Bitcoin Forum
December 04, 2016, 12:08:09 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: SHA256 Collision Attack  (Read 10421 times)
flatfly
Hero Member
*****
Offline Offline

Activity: 938


View Profile
June 29, 2012, 12:50:20 PM
 #41

Interesting... Watching this too

I've never been able to find a vanity address longer than 5 characters with my prehistoric laptop... Sad

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
1480810089
Hero Member
*
Offline Offline

Posts: 1480810089

View Profile Personal Message (Offline)

Ignore
1480810089
Reply with quote  #2

1480810089
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480810089
Hero Member
*
Offline Offline

Posts: 1480810089

View Profile Personal Message (Offline)

Ignore
1480810089
Reply with quote  #2

1480810089
Report to moderator
JompinDox
Member
**
Offline Offline

Activity: 107


View Profile
June 29, 2012, 01:26:55 PM
 #42

I've also just found these:

 16L48ssoSeG1worstVpsENv1rewVsw7nMa

 1GpacsJetrebeLcV15FSmw3vjLmPsineCp

Don't know if that's impressive or not

Tips? 1ELECeJompinDox61L73eAUyaWpe3Q5HZB
Down with socks!
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
June 29, 2012, 03:09:48 PM
 #43

Do the bets made in this thread apply to me
if I can successfully prove my claim?
No, well at least not my part Smiley

My bounty was on a pure sha256 collision. That is: two different sequences of bytes (not necessarily of the same length) which have the same sha256 hash.

A vanity address is something entirely different (although a 11+ digit vanity address is impressive if you indeed have the corresponding private key).

I'll add another 1000 BTC is you can generate a collision for a specific sha256 hash Smiley
Let's say, for example, if you can generate data (a sequence of bytes) which has this sha256 hash: 7bf3c0394237866352e95d84c91648bc141ab32f64e1b56ac198bb618571846d

Quote
Being totally broke (I was devastated by a $350,000 loss last year, but that's another story)
Damn man, sounds shitty Sad

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
AbsoluteZero
Member
**
Offline Offline

Activity: 66


View Profile
June 29, 2012, 04:15:50 PM
 #44

It must be a very secret band as there are no Google results found for "Jompin Dox"

flatfly
Hero Member
*****
Offline Offline

Activity: 938


View Profile
June 29, 2012, 04:18:05 PM
 #45

It must be a very secret band as there are no Google results found for "Jompin Dox"



+1!  I call bluff...  But I still just donated a few bitcents to that mystery address, in case you're the real deal Smiley

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
JompinDox
Member
**
Offline Offline

Activity: 107


View Profile
July 04, 2012, 11:04:56 AM
 #46

Unfortunately I'm in no position to prove this yet, as I don't know how to 'sign a message'
and have no BTC to spend... Sad

You now have 0.0638 BTC from me... assuming you have the private key to that address.  Send it anywhere, and your claim that you own the address is proven correct.


Hi, I've just made a test send.
I guess this proves that I do own the key to that address.

Tips? 1ELECeJompinDox61L73eAUyaWpe3Q5HZB
Down with socks!
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
October 06, 2012, 12:47:00 PM
 #47

So, any news on this?

I just noticed an article by Bruce Schneier, where he states that we might start seeing the first successful SHA-1 attacks in 6-9 years from now.

Now remember, SHA-1 is just 160-bit. The SHA-2 variant used in Bitcoin is 256-bit, that's almost a hundred million billion trillion (!!) more possibilities. Somehow I doubt the stories about SHA256 collisions that some people were claiming here Grin

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
pieppiep
Sr. Member
****
Offline Offline

Activity: 402



View Profile
October 06, 2012, 01:24:42 PM
 #48

I don't have the time right now to read it, but somehow I think the attack isn't related to the 160-bit but more to the algoritm.
So if a flaw is found in SHA-1 with 160-bit, and you make a SHA-1b with 320-bit, a collision can be found in somewhat the same time.
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
October 06, 2012, 03:50:15 PM
 #49

I don't have the time right now to read it, but somehow I think the attack isn't related to the 160-bit but more to the algoritm.
Well, fortunately, the SHA-2 algorithm (which also includes SHA-256) is completely different than SHA-1.

Quote
So if a flaw is found in SHA-1 with 160-bit, and you make a SHA-1b with 320-bit, a collision can be found in somewhat the same time.
I doubt it - the described possible future attack abuses some weak properties of SHA-1, to reduce the number of brute force attempts from 280 to 252.
If you do the same with a 320-bit hash, you're still dealing with 2132 (reduced from 2160) attempts or maybe 2104 in best case scenario (if the weak properties extend to additional SHA rounds in the 320-bit version).

Well, 2104 is still a HECK of a lot more than 280 Smiley
Once we can do 280 in one day (which we can't, not even in 6-9 years cause the described scenario only deals with the reduced 252 case), the 2104 would still take 45.000 years. Good luck with that sir Smiley

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
Bitznbitz
Jr. Member
*
Offline Offline

Activity: 42



View Profile
October 07, 2012, 07:21:20 PM
 #50

Give it to a 3yr old kid, if anyone can break it, they can.

60 GH/s BFL Single SC - Pre-Order Yours Today!
`````` Only $1299.99 -  butterflylabs.com  ``````
alberthendriks
Member
**
Offline Offline

Activity: 85


View Profile
July 15, 2013, 09:53:38 PM
 #51

Are these bounties still on? If so, could you post expiry dates and/or expiry events?
pieppiep
Sr. Member
****
Offline Offline

Activity: 402



View Profile
July 16, 2013, 04:08:22 AM
 #52

My 10 BTC is expired, it's already spent Tongue
But you can probably get a lot more than the few thousand bitcoins you get here.
Also, a normal SHA-256 isn't that interesting for bitcoin. For bitcoin you need SHA-256d which is SHA-256(SHA-256())
nimda
Hero Member
*****
Offline Offline

Activity: 784


0xFB0D8D1534241423


View Profile
July 16, 2013, 04:14:23 AM
 #53

My 10 BTC is expired, it's already spent Tongue
But you can probably get a lot more than the few thousand bitcoins you get here.
Also, a normal SHA-256 isn't that interesting for bitcoin. For bitcoin you need SHA-256d which is SHA-256(SHA-256())
An arbitrary collision on SHA-256 gives a collision on SHA-256d.

I recommend asking me for a signature from my GPG key before doing a trade. I will NEVER deny such a request.
alberthendriks
Member
**
Offline Offline

Activity: 85


View Profile
September 01, 2013, 01:06:30 PM
 #54

I'm still attacking SHA-2 (256). Of course I know it's not going to work out, but it's a nice and learnful hobby.

Sometimes while hobbying, I run into stupid questions. Like this one:
Wikipedia claims that the best preimage attack on SHA-2 is actually reduced (41 rounds) in time 2^(253.5).
It seems trivial to have a full 2^256 attack (so where do I go wrong?) if SHA is really a bit pseudorandom. Input to SHA is 447 (free) bits; output is 256 (fixed) bits. I make some propagators to rule out trivially conflicting bit assignments. I make 191 non-locally-conflicting random bit-assignments (propagating after each assignment). I have 256 free bits left. Since there are 256 free bits and the output is also 256 bits, I expect to have 1.0 solution left. I search for it with brute-force.
b!z
Legendary
*
Offline Offline

Activity: 1330



View Profile
September 01, 2013, 03:02:24 PM
 #55

I'm still attacking SHA-2 (256). Of course I know it's not going to work out, but it's a nice and learnful hobby.

Sometimes while hobbying, I run into stupid questions. Like this one:
Wikipedia claims that the best preimage attack on SHA-2 is actually reduced (41 rounds) in time 2^(253.5).
It seems trivial to have a full 2^256 attack (so where do I go wrong?) if SHA is really a bit pseudorandom. Input to SHA is 447 (free) bits; output is 256 (fixed) bits. I make some propagators to rule out trivially conflicting bit assignments. I make 191 non-locally-conflicting random bit-assignments (propagating after each assignment). I have 256 free bits left. Since there are 256 free bits and the output is also 256 bits, I expect to have 1.0 solution left. I search for it with brute-force.

good luck cracking sha 256. it probably won't ever work.
alberthendriks
Member
**
Offline Offline

Activity: 85


View Profile
September 01, 2013, 04:29:45 PM
 #56

Yes I know, but it gives such a great feeling to find dependencies within sets of bits that were possibly unintended.
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!