Topic: SHA256 Collision Attack - page 2. (Read 13522 times)

You now have 0.0638 BTC from me... assuming you have the private key to that address.  Send it anywhere, and your claim that you own the address is proven correct.

Yes mate, thanks for clearing the fact for everyone else.
Yeah it's true, i am not sure if this is possible for every sha256(x). I will have to check some documents as well.

OK, you don't believe...  
Unfortunately I'm in no position to prove this yet, as I don't know how to 'sign a message'
and have no BTC to spend...

I do have some questions.

How easy would it be to "vanitygen a bunch of 9-character semi-pronounceable string and pick one that looks best"?

Or has anyone else been able to vanitygen a 11+ character address (with proper capitalization)? Probably with some sort of super computer?

What is the longest vanity address to date?


PS: Of course I just created this forum account, because I thought it was worth replying to this thread.

I believe this is wrong. There is nothing guaranteeing that there is not a unique image somewhere in the sha256 domain (byte sequences). Also, to state what I think you mean is that

for all x::[byte] there exists x'::[byte] such that

sha256(x) == sha256(x') and x != x'

But my contention is that it's not known whether thats true for all 'x'. It's certainly true that

there exists x::[byte] and x'::[byte] such that

sha256(x) == sha256(x') and x != x'

The principle is simple
For every f(x) = sha256 hash there exists an f'(x) = same 256 hash

I think this was the theory in the back why a hash collision is possible for any of the existing hashes.

To successfully prove you found a vanity address, you must actually send some funds from the address, or sign a message with its private key.  Can you do that?  Otherwise all you have is proof you found a 32-bit collision on the checksum, which anyone can do quickly.  Otherwise, claiming something incredible like this as your 1st post is going to draw skepticism.

Assuming you can spend from the address, there is also the theoretical possibility that you vanitygen'd a bunch of 9-character semi-pronounceable string, picked one that looked the best (especially upper-and-lower-case-wise), and then said "that's my name!", incorporating the two digits "61" into the claim that those were exactly what you were looking for.  I mean, you did just create the account minutes before posting.

Don't know about Collision attacks, but I've been able to find a 11-character vanity address (the name of my band) easily, while vanitygen claimed it would take millions of years...

this is the address: 1ELECeJompinDox61L73eAUyaWpe3Q5HZB

Am I just lucky?

Collision = two different pieces of data (as in sequences of bytes) that have the same sha256 checksum.

Collision attack = an attempt at abusing a collision to make a fake transaction appear valid (because even though the data is forged, its checksum still matches).

There exists an infinite amount of such collisions (since there is an infinite number of possible byte sequences, yet only 2²⁵⁶ different sha256 hashes) but it's gonna be pretty darn difficult to actually find one. And that's quite an understatement (see the rough calculation posted earlier).

No worries, it's not a problem whatsoever. First of all cause nobody will be able to find one in the foreseeable future, second because even if somebody accidentally runs into a collision, this is absolutely no threat to Bitcoin by any stretch of the imagination.

Only if someone "breaks" sha256, that is finding a practical way to deliberately generate a piece of data that results in a given sha256, we'd be effed. But as unlikely it is that somebody will even find just a random accidental single collision (and I'm really talking incredibly, astronomically, EXTREMELY unlikely here), it is still many, MANY orders of magnitude more unlikely that someone will actually break sha256.
 
Oh and by the way, if someone does break sha256, you can't trust online banking and credit card systems anymore either.

Post one, and 1000 bitcoins will come your way, sir!

surely OP will deliver...

To be honest, I don't even know what a sha256 collision attack is LOL

But it does not sound good.

Pfft... I found upwards of 70 this week alone...

I know 7.

I'm still waiting for that collision 

Any news on this?

360 BTC is probably also all you could possibly mine unless you really really broke SHA.

The best thing is indeed to tell Gavin. The next best thing is tell him after a few days (and say you were testing it.)

If you break SHA the best thing to do would be to quietly let gavin know and wait for bitcoin to be fixed with an announcement that you broke it and were responsible for no one being ripped off because you only let gavin know, and the BTC "thankyou" payments will start rolling in

5000 is a little to much I think, only 24*6*50 = 7200 / day are mined, so 5000 is almost 70% of total.
If you just mine 5% it is 360 BTC, somewhere like $1800 a day, it is much harder to notice so the chance of someone finding out is much less likely.

doh. I confused SHA256 with the ECDSA keypair. But what I meant applies to whoever breaks whatever algorithm. Just mine bitcoins. You'd get 5000 a day easy if you broke SHA.

Dabs: SHA-256 isn't used to sign transactions. You can't use it to steal money directly. You could exploit weaknesses by forking the blockchain, or, more practical, just earn a lot of BitCoins by mining at a not-too-suspicious rate. Even then, you need something better than just the ability to find a random collision.