Pages:
Author

Topic: Has the NSA already broken bitcoin? - page 11. (Read 50498 times)

legendary
Activity: 1400
Merit: 1013
January 24, 2014, 09:38:09 AM
Guys I think the community need to take it seriously about NSA breaking the encryption.
I will as soon as you can explain in specific terms exactly what the NSA can do to Bitcoin with a quantum computer.
full member
Activity: 392
Merit: 116
Worlds Simplest Cryptocurrency Wallet
January 24, 2014, 08:58:37 AM
I have a fantastic idea - lets use an NSA algorithm to secure Bitcoin!!
They're good people. Who's with me?
sr. member
Activity: 434
Merit: 252
January 24, 2014, 07:35:18 AM
Angry
Guys I think the community need to take it seriously about NSA breaking the encryption.


WAKEUPCALL --

NSA Just bought a D-wave QUANTUM COMPUTER!!! in there brand new 1billion data senter in utar...

This isnt a dream its going to become a reality and you programmer peps need to get yr ass's in gear and look at a post quantum computer bitcoin world..

Links Below

http://www.extremetech.com/computing/173898-the-nsa-is-building-a-quantum-computer-to-crack-encryption

http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/02/confused-about-the-nsas-quantum-computing-project-this-mit-computer-scientist-can-explain/

And heres the wiki on there fancy data center thats gonna fu@k our economy up..!
http://en.wikipedia.org/wiki/Utah_Data_Center

Not quite the proverbial "box of fans," but nothing to panic over yet.

Search for previous threads on this topic. They're very interesting.
hero member
Activity: 616
Merit: 500
January 24, 2014, 07:34:37 AM
How is our owning a data analysis center going to ruin the economy?
newbie
Activity: 1
Merit: 0
January 24, 2014, 04:31:13 AM
 Angry
Guys I think the community need to take it seriously about NSA breaking the encryption.

http://techstring.files.wordpress.com/2014/01/lw4a1956.jpg?w=474&h=316
WAKEUPCALL --

NSA Just bought a D-wave QUANTUM COMPUTER!!! in there brand new 1billion data senter in utar...

This isnt a dream its going to become a reality and you programmer peps need to get yr ass's in gear and look at a post quantum computer bitcoin world..

Links Below

http://www.extremetech.com/computing/173898-the-nsa-is-building-a-quantum-computer-to-crack-encryption

http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/02/confused-about-the-nsas-quantum-computing-project-this-mit-computer-scientist-can-explain/

And heres the wiki on there fancy data center thats gonna fu@k our economy up..!
http://en.wikipedia.org/wiki/Utah_Data_Center
legendary
Activity: 1624
Merit: 1001
All cryptos are FIAT digital currency. Do not use.
November 05, 2013, 09:31:51 PM
From the horse's mouth..

http://www.democracynow.org/2013/9/6/the_end_of_internet_privacy_glenn

If you ask me, anything is possible. After all, its only data.
legendary
Activity: 966
Merit: 1001
Energy is Wealth
November 05, 2013, 04:47:58 PM
NSA does not need to break bitcoin, something bigger is in the pipelines https://bitcointalksearch.org/topic/internet-to-fracture-along-national-borders-325642
member
Activity: 112
Merit: 10
Looking to start various enterprises
November 05, 2013, 04:41:34 PM
I don't believe it... I could never think of any sci-fi-ass machine capable of cracking SHA256. Of course with Snowden's verification, how could it be false? I'm horrified. Are our savings subject to overnight destruction?
Even if they have broken encryption hashing has not been broken.  Bitcoin users not effected.

Plus we know how SHA works and lots of people had analysed it. Its safe
donator
Activity: 1218
Merit: 1079
Gerald Davis
November 05, 2013, 04:02:53 PM
am i correct that a PRNG on a pc is used 2 ways in Bitcoin; generating a nonce for ECDSA signed tx's and generating SHA256 private keys?  any other function i'm missing?

For QT wallet (and probably othets) the encryption passphrase is salted using a nonce.  For deterministic wallets the master private key seed would be randomly generated.
hero member
Activity: 616
Merit: 500
November 05, 2013, 08:21:16 AM
nah, Gav addressed this and that's the point of the open surce, you can see the code, and you would just for back to the earlier version. This years 0.8 --> 0.7 for show how quickly this can happen an how transitory its effect was on price

The point made a few pages back was that opensource is a ruse--backdoors in closed source software on the host and client machines bypass the in-between security, rendering the opensource safety net moot.

what close source.....and you can air gap

Any closed source.. anything running on your computer which isn't open source. And as mentioned before, there are developers in the open source world who are planted by various agencies for XYZ reasons.

The old x files adage is true, trust no one, and presume your system is compromised.
legendary
Activity: 2632
Merit: 1023
November 05, 2013, 06:32:15 AM
nah, Gav addressed this and that's the point of the open surce, you can see the code, and you would just for back to the earlier version. This years 0.8 --> 0.7 for show how quickly this can happen an how transitory its effect was on price

The point made a few pages back was that opensource is a ruse--backdoors in closed source software on the host and client machines bypass the in-between security, rendering the opensource safety net moot.

what close source.....and you can air gap
hero member
Activity: 616
Merit: 500
October 22, 2013, 11:44:08 AM
nah, Gav addressed this and that's the point of the open surce, you can see the code, and you would just for back to the earlier version. This years 0.8 --> 0.7 for show how quickly this can happen an how transitory its effect was on price

The point made a few pages back was that opensource is a ruse--backdoors in closed source software on the host and client machines bypass the in-between security, rendering the opensource safety net moot.
legendary
Activity: 1764
Merit: 1002
October 22, 2013, 11:18:52 AM
am i correct that a PRNG on a pc is used 2 ways in Bitcoin; generating a nonce for ECDSA signed tx's and generating SHA256 private keys?  any other function i'm missing?
legendary
Activity: 2632
Merit: 1023
October 22, 2013, 11:08:00 AM
so what's the consensus here? NSA does or does not have a backdoor into SHA-256? that would be pretty worrisome.... thinking this is FUD, though.
The NSA has no need to put a backdoor in SHA-256 when all they need to do is backdoor the developers.



For the most part, the primary developers all:

  • are married
  • have children
  • have established careers with companies or academic institutions which are not easy to replace

Those three things are notable because those characteristics make them more vulnerable to extortion and blackmail than they might otherwise be.

Backdooring SHA-256 is presumably difficult.

On the other hand, threatening a core developer or two until they play ball is easy. Then their handlers just need to tell them to backdoor bitcoin in two steps:

First, build a trackable alternative to Bitcoin's most troublesome (from the NSA's perspective) features, such as the ability to send funds to an arbitrary public key.

Next, deprecate and remove the old function so that users no longer have the ability to avoid tracking.

nah, Gav addressed this and that's the point of the open surce, you can see the code, and you would just for back to the earlier version. This years 0.8 --> 0.7 for show how quickly this can happen an how transitory its effect was on price
hero member
Activity: 784
Merit: 1000
October 21, 2013, 07:59:46 PM
Breaking SHA256 is pretty unlikely, that being said I still think we may change the wallet address hashing into something like SHA256(XOR(PubKey,SHA256(PubKey))), that will make any preimage attack against SHA256 useless.
legendary
Activity: 1400
Merit: 1013
October 21, 2013, 07:37:21 PM
so what's the consensus here? NSA does or does not have a backdoor into SHA-256? that would be pretty worrisome.... thinking this is FUD, though.
The NSA has no need to put a backdoor in SHA-256 when all they need to do is backdoor the developers.



For the most part, the primary developers all:

  • are married
  • have children
  • have established careers with companies or academic institutions which are not easy to replace

Those three things are notable because those characteristics make them more vulnerable to extortion and blackmail than they might otherwise be.

Backdooring SHA-256 is presumably difficult.

On the other hand, threatening a core developer or two until they play ball is easy. Then their handlers just need to tell them to backdoor bitcoin in two steps:

First, build a trackable alternative to Bitcoin's most troublesome (from the NSA's perspective) features, such as the ability to send funds to an arbitrary public key.

Next, deprecate and remove the old function so that users no longer have the ability to avoid tracking.
donator
Activity: 1218
Merit: 1079
Gerald Davis
October 21, 2013, 07:25:42 PM
The NSA created Bitcoin and used ECDSA in it because they already had it broken.

This risk is already mitigated for any bitcoin address that has not been used for spending (i.e. its public key is not yet known).

Even if ECDSA is broken wide open, it doesn't really matter with respect to bitcoins that have been received at addresses that have never been used for spending, because the corresponding ECDSA public key is not known and cannot be determined without also breaking both RIPEMD160 and SHA256 simultaneously.


Can anyone speak to the issue, if I use a deterministic wallet (eg electrum,) and I spend from one address, thus ECDSA is all that is needed to be cracked, can that private key be used to access the rest of the address even though Unspent.

Thus would it be safer if I use multibit or the QT, as the issue is in the random generation only but the secon vulnerability is no their as those addresses are not determanisitc.

Where is the best place to generate the safest addresses keys, as I like the electrum interface and could always import keys.

I have tried to raise this in the elctrum sub boards, and the answer was not as definitive as I would have hoped.


My understanding (and please double verify) is that a known private key only will not enable you to find another private key, even multiple known private keys won't.  However if the master seed public key AND one private key from the wallet are known it is possible to compute the master seed private key and from that compute all private keys in the wallet. Then again there is no need to ever reveal your master seed public key or a private key so I don't see it as much of an enhanced threat.

Random Wallet
reveal private key - compromise one address
reveal wallet.dat (and passphrase) - compromise entire wallet

Detemrinistic Wallet
reveal private key - compromise one address
reveal wallet file (and passphrase) - compromise entire wallet
reveal master private key - compromise entire wallet
reveal private key AND master seed public key - compromise entire wallet

The first two vulnerabilities are the same.  The third one I just included to be explicit but honestly if an attacker can gain your master seed private key (which resides only in the wallet) it is highly likely your computer is compromised and a random wallet wouldn't provide any more security.

The last scenario is one where a user could (in theory) out themselves.   For example say a user puts master public key seed on a website (so site can generate public keys and a compromise won't result in a loss of a private key).  The user also foolishly gives someone some funds by giving them a single private key.  If an attacker took the known private key and compromised the website to gain the master public key seed then the two could be used together to compromise the entire wallet.  Simple solution don't reveal private keys and if you do generate a new wallet (and thus new master private & public keys) and transfer all funds to the new wallet.






legendary
Activity: 1736
Merit: 1006
October 21, 2013, 05:41:06 PM
I'm reading this book right now. Pretty on topic. In this novel the NSA can decrypt any algorithm except one...



I'm sorry for your loss.  That book is total junk.  At least with the other formulaic dan brown novels, they touch on something he knows about (religious history).  This one does not.  
I'm reading about 1 novel a year. Much more than that when I was younger. I don't expect everything in this book to be accurate. I'm 50% done and enjoying it. The rest of the years, I'm reading technical books and stuff so this is relaxing for my mind.

Even his books on religious history are purely for entertainment and are seriously 'out there' on doctrine. If his cryptography treatment is similar, then accept it with a ten-ton salt boulder. Don't take Dan Brown so seriously.
hero member
Activity: 686
Merit: 500
October 21, 2013, 05:27:35 PM
so what's the consensus here? NSA does or does not have a backdoor into SHA-256? that would be pretty worrisome.... thinking this is FUD, though.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
October 21, 2013, 05:08:03 PM
That's one reason I don't use deterministic wallets. You guess the master key somehow, you get all the keys. If you can get it from one of the spent keys, I don't know and that is up for debate, but I'd rather not take the risk when it is so easy to just use a brand new randomly generated bitcoin address.

How well do you know your RNG that created those addresses?
Pages:
Jump to: