Bitcoin Forum
January 22, 2017, 02:18:34 PM *
News: Latest stable version of Bitcoin Core: 0.13.2  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 [5]  All
  Print  
Author Topic: [Password Leak] LinkedIn database hacked  (Read 10468 times)
TangibleCryptography
Sr. Member
****
Offline Offline

Activity: 476


Tangible Cryptography LLC


View Profile WWW
June 07, 2012, 09:27:23 PM
 #81

Can someone explain to me the big practical difference between SHA-256 and SHA-512, other than the larger digest for the latter?

Not much.

SHA-256 block size (input) is 512 bit and SHA-512 block size is 1024 bit.
SHA-256 digest (output) is 256 bit and SHA-512 digest is 512 bit.
The initialization constants are different.
SHA-256 uses 32 bit "chunks".  SHA-512 uses 64bit "chunks"
SHA-256 has 64 rounds (iterations of the algorithm), SHA-512 has 80.

Other than that they pretty much are the same.  Same basic algorithm.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
cytokine
Donator
Full Member
*
Offline Offline

Activity: 224



View Profile
June 07, 2012, 09:46:24 PM
 #82

Can someone explain to me the big practical difference between SHA-256 and SHA-512, other than the larger digest for the latter?

Not much.

SHA-256 block size (input) is 512 bit and SHA-512 block size is 1024 bit.
SHA-256 digest (output) is 256 bit and SHA-512 digest is 512 bit.
The initialization constants are different.
SHA-256 uses 32 bit "chunks".  SHA-512 uses 64bit "chunks"
SHA-256 has 64 rounds (iterations of the algorithm), SHA-512 has 80.

Other than that they pretty much are the same.  Same basic algorithm.



So is there a significant security advantage to using SHA512 over SHA256, or not really enough of one to justify the extra cost?
TangibleCryptography
Sr. Member
****
Offline Offline

Activity: 476


Tangible Cryptography LLC


View Profile WWW
June 07, 2012, 09:53:01 PM
 #83

So is there a significant security advantage to using SHA512 over SHA256, or not really enough of one to justify the extra cost?

SHA-512 actually hashes faster on most CPU (x64 capable) and slower on most GPU.  So I would be inclined to use SHA-512 over SHA-256 for passwords.   The extra "cost" (in terms of computing power, storage, memory) is negligible.   Still SHA-2 is very fast algorthm so some sort of chained function like PBKDF2 is necessary.  If it is a new project I see no reason to not just start with SHA-512.

If you mean upgrading Bitcoin from SHA256 to SHA512 well that is likely futile.  SHA-256 is more than strong enough today.  Any advantages of SHA-512 are at this point theoretical.  It is very possible that whatever weakens SHA-256 will weakens all SHA-2 algorithms.    If you are going to do something as disruptive as change Bitcoin's core algorithm you might as well make a clean break and not do a baby step from SHA-256 to SHA-512.
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
June 07, 2012, 10:17:06 PM
 #84


Anyone know of a website or something that could explain this formula in some kind of dumbed down English, I understand encryption practices fairly well I've always wanted to know what the formula it self is doing be hind the since I just don't know Alien math quite yet Tongue
TangibleCryptography
Sr. Member
****
Offline Offline

Activity: 476


Tangible Cryptography LLC


View Profile WWW
June 07, 2012, 10:28:44 PM
 #85

http://en.wikipedia.org/wiki/SHA-2#Examples_of_SHA-2_variants has a pretty good psuedo code of the SHA-2 algorithm. 

The diagram above is used to represent a single round of the SHA-2 hashing algorithm.  SHA-256 uses 64 rounds.  The A to H are variables which compute a running sum.  You will notice on each round the values in those 8 registers move to the right.  The functions on the right S0, S1, t1, t2, maj, and ch are the functions which make up the SHA-2 algorithm. 

The input (block) is broken into 16 32 bit words (w0 to 15) and used by the functions (S0, S1, t1, t2, maj, and ch) to compute a new value A.  That is round #1.  The same process happens 64 times. 

The final set of registers A to H are then concatenated and that forms the hash.
Tritonio
Hero Member
*****
Offline Offline

Activity: 653


Vanity of vanities; all is vanity...


View Profile WWW
June 09, 2012, 11:50:44 PM
 #86

My password is not even in that list. So I guess it's not all passwords as some say.

nimda
Hero Member
*****
Offline Offline

Activity: 784


0xFB0D8D1534241423


View Profile
June 10, 2012, 01:54:32 AM
 #87

I'm getting skeptical that it is even from linkedin... the # of SHA1 hashes != the number of LinkedIn users, or so I hear...

I recommend asking me for a signature from my GPG key before doing a trade. I will NEVER deny such a request.
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 966


BCJ


View Profile
June 10, 2012, 01:56:17 AM
 #88

6M Hashes released -  150M users.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2044



View Profile
July 12, 2012, 07:12:38 AM
 #89

This morning, a dump of unique passwords f

And the fun continues.   450K usernames and passwords from Yahoo! Voice:

 - http://www.trustedsec.com/july-2012/yahoo-voice-website-breached-400000-compromised/
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 12, 2012, 07:19:18 AM
 #90

This morning, a dump of unique passwords f

And the fun continues.   450K usernames and passwords from Yahoo! Voice:

 - http://www.trustedsec.com/july-2012/yahoo-voice-website-breached-400000-compromised/


Quote
The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted

 Shocked

niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
July 12, 2012, 05:50:53 PM
 #91

A class-action suit against linkedin inititiated in US federal court in San Jose. The plaintiffs allege that the company was not securing the user database per industry standards.

I find it disgusting that LinkedIn still claims that "users' accounts were not breached as a result of the leak." I started receiving spam invitations to connect from total strangers- which never happened before the leak. Pathetic.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
finkleshnorts
Sr. Member
****
Offline Offline

Activity: 336



View Profile
July 12, 2012, 05:57:27 PM
 #92

Hmm... how does this relate to microcash...
Pages: « 1 2 3 4 [5]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!