Pages:
Author

Topic: A basic question - page 4. (Read 5598 times)

sr. member
Activity: 467
Merit: 267
April 20, 2015, 12:22:53 PM
#51
@ice
These algorithms are not new. If you had studied cryptography, you would know that proving that a hash is uncrackable is impossible. So the best way is to come up with a method, have everyone have a go at it and if it has a weakness, tweak the method and incrementally improve. Starting from a completely new method is more risky.
I understand your concerns and the people who keep bringing up the infographics of the sun surely don't help. It is obviously of little value yet the truth requires much more advanced mathematics that very few people have the patience for.
Their arguments may be wrong but the theory still can be right. You criticize their logic but haven't shown any proof on your side. All I see from your post is handwaving too.

For instance,
Quote
Please explain what logic I am disregarding. Md5 was state of the art just a few years ago. Now it can be cracked easily by an amateur within seconds on a cheap computer. Sha2 is a more elaborate algorithm than md5 but uses the same basic principle to encrypt.
MD5 is weak + SHA2 is based on MD5 => SHA2 is weak

If this line of reasoning is correct to you, then there isn't much to say. No one forces you to put money in bitcoin or crypto currencies.
newbie
Activity: 14
Merit: 0
April 20, 2015, 12:01:28 PM
#50

Please explain what logic I am disregarding. Md5 was state of the art just a few years ago. Now it can be cracked easily by an amateur within seconds on a cheap computer. Sha2 is a more elaborate algorithm than md5 but uses the same basic principle to encrypt.  

A fair point, but what you are saying is a hypothesis, not evidence, which are 2 completely different things.


There seems to be evidence for both sides. I was trying to present evidence on one side and asking people to refute it. Nobody has done so. Instead they have presented 'defenses' of sha2 that are very weak.

At this point therefore my hypothesis is that sha2 is cracked, or should be considered so.

Well, as others pointed out: There's no 'rule' or no 'progression'. The input into the one-way functions (hashing algorithms) need to be random in order for Bitcoin to be secure. That's the 'only' requisite!

But that is proven untrue.
It is true that the input must be random and if the hash function is truly one way then a high number of bits would guarantee security.

But it is not true that the hashing functions described are one way. Therefore the security is false.

MD5 was pumped a few years ago exactly as sha2 is being pumped now. There are a lot of ways the security of sha2 could be demonstrated satisfactorily, but instead of doing that its defenders use dishonest rhetorical techniques to defend it. Go over this thread and you will see numerous examples. A person holding aces doesn't need to bluff.
hero member
Activity: 518
Merit: 500
Trust me!
April 20, 2015, 06:27:46 AM
#49
Well, as others pointed out: There's no 'rule' or no 'progression'. The input into the one-way functions (hashing algorithms) need to be random in order for Bitcoin to be secure. That's the 'only' requisite!
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
April 19, 2015, 09:39:51 PM
#48

Please explain what logic I am disregarding. Md5 was state of the art just a few years ago. Now it can be cracked easily by an amateur within seconds on a cheap computer. Sha2 is a more elaborate algorithm than md5 but uses the same basic principle to encrypt.  

A fair point, but what you are saying is a hypothesis, not evidence, which are 2 completely different things.

Furthermore, your hypothesis is a weak one because of hasty generalizing and ignoring the number
of bits of security advertised in each of the hash functions (64 bits vs 128 bits).

Simply assuming that all hash functions will be broken at some point in the near
future is a counterfactual fallacy as well... There are many strong hash functions
regardless of the fact that there others such as MD5 that are broken.

newbie
Activity: 14
Merit: 0
April 19, 2015, 09:06:49 PM
#47
What evidence would that be?

~it's not 'proof,, but

OK, it is not proof. Stop there.


What we are talking about here is the financial protocol used to secure a lot of money. The burden of proof is on those who claim it is secure. I am struck again and again that defenders of sha2 resort to using ad hominems, inaccurate portrayal of 'brute force attack' as the risk and on and on. Maybe there is someone who knows cryptography and is able to defend sha2 but so far its defenders have only been throwing up smokescreens, and I have to ask why.

Among others

1) Bitstamp hack involved roughly one tenth of one percent of all existing bit coin.
But a person or group who could hack Bitstamp's hot wallet as late as January 2015 would have the capability to get much more. In other words the hacker probably limited the scope of the hack. This and several other hacks point to an attack originating in a flaw in sha.

One exchange getting hacked means that they got access to the server storing the private key, not that SHA was broken.

Quite a few exchanges secured by some of the best security people available have been hacked. It's not just a question of getting access to a server.
2) The md5 hack was known to various governments before it was public. That is obvious. They used the flaw for political malware until it was exposed. After md5 was shown weak, instead of going to something that would be beyond question, such as an objectively strong algorithm, trusted widely, they extended their 'current product'. In other words sha2 is an extension of md5 rather than something different. Why? Please speculate.

You say:
MD5 is a hashing algorithm.
MD5 is known to be weak.
SHA2 is a hashing algorithm.

And then you conclude, disregarding how logic actually works, that SHA2 is broken too.

Please explain what logic I am disregarding. Md5 was state of the art just a few years ago. Now it can be cracked easily by an amateur within seconds on a cheap computer. Sha2 is a more elaborate algorithm than md5 but uses the same basic principle to encrypt.
There is no question but that my arguments are not 'rock solid'. They involve speculation.

Please come back when you do have rock solid evidence.

It was not my intention to force you to respond to my questions. I did not come to your thread, you came to mine.

It boggles the mind that despite such obvious questions about the cryptography involved in bitcoin there is no site, or at least I have not seen one, that spells out the exact computation, in layman's' terms, with an example, alongside a comparable example with md5.

Your basic answer, and the answers of most of the others on this thread so far, is "bitcoin is secure because we can yell louder than you". Underneath that is the implicit "well the NSA says it is secure and they lied to us about md5 so they could play assinine spy games with it, so let's just trust them".
hero member
Activity: 658
Merit: 500
April 19, 2015, 08:12:32 PM
#46
What evidence would that be?

~it's not 'proof,, but

OK, it is not proof. Stop there.

Among others

1) Bitstamp hack involved roughly one tenth of one percent of all existing bit coin.
But a person or group who could hack Bitstamp's hot wallet as late as January 2015 would have the capability to get much more. In other words the hacker probably limited the scope of the hack. This and several other hacks point to an attack originating in a flaw in sha.

One exchange getting hacked means that they got access to the server storing the private key, not that SHA was broken.

2) The md5 hack was known to various governments before it was public. That is obvious. They used the flaw for political malware until it was exposed. After md5 was shown weak, instead of going to something that would be beyond question, such as an objectively strong algorithm, trusted widely, they extended their 'current product'. In other words sha2 is an extension of md5 rather than something different. Why? Please speculate.

You say:
MD5 is a hashing algorithm.
MD5 is known to be weak.
SHA2 is a hashing algorithm.

And then you conclude, disregarding how logic actually works, that SHA2 is broken too.

There is no question but that my arguments are not 'rock solid'. They involve speculation.

Please come back when you do have rock solid evidence.
newbie
Activity: 14
Merit: 0
April 19, 2015, 07:51:41 PM
#45
What evidence would that be?

~it's not 'proof,, but it is enough to give me pause~

Among others

1) Bitstamp hack involved roughly one tenth of one percent of all existing bit coin.
But a person or group who could hack Bitstamp's hot wallet as late as January 2015 would have the capability to get much more. In other words the hacker probably limited the scope of the hack. This and several other hacks point to an attack originating in a flaw in sha.

2) The md5 hack was known to various governments before it was public. That is obvious. They used the flaw for political malware until it was exposed. After md5 was shown weak, instead of going to something that would be beyond question, such as an objectively strong algorithm, trusted widely, they extended their 'current product'. In other words sha2 is an extension of md5 rather than something different. Why? Please speculate.

There is one further piece of evidence that convinces me but I don't want to start a shitstorm with it.

There is no question but that my arguments are not 'rock solid'. They involve speculation. But when I look at the public supporters of sha2, and their arguments such as the info graphic above, I am forced to ask what they are hiding. Why are defenders of sha2 using 'brute force strength' arguments instead of 'cryptographic strength' arguments? Is the deception accidental, irrelevant?
hero member
Activity: 658
Merit: 500
April 19, 2015, 07:50:36 PM
#44
The evidence seems to be that sha2 is broken

Can you explain us, in detail (and by detail I mean all the technicalities, not just a weak “what if”) how does that evidence work to prove SHA is broken?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
April 19, 2015, 07:26:53 PM
#43
What evidence would that be?
newbie
Activity: 14
Merit: 0
April 19, 2015, 07:18:20 PM
#42

This should put things in perspective for you...
http://miguelmoreno.net/wp-content/uploads/2013/05/fYFBsqp.jpg

The info graphic shows only that it would be inordinately difficult to brute force sha256.

I have to ask why some people are misrepresenting potential weaknesses in sha256.

md5 also was impossible to brute force but then several different ways were found to crack it within seconds on a home PC system.

Sha256 is as uncrackable by brute force as md5 and the evidence strongly suggests that it is just as cryptographically flawd as md5 as well.

Again, do you understand that your argument refers only to bruteforcing?
And do you understand that the argument thus looks good but has no merit whatsoever?

Or do you not understand that?

-------------------------------------------

Keccak subset SHA-3 also contains SHA384 (192 bit) and SHA512 (256 bit), so the Bitcoin Core can be upgraded if the need ever arises. Plus, I am sure more secure algorithms will be developed in the future that Bitcoin can be upgraded to if needed.

That said, I've yet to hear of a single collision with SHA256, and we know that cryptographers and hackers are trying to do it. But if you can produce any SHA256 collisions, please show us all, but I don't think you can.

This all is really a non-issue.

Keccak is sort of discredited by anyone who wants to research it.

There are a series of articles about NSA involvement in these algos that has more info. You might be able to find more info by searching "what the NSA created cryptonote for" or you might not.

The evidence seems to be that sha2 is broken, that keccak is not a secure substitute, and that there will be some effort to funnel people into cryptonote.

I don't think that will be successful and, aside from cryptonote in the very short term, I am looking for some algorithm that is profitable.

--------------------------------------

MD5 only had 64 bits of security, SHA-256 has 128.

Anyway, don't forget...information wants to be free.
If something is cracked, it won't be a secret for long.


When md5 was trusted the same sort of info graphic as above was used. The evidence indicates that md5 was broken for a long time before it was known to be broken, and that the history of public knowledge of its weakness was altered. In other words if you look at actual forum comments on various sites the timeline of awareness about its potential weaknesses is not quite what is portrayed on Wikipedia and elsewhere. Revisionists are covering their asses.

Looking at all the evidence I believe there is sufficient proof already that sha2 is broken.
hero member
Activity: 700
Merit: 501
April 15, 2015, 12:30:39 PM
#41
Keccak subset SHA-3 also contains SHA384 (192 bit) and SHA512 (256 bit), so the Bitcoin Core can be upgraded if the need ever arises. Plus, I am sure more secure algorithms will be developed in the future that Bitcoin can be upgraded to if needed.

That said, I've yet to hear of a single collision with SHA256, and we know that cryptographers and hackers are trying to do it. But if you can produce any SHA256 collisions, please show us all, but I don't think you can.

This all is really a non-issue.

Yeah, during our lifetime and beyond SHA256 will be uncrackable, all counterarguments include traits of science fiction. You can sleep at night Op, your BTC is safe.
hero member
Activity: 926
Merit: 1001
weaving spiders come not here
April 15, 2015, 11:58:01 AM
#40
Keccak subset SHA-3 also contains SHA384 (192 bit) and SHA512 (256 bit), so the Bitcoin Core can be upgraded if the need ever arises. Plus, I am sure more secure algorithms will be developed in the future that Bitcoin can be upgraded to if needed.

That said, I've yet to hear of a single collision with SHA256, and we know that cryptographers and hackers are trying to do it. But if you can produce any SHA256 collisions, please show us all, but I don't think you can.

This all is really a non-issue.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
April 15, 2015, 07:48:45 AM
#39
MD5 only had 64 bits of security, SHA-256 has 128.

Anyway, don't forget...information wants to be free.
If something is cracked, it won't be a secret for long.
legendary
Activity: 3346
Merit: 1352
Leading Crypto Sports Betting & Casino Platform
April 15, 2015, 03:21:40 AM
#38
So my question now is which coin has a more reliable algorithm, preferably without the seal of approval from any govt?

No matter what hashing algorithm you use, it will be eventually cracked (according to your own post). So, why bother with them, anyway?


It's right. You can not stop it happening. Someone, somewhere will eventually crack it and you will be doomed then.
Better you go with flow.
hero member
Activity: 658
Merit: 500
April 14, 2015, 10:27:27 PM
#37
hero member
Activity: 926
Merit: 1001
weaving spiders come not here
April 14, 2015, 09:53:57 PM
#36
hero member
Activity: 658
Merit: 500
April 14, 2015, 06:46:02 PM
#35
So my question now is which coin has a more reliable algorithm, preferably without the seal of approval from any govt?

No matter what hashing algorithm you use, it will be eventually cracked (according to your own post). So, why bother with them, anyway?
newbie
Activity: 14
Merit: 0
April 14, 2015, 06:39:11 PM
#34
Sorry, I don't have my no ice please password so I created a new I'd.

This is what I have understood so far:
1) MD5 was considered utterly secure until it was cracked. The crack involved a flaw inherent to using hashes in asymmetric cryptography and should obviously thus preclude their use for things such as bit coin.
2) The hash cracking process involved two basic steps. Initially a meta flaw in hashing security, then a specific application adapted to a specific algorithm such as md5.
3) There have been not one but several completely distinct meta vulnerabilities found in using hashes for cryptographic purposes. In other words several different ways have been mentioned publicly to crack them. Some are slow others are very fast.
4) Using a longer key length does not realistically increase the cryptographic strength of hashes even with very long keys.

So I with my small years old computer and meager interest in the subject will not break sha2, but someone has. There are literally dozens or more of people working full time to crack it, using powerful computers, it is safe to say they can do to sha2 what relatively poorly equipped researchers did years ago with md5.

So my question now is which coin has a more reliable algorithm, preferably without the seal of approval from any govt?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
April 02, 2015, 11:37:30 AM
#33
There's no way around SHA-256 unless we invent quantum computers powerful enough to bruteforce the passes period. The rest is paranoia and FUD.

and the algorithms to use them.  there is no known quantum algorithm capable of 'brute forcing'.
hero member
Activity: 770
Merit: 509
April 02, 2015, 09:24:50 AM
#32
There's no way around SHA-256 unless we invent quantum computers powerful enough to bruteforce the passes period. The rest is paranoia and FUD.
Pages:
Jump to: