   
[Johannesburg, 26 March 2012] -

Frans Lategan – Absa information security researcher and speaker at the ITWeb Security Summit.

Frans Lategan, who will be one of the expert speakers at the annual ITWeb Security Summit, in May, says he will reveal for the first time at the Summit newly-discovered weaknesses in the gold standard cryptography.
Describing the vulnerabilities as “scratches in the paintwork, rather than a train smash”, Lategan says his findings nevertheless indicate that vulnerabilities can exist even in trusted algorithms in use to protect currency as valuable and widespread as Bitcoin.

Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.

“The downside of virtual currency such as Bitcoin is that there is no recourse if it is hacked or stolen,” he says.

Which is why any vulnerability in the security around it is of interest.

ITWeb Security Summit
The ITWeb Security Summit and Awards takes place from 15 to 17 May 2012. For more information and to reserve your seat, please click here.

Lategan points out that SHA256, in use for over a decade, will be replaced by the SHA3 hash family in the foreseeable future.
The annual ITWeb Security Summit will take place from 15 - 17 May 2012 at the Sandton Convention Centre. For more information and to book your seat, go to www.securitysummit.co.za.

 
EDITORIAL CONTACTS
ITP Communications
Leigh Angelo
(011) 869 9153
leigh@tradeprojects.co.za

16SvwJtQET7mkHZFFbJpgPaDA1Pxtmbm5P
bulanula
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
March 26, 2012, 10:08:04 AM
 #2

Probably FUD.

Sell all the BTC !
julz
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001



View Profile
March 26, 2012, 10:49:04 AM
 #3

see also the brief bio:

Quote
Frans Lategan is a security consultant with Absa Bank. His presentation, titled SHA256 vulnerabilities exposed by Bitcoin, will contextualise Bitcoin, discuss the technical workings of Bitcoin and SHA256, and look at divergences between expected and actual findings for SHA256.

(from http://www.itweb.co.za/index.php?option=com_content&view=article&id=50468)

So it seems the original title was 'SHA256 vulnerabilites exposed by Bitcoin'.

Ahh..  who would have thought bitcoin would be so useful to the banking industry as to help expose cryptographic weaknesses!?  Smiley

@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
March 26, 2012, 11:14:00 AM
Last edit: March 26, 2012, 12:21:33 PM by BurtWagner
 #4

Someone was paid by the banking industry to discredit Bitcoin?

(sarcasm attempt fail)

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Koekiemonster
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250


Bitbuy.nl!


View Profile
March 26, 2012, 11:20:12 AM
 #5

Someone was paid by the banking industry to discredit Bitcoin?

How does this discredit Bitcoin?  Undecided

https://www.bitbuy.nl - Koop eenvoudig, snel en goedkoop bitcoins bij Bitbuy!
Bitcointalk topic over Bitbuy!
julz
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001



View Profile
March 26, 2012, 11:25:56 AM
 #6

Someone was paid by the banking industry to discredit Bitcoin?


Doesn't seem that way to me.
Assuming he's correct... The bitcoin system has proved useful in revealing a minor issue with SHA256 ... which the banks (and military) also use.

Note that many US military systems are still in the process of migrating *to* SHA256.

It's highly unlikely that these surface scratches indicate a massive reduction in the security and utility of SHA256.
It's more a case of 'orderly migration' to something stronger - rather than 'panic exit'.

@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
March 26, 2012, 11:44:29 AM
 #7

FUD

Lol, bitcoin, wich has a market cap of less than 50 millions of $ discover a weakness that no one in all the world governments and banks and whatelse and trillions of $ discovered? Yeeeah sure. And what about Area 51? I've heard they have aliens there!!!

Hawkix
Hero Member
*****
Offline Offline

Activity: 531
Merit: 505



View Profile WWW
March 26, 2012, 12:49:43 PM
 #8

Bitcoin with its current hashrate may be the most powerfull SHA256 testing tool that has been running so far ...

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
March 26, 2012, 01:57:40 PM
 #9

Someone was paid by the banking industry to discredit Bitcoin?


Doesn't seem that way to me.
Assuming he's correct... The bitcoin system has proved useful in revealing a minor issue with SHA256 ... which the banks (and military) also use.

what minor issue?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
triplehelix
Member
**
Offline Offline

Activity: 84
Merit: 10



View Profile
March 26, 2012, 02:00:40 PM
 #10

any vulnerability can and will be verified.  why are so many so quick to write this off?  just because he works for a bank?
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
March 26, 2012, 02:06:38 PM
 #11

Quote
Frans Lategan, who will be one of the expert speakers at the annual ITWeb Security Summit, in May, says he will reveal for the first time at the Summit newly-discovered weaknesses in the gold standard cryptography.  Describing the vulnerabilities as “scratches in the paintwork, rather than a train smash”, Lategan says his findings nevertheless indicate that vulnerabilities can exist even in trusted algorithms in use to protect currency as valuable and widespread as Bitcoin.

Ok so it is only academic.  Obviosuly one wouldn't wait 2+ months to release findings on a flaw unless it is minor ...

Also I love the " protect currency as valuable and widespread as Bitcoin."  Smiley

Quote
Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.

How exactly does he know Bitcoin has been a victim?  Unless he is talking about things like DDOS and thefts which have nothing to do with the vulnerability?

Hmm... Either he is full of shit trying to pump up his presentation ahead of the conference or his is the single most unethical cryptographer on the planet.

"I know of a vulnerability which is costing other money and undermining public trust in cryptography so I will wait for two months before telling anyone about it ... er I will tell me about it, just not what it is."
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
March 26, 2012, 02:14:29 PM
 #12

Also I love the " protect currency as valuable and widespread as Bitcoin."  Smiley

..

How exactly does he know Bitcoin has been a victim?  Unless he is talking about things like DDOS and thefts which have nothing to do with the vulnerability?

Hmm... Either he is full of shit trying to pump up his presentation ahead of the conference or his is the single most unethical cryptographer on the planet.

I love how on one hand you love what he said, then one sentence later you turn into a raving, rabid bitcoiner.

Obviously he was referring to other attacks. Does he really need to spell this out?

ribuck
Donator
Hero Member
*
Offline Offline

Activity: 826
Merit: 1060


View Profile
March 26, 2012, 02:16:54 PM
 #13

why are so many so quick to write this off?  just because he works for a bank?
We are writing off this "news", because there isn't any news. At this point he's just pimping his conference presentation.

If he announces anything substantial, we can consider it on its merits.
finway
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
March 26, 2012, 02:44:23 PM
 #14

WangXiaoYun(王小云) uses 10 years to find the vulnerability of MD5 and SHA-1

This guy cracks SHA256, HE must be another WangXiaoYun!



finway
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
March 26, 2012, 02:55:27 PM
 #15

I guess the "vulnerability" of SHA256 may refers to BIP30 -- the same tx hash.


A Big Finding.

triplehelix
Member
**
Offline Offline

Activity: 84
Merit: 10



View Profile
March 26, 2012, 02:57:35 PM
 #16

the guy himself said its just a scratch in the paint, not a deep rooted issue.
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
March 26, 2012, 07:24:57 PM
 #17

Quote
Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.
Lol i missed that before.

Bitcoin has been the victim? Didn't know linode=bitcoin.  Roll Eyes And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make

triplehelix
Member
**
Offline Offline

Activity: 84
Merit: 10



View Profile
March 26, 2012, 07:41:52 PM
 #18

Quote
Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.
Lol i missed that before.

Bitcoin has been the victim? Didn't know linode=bitcoin.  Roll Eyes And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make

you could argue that the worm stealing wallets was a direct attack on bitcoin.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
March 26, 2012, 07:45:38 PM
 #19

Quote
Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.
Lol i missed that before.

Bitcoin has been the victim? Didn't know linode=bitcoin.  Roll Eyes And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make

you could argue that the worm stealing wallets was a direct attack on bitcoin.
They didn't break the protocol.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
triplehelix
Member
**
Offline Offline

Activity: 84
Merit: 10



View Profile
March 26, 2012, 08:20:07 PM
 #20

Quote
Lategan explains that Bitcoin, a fast-growing global digital currency that resides solely in the cloud, has already been the victim of attacks.
Lol i missed that before.

Bitcoin has been the victim? Didn't know linode=bitcoin.  Roll Eyes And they want to find weaknesses in SHA256? Maybe it's SHA256 but they refer to AES seeing the mistakes they make

you could argue that the worm stealing wallets was a direct attack on bitcoin.
They didn't break the protocol.

no, but they exposed a weakness in the default client which is provided by the core dev team.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!