Bitcoin Forum
December 08, 2016, 12:11:06 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 [5]  All
  Print  
Author Topic: [Password Leak] LinkedIn database hacked  (Read 10320 times)
TangibleCryptography
Sr. Member
****
Offline Offline

Activity: 476


Tangible Cryptography LLC


View Profile WWW
June 07, 2012, 09:27:23 PM
 #81

Can someone explain to me the big practical difference between SHA-256 and SHA-512, other than the larger digest for the latter?

Not much.

SHA-256 block size (input) is 512 bit and SHA-512 block size is 1024 bit.
SHA-256 digest (output) is 256 bit and SHA-512 digest is 512 bit.
The initialization constants are different.
SHA-256 uses 32 bit "chunks".  SHA-512 uses 64bit "chunks"
SHA-256 has 64 rounds (iterations of the algorithm), SHA-512 has 80.

Other than that they pretty much are the same.  Same basic algorithm.

1481199066
Hero Member
*
Offline Offline

Posts: 1481199066

View Profile Personal Message (Offline)

Ignore
1481199066
Reply with quote  #2

1481199066
Report to moderator
1481199066
Hero Member
*
Offline Offline

Posts: 1481199066

View Profile Personal Message (Offline)

Ignore
1481199066
Reply with quote  #2

1481199066
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481199066
Hero Member
*
Offline Offline

Posts: 1481199066

View Profile Personal Message (Offline)

Ignore
1481199066
Reply with quote  #2

1481199066
Report to moderator
1481199066
Hero Member
*
Offline Offline

Posts: 1481199066

View Profile Personal Message (Offline)

Ignore
1481199066
Reply with quote  #2

1481199066
Report to moderator
cytokine
Donator
Full Member
*
Offline Offline

Activity: 224



View Profile
June 07, 2012, 09:46:24 PM
 #82

Can someone explain to me the big practical difference between SHA-256 and SHA-512, other than the larger digest for the latter?

Not much.

SHA-256 block size (input) is 512 bit and SHA-512 block size is 1024 bit.
SHA-256 digest (output) is 256 bit and SHA-512 digest is 512 bit.
The initialization constants are different.
SHA-256 uses 32 bit "chunks".  SHA-512 uses 64bit "chunks"
SHA-256 has 64 rounds (iterations of the algorithm), SHA-512 has 80.

Other than that they pretty much are the same.  Same basic algorithm.



So is there a significant security advantage to using SHA512 over SHA256, or not really enough of one to justify the extra cost?
TangibleCryptography
Sr. Member
****
Offline Offline

Activity: 476


Tangible Cryptography LLC


View Profile WWW
June 07, 2012, 09:53:01 PM
 #83

So is there a significant security advantage to using SHA512 over SHA256, or not really enough of one to justify the extra cost?

SHA-512 actually hashes faster on most CPU (x64 capable) and slower on most GPU.  So I would be inclined to use SHA-512 over SHA-256 for passwords.   The extra "cost" (in terms of computing power, storage, memory) is negligible.   Still SHA-2 is very fast algorthm so some sort of chained function like PBKDF2 is necessary.  If it is a new project I see no reason to not just start with SHA-512.

If you mean upgrading Bitcoin from SHA256 to SHA512 well that is likely futile.  SHA-256 is more than strong enough today.  Any advantages of SHA-512 are at this point theoretical.  It is very possible that whatever weakens SHA-256 will weakens all SHA-2 algorithms.    If you are going to do something as disruptive as change Bitcoin's core algorithm you might as well make a clean break and not do a baby step from SHA-256 to SHA-512.
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
June 07, 2012, 10:17:06 PM
 #84


Anyone know of a website or something that could explain this formula in some kind of dumbed down English, I understand encryption practices fairly well I've always wanted to know what the formula it self is doing be hind the since I just don't know Alien math quite yet Tongue
TangibleCryptography
Sr. Member
****
Offline Offline

Activity: 476


Tangible Cryptography LLC


View Profile WWW
June 07, 2012, 10:28:44 PM
 #85

http://en.wikipedia.org/wiki/SHA-2#Examples_of_SHA-2_variants has a pretty good psuedo code of the SHA-2 algorithm. 

The diagram above is used to represent a single round of the SHA-2 hashing algorithm.  SHA-256 uses 64 rounds.  The A to H are variables which compute a running sum.  You will notice on each round the values in those 8 registers move to the right.  The functions on the right S0, S1, t1, t2, maj, and ch are the functions which make up the SHA-2 algorithm. 

The input (block) is broken into 16 32 bit words (w0 to 15) and used by the functions (S0, S1, t1, t2, maj, and ch) to compute a new value A.  That is round #1.  The same process happens 64 times. 

The final set of registers A to H are then concatenated and that forms the hash.
Tritonio
Hero Member
*****
Offline Offline

Activity: 652


Vanity of vanities; all is vanity...


View Profile WWW
June 09, 2012, 11:50:44 PM
 #86

My password is not even in that list. So I guess it's not all passwords as some say.

nimda
Hero Member
*****
Offline Offline

Activity: 784


0xFB0D8D1534241423


View Profile
June 10, 2012, 01:54:32 AM
 #87

I'm getting skeptical that it is even from linkedin... the # of SHA1 hashes != the number of LinkedIn users, or so I hear...

I recommend asking me for a signature from my GPG key before doing a trade. I will NEVER deny such a request.
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 966


BCJ


View Profile
June 10, 2012, 01:56:17 AM
 #88

6M Hashes released -  150M users.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
July 12, 2012, 07:12:38 AM
 #89

This morning, a dump of unique passwords f

And the fun continues.   450K usernames and passwords from Yahoo! Voice:

 - http://www.trustedsec.com/july-2012/yahoo-voice-website-breached-400000-compromised/

Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 12, 2012, 07:19:18 AM
 #90

This morning, a dump of unique passwords f

And the fun continues.   450K usernames and passwords from Yahoo! Voice:

 - http://www.trustedsec.com/july-2012/yahoo-voice-website-breached-400000-compromised/


Quote
The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted

 Shocked

niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
July 12, 2012, 05:50:53 PM
 #91

A class-action suit against linkedin inititiated in US federal court in San Jose. The plaintiffs allege that the company was not securing the user database per industry standards.

I find it disgusting that LinkedIn still claims that "users' accounts were not breached as a result of the leak." I started receiving spam invitations to connect from total strangers- which never happened before the leak. Pathetic.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
finkleshnorts
Sr. Member
****
Offline Offline

Activity: 336



View Profile
July 12, 2012, 05:57:27 PM
 #92

Hmm... how does this relate to microcash...
Pages: « 1 2 3 4 [5]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!