Topic: A basic question - page 4. (Read 5593 times)

OK, it is not proof. Stop there.


One exchange getting hacked means that they got access to the server storing the private key, not that SHA was broken.


You say:
MD5 is a hashing algorithm.
MD5 is known to be weak.
SHA2 is a hashing algorithm.

And then you conclude, disregarding how logic actually works, that SHA2 is broken too.


Please come back when you do have rock solid evidence.

~it's not 'proof,, but it is enough to give me pause~

Among others

1) Bitstamp hack involved roughly one tenth of one percent of all existing bit coin.
But a person or group who could hack Bitstamp's hot wallet as late as January 2015 would have the capability to get much more. In other words the hacker probably limited the scope of the hack. This and several other hacks point to an attack originating in a flaw in sha.

2) The md5 hack was known to various governments before it was public. That is obvious. They used the flaw for political malware until it was exposed. After md5 was shown weak, instead of going to something that would be beyond question, such as an objectively strong algorithm, trusted widely, they extended their 'current product'. In other words sha2 is an extension of md5 rather than something different. Why? Please speculate.

There is one further piece of evidence that convinces me but I don't want to start a shitstorm with it.

There is no question but that my arguments are not 'rock solid'. They involve speculation. But when I look at the public supporters of sha2, and their arguments such as the info graphic above, I am forced to ask what they are hiding. Why are defenders of sha2 using 'brute force strength' arguments instead of 'cryptographic strength' arguments? Is the deception accidental, irrelevant?

Can you explain us, in detail (and by detail I mean all the technicalities, not just a weak “what if”) how does that evidence work to prove SHA is broken?

What evidence would that be?

The info graphic shows only that it would be inordinately difficult to brute force sha256.

I have to ask why some people are misrepresenting potential weaknesses in sha256.

md5 also was impossible to brute force but then several different ways were found to crack it within seconds on a home PC system.

Sha256 is as uncrackable by brute force as md5 and the evidence strongly suggests that it is just as cryptographically flawd as md5 as well.

Again, do you understand that your argument refers only to bruteforcing?
And do you understand that the argument thus looks good but has no merit whatsoever?

Or do you not understand that?

-------------------------------------------


Keccak is sort of discredited by anyone who wants to research it.

There are a series of articles about NSA involvement in these algos that has more info. You might be able to find more info by searching "what the NSA created cryptonote for" or you might not.

The evidence seems to be that sha2 is broken, that keccak is not a secure substitute, and that there will be some effort to funnel people into cryptonote.

I don't think that will be successful and, aside from cryptonote in the very short term, I am looking for some algorithm that is profitable.

--------------------------------------


When md5 was trusted the same sort of info graphic as above was used. The evidence indicates that md5 was broken for a long time before it was known to be broken, and that the history of public knowledge of its weakness was altered. In other words if you look at actual forum comments on various sites the timeline of awareness about its potential weaknesses is not quite what is portrayed on Wikipedia and elsewhere. Revisionists are covering their asses.

Looking at all the evidence I believe there is sufficient proof already that sha2 is broken.

Yeah, during our lifetime and beyond SHA256 will be uncrackable, all counterarguments include traits of science fiction. You can sleep at night Op, your BTC is safe.

Keccak subset SHA-3 also contains SHA384 (192 bit) and SHA512 (256 bit), so the Bitcoin Core can be upgraded if the need ever arises. Plus, I am sure more secure algorithms will be developed in the future that Bitcoin can be upgraded to if needed.

That said, I've yet to hear of a single collision with SHA256, and we know that cryptographers and hackers are trying to do it. But if you can produce any SHA256 collisions, please show us all, but I don't think you can.

This all is really a non-issue.

MD5 only had 64 bits of security, SHA-256 has 128.

Anyway, don't forget...information wants to be free.
If something is cracked, it won't be a secret for long.

It's right. You can not stop it happening. Someone, somewhere will eventually crack it and you will be doomed then.
Better you go with flow.

No matter what hashing algorithm you use, it will be eventually cracked (according to your own post). So, why bother with them, anyway?

Sorry, I don't have my no ice please password so I created a new I'd.

This is what I have understood so far:
1) MD5 was considered utterly secure until it was cracked. The crack involved a flaw inherent to using hashes in asymmetric cryptography and should obviously thus preclude their use for things such as bit coin.
2) The hash cracking process involved two basic steps. Initially a meta flaw in hashing security, then a specific application adapted to a specific algorithm such as md5.
3) There have been not one but several completely distinct meta vulnerabilities found in using hashes for cryptographic purposes. In other words several different ways have been mentioned publicly to crack them. Some are slow others are very fast.
4) Using a longer key length does not realistically increase the cryptographic strength of hashes even with very long keys.

So I with my small years old computer and meager interest in the subject will not break sha2, but someone has. There are literally dozens or more of people working full time to crack it, using powerful computers, it is safe to say they can do to sha2 what relatively poorly equipped researchers did years ago with md5.

So my question now is which coin has a more reliable algorithm, preferably without the seal of approval from any govt?

and the algorithms to use them.  there is no known quantum algorithm capable of 'brute forcing'.

There's no way around SHA-256 unless we invent quantum computers powerful enough to bruteforce the passes period. The rest is paranoia and FUD.