Author

Topic: Is SHA256 obsolete and is it enough to guarantee security? (Read 221 times)

legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
SHA256 is used on almost everything that you use in your daily life that includes your credit card transactions or your bank account's password. The whole world would collapse if SHA256 wasn't safe enough. In the future this might change but for now It is as safe as it gets.
Not really. SHA256 isn't used in everything; for example, passwords usually uses some KDF to provide some resistance against bruteforcing. In comparison, if we figure out P = NP, the cryptography and possibly most things on earth will fail. Not really related to topic but just a nice tidbit.

Anyways, the nature of how Bitcoin uses SHA256 makes the issue not as serious as it seems. The possibility of collision or preimage attack would introduce forks by blocks or TXID with different content but same hash, tricking people into signing unintended transactions, etc. SHA256 is strong as it is currently, the complexity for something like this is still out of reach.
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
to say SHA256 is secure by only focusing on its digest size is a bit misleading because the security of it mainly comes from its algorithm being secure.

to give you an example SHA1 is not insecure because of it's 160 bit size (otherwise RIPEMD160 would have also been insecure) but instead it is unsafe because of its weak algorithm that could be exploited for certain attacks.

SHA256 is the same. being 256-bit is part of the reason for its security but also its algorithm is secure.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Do you guys think SHA256 obsolete and is it enough to guarantee security?

It's too secure. The number 2256 may not say much, but an example I had seen on a video might give you a taste.

2256 is 232 multiplied with itself 8 times. To round things up, let's just use 4,000,000,0008. A GPU can calculate a little less than 1 billion hashes, but let's assume that you've bought enough and have crammed your computer with them to achieve the 4 billion hashes per second.

So the first 4 billion will represent the hashes per second per computer.

(4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion)

The next 4 Billion would be the total computers like the one above. Google owns some millions of servers that are much less powerful than that computer, but let's say that they replaced them all with a machine like this, referenced as KiloGoogle. Four billion machines would mean about a thousand copies of Google's possession.

(4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion)

There are around 8 billion people one Earth. Picture half of them owning a KiloGoogle.

(4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion)

Imagine that on our Milky Way, there were 4 billion copies of the Earth where half people on each Earth had their personal KiloGoogle.

(4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion)

Let's assume the existence of 4 billion Milky Ways with these characteristics. We've now reached 2160 per second.

(4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion)

Four billion seconds are around 126 years and if you also multiply that with 4 billion, you get 507 billion years, which is about 37 times the age of the universe.

(4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion) (4 Billion)



So even if 4 billion people used their KiloGoogle on 4 billion different Earths of 4 billion different Milky Ways, it'd take 507 billion years to cover the 1/4,000,000,000 of the total hashes. I think it's secure.

[Link for the video: How secure is 256 bit security?]
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Why do you think that? There are no collisions reported against SHA256 and its 2^256 output space is far too large for any kind of brute force or specialized search methods.
legendary
Activity: 3276
Merit: 2442
Do you guys think SHA256 obsolete and is it enough to guarantee security?

SHA256 is used on almost everything that you use in your daily life that includes your credit card transactions or your bank account's password. The whole world would collapse if SHA256 wasn't safe enough. In the future this might change but for now It is as safe as it gets.
member
Activity: 159
Merit: 72
Do you guys think SHA256 obsolete and is it enough to guarantee security?
Jump to: