Topic: "All cryptography is breakable" criticism - page 2. (Read 7617 times)

Breaking a bank's website security does not give you access to the vault.

I would point out extension attacks are only possible when the payload is of arbitrary size.  Bitcoin blockheaders are fixed sized, exactly 640 bits not a bit more or a bit less.   Thus even if you found a payload which has a longer length but generates the same hash it wouldn't be a valid bitcoin blockheader and thus would be rejected by the network.

Still it is possible that Satoshi either didn't understand this or misunderstood the implications of a extension attack and used the double hash as a method to "prevent" the attack.  It certainly is plausible and is the most likely explanation I have heard so far.

Very simple counter-argument: "online banking uses cryptography too (HTTPS), do you also consider it unsafe?" Of course not.

When cryptographic flaws will be found in Bitcoin, they will simply be fixed by an update of the protocol and algorithms. Very much like HTTPS had to be "fixed" in the past (BEAST attack, MD5 collisions, etc.)

The thing is, none of the cryptographic primitives that Bitcoin uses (SHA-256, RIPEMD-160, ECDSA) have been proven secure.

It should be noted that the only way MD5 has been broken is that it's possible to construct two blocks of data that hash to the same value. Even if this attack was successfully applied for SHA256, it wouldn't affect Bitcoin. It would be a sign to find a new hash function, because it's a sign of weakness, but it's not a problem in itself.

Well, in order to prove that every cryptographic algorithm has flaws, he would need to find a flaw in every cryptographic algorithm. So please ask him to do so, or his claim is just an assumption.
To prevent length-extension attacks. These attacks are a known weakness in the current SHA hash functions, but the new SHA-3 hash function - to be announced soon - will have built-in measures to secure against this. The double-SHA-256 is sort of a workaround to this vulnerability.

Actually, I think this might be the new way of breaking hash functions. And as far as I recall, this was exactly how MD5 was broken. The Chinese researcher Wang Xiaoyun, who originally broke MD5, literally completely memorized the inner workings of the Merkle-Damgård construction that is the heart of MD5 - and SHA-1 and SHA-2 as well. She had a mental image of the states of the function through all its rounds, and used this to visually "figure out" which bits were important and which were not. It's not at all infeasible that this could be applied to SHA256.

I think $5 wrench still defeats one time pad.

It's more interesting than this. While it's just a matter of time before a house is destroyed by an asteroid, it's not just a matter of time before a given cryptological function is broken. Like with other human endeavors, it's also a matter of limited resources, motivation, and luck. It's a matter of time, available personnel, money, luck, health, management, unpredictable resorce-shifting events, etc. You'll notice that, for entropic reasons, most of these factors are likely to prolong, not shorten the time required to break, build, or invent something.

So, it's not just a matter of time in this case.

So is, "I'm thinking of a number. I've encrypted it and gotten 15. What number am I thinking of?"

Indeed, they are provably unbreakable given certain conditions. I was also wondering about the assumption that algorithms and all crypto are bound to be flawed. They are not. For example it's possible to implement a perfect MAX(x,y) function. And there may simply be no sub exp(N) way of factoring the product of 2 primes.

I see where you are confused about it now. What the person who solved it did was not decryption or reversing - their process would have been somewhat like the following:

1. Determine the type of number, if possible. In this case, it is a valid MD5 hash. (This is assumed because an MD5 hash is typically represented as a 32-bit hexadecimal number)
2. Attempt to hash arbitrary strings using MD5 to find out whether they match the number.

This person probably tried several bits of data, one of which was the actual original information (the mission statement). Since a hash is supposed to be deterministic (it produces the same output from a given input, no matter how many times you do it), he got a hash that matched what he was looking for and could therefore assume that his input data was the same as their input data, and that he had solved the puzzle.

If the house deteriorates to dust before the asteroid strikes the spot where the house had been, is it still considered a win?

There's no need, since he hasn't claimed that finding a flaw is likely. You can simply agree with him about every algorithm having flaws and it being just a matter of time before they are exploited. But it doesn't follow from this that it's unsafe. It's just a matter of time before a house gets hit by an asteroid. That doesn't mean houses are unsafe.

Thanks!

But.. why always double-hashes?

why?

I am now blown away.

Step 3 in https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses

RIPEMD-160? For what is this one used in bitcoin? (guessing attempt, to create the address from the public-key?)

I don't believe the guy was talking about brute-forcing it, but finding a flaw in such algorithms. To me, he was implying that every cryptography algorithm has flaws, and it's just a matter of time before they are exploited.
I wanted to counter-argue on how unlikely it is to find such fatal flaws in any of the algorithms used in bitcoin.

Then how did they crack this if reversing a hash is not possible?
http://www.wired.com/dangerroom/2010/07/solve-the-mystery-code-in-cyber-commands-logo/

So, the champion of losers remains "Merkle–Hellman knapsack cryptosystem"?
6 years before being broken?

And, can I say MD5 was the most "messy" case of broken cryptographic algorithm (caused more actual damage)? Or WEP caused more trouble? Hard to compare I imagine...

They don't.  You likely misunderstood the intent and purpose of the contest.

Nobody not even the creator of a hash can convert a hash back to the plaintext.
All you can do it take the KNOWN SECRET hash it and compare it to the stored hash.  If they match then you have validated the secret.