Pages:
Author

Topic: SHA256 Collision Attack - page 2. (Read 13556 times)

vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
June 28, 2012, 02:43:41 PM
#34
Unfortunately I'm in no position to prove this yet, as I don't know how to 'sign a message'
and have no BTC to spend... Sad

You now have 0.0638 BTC from me... assuming you have the private key to that address.  Send it anywhere, and your claim that you own the address is proven correct.
member
Activity: 103
Merit: 10
June 28, 2012, 02:40:47 PM
#33
The principle is simple
For every f(x) = sha256 hash there exists an f'(x) = same 256 hash

I think this was the theory in the back why a hash collision is possible for any of the existing hashes.

I believe this is wrong. There is nothing guaranteeing that there is not a unique image somewhere in the sha256 domain (byte sequences). Also, to state what I think you mean is that


for all x::[byte] there exists x'::[byte] such that

sha256(x) == sha256(x') and x != x'


But my contention is that it's not known whether thats true for all 'x'. It's certainly true that


there exists x::[byte] and x'::[byte] such that

sha256(x) == sha256(x') and x != x'


Yes mate, thanks for clearing the fact for everyone else.
Yeah it's true, i am not sure if this is possible for every sha256(x). I will have to check some documents as well.
member
Activity: 107
Merit: 10
June 28, 2012, 02:24:03 PM
#32
Don't know about Collision attacks, but I've been able to find a 11-character vanity address (the name of my band) easily, while vanitygen claimed it would take millions of years...

this is the address: 1ELECeJompinDox61L73eAUyaWpe3Q5HZB

Am I just lucky?

To successfully prove you found a vanity address, you must actually send some funds from the address, or sign a message with its private key.  Can you do that?  Otherwise all you have is proof you found a 32-bit collision on the checksum, which anyone can do quickly.  Otherwise, claiming something incredible like this as your 1st post is going to draw skepticism.

Assuming you can spend from the address, there is also the theoretical possibility that you vanitygen'd a bunch of 9-character semi-pronounceable string, picked one that looked the best (especially upper-and-lower-case-wise), and then said "that's my name!", incorporating the two digits "61" into the claim that those were exactly what you were looking for.  I mean, you did just create the account minutes before posting.


OK, you don't believe...  
Unfortunately I'm in no position to prove this yet, as I don't know how to 'sign a message'
and have no BTC to spend... Sad

I do have some questions.

How easy would it be to "vanitygen a bunch of 9-character semi-pronounceable string and pick one that looks best"?

Or has anyone else been able to vanitygen a 11+ character address (with proper capitalization)? Probably with some sort of super computer?

What is the longest vanity address to date?


PS: Of course I just created this forum account, because I thought it was worth replying to this thread.
sr. member
Activity: 283
Merit: 250
June 28, 2012, 02:16:46 PM
#31
The principle is simple
For every f(x) = sha256 hash there exists an f'(x) = same 256 hash

I think this was the theory in the back why a hash collision is possible for any of the existing hashes.

I believe this is wrong. There is nothing guaranteeing that there is not a unique image somewhere in the sha256 domain (byte sequences). Also, to state what I think you mean is that


for all x::[byte] there exists x'::[byte] such that

sha256(x) == sha256(x') and x != x'


But my contention is that it's not known whether thats true for all 'x'. It's certainly true that


there exists x::[byte] and x'::[byte] such that

sha256(x) == sha256(x') and x != x'
member
Activity: 103
Merit: 10
June 28, 2012, 02:09:04 PM
#30
The principle is simple
For every f(x) = sha256 hash there exists an f'(x) = same 256 hash

I think this was the theory in the back why a hash collision is possible for any of the existing hashes.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
June 28, 2012, 02:02:25 PM
#29
Don't know about Collision attacks, but I've been able to find a 11-character vanity address (the name of my band) easily, while vanitygen claimed it would take millions of years...

this is the address: 1ELECeJompinDox61L73eAUyaWpe3Q5HZB

Am I just lucky?

To successfully prove you found a vanity address, you must actually send some funds from the address, or sign a message with its private key.  Can you do that?  Otherwise all you have is proof you found a 32-bit collision on the checksum, which anyone can do quickly.  Otherwise, claiming something incredible like this as your 1st post is going to draw skepticism.

Assuming you can spend from the address, there is also the theoretical possibility that you vanitygen'd a bunch of 9-character semi-pronounceable string, picked one that looked the best (especially upper-and-lower-case-wise), and then said "that's my name!", incorporating the two digits "61" into the claim that those were exactly what you were looking for.  I mean, you did just create the account minutes before posting.
member
Activity: 107
Merit: 10
June 28, 2012, 01:59:29 PM
#28
Don't know about Collision attacks, but I've been able to find a 11-character vanity address (the name of my band) easily, while vanitygen claimed it would take millions of years...

this is the address: 1ELECeJompinDox61L73eAUyaWpe3Q5HZB

Am I just lucky?
legendary
Activity: 1176
Merit: 1011
June 24, 2012, 05:32:26 PM
#27
To be honest, I don't even know what a sha256 collision attack is LOL
Collision = two different pieces of data (as in sequences of bytes) that have the same sha256 checksum.

Collision attack = an attempt at abusing a collision to make a fake transaction appear valid (because even though the data is forged, its checksum still matches).

There exists an infinite amount of such collisions (since there is an infinite number of possible byte sequences, yet only 2256 different sha256 hashes) but it's gonna be pretty darn difficult to actually find one. And that's quite an understatement (see the rough calculation posted earlier).

Quote
But it does not sound good.
No worries, it's not a problem whatsoever. First of all cause nobody will be able to find one in the foreseeable future, second because even if somebody accidentally runs into a collision, this is absolutely no threat to Bitcoin by any stretch of the imagination.

Only if someone "breaks" sha256, that is finding a practical way to deliberately generate a piece of data that results in a given sha256, we'd be effed. But as unlikely it is that somebody will even find just a random accidental single collision (and I'm really talking incredibly, astronomically, EXTREMELY unlikely here), it is still many, MANY orders of magnitude more unlikely that someone will actually break sha256.
 
Oh and by the way, if someone does break sha256, you can't trust online banking and credit card systems anymore either.
legendary
Activity: 1176
Merit: 1011
June 24, 2012, 05:18:41 PM
#26
I know 7.
Post one, and 1000 bitcoins will come your way, sir!
hero member
Activity: 560
Merit: 500
June 24, 2012, 03:13:29 PM
#25
surely OP will deliver...
newbie
Activity: 42
Merit: 0
June 24, 2012, 03:10:08 PM
#24
I know 7.

Pfft... I found upwards of 70 this week alone...

To be honest, I don't even know what a sha256 collision attack is LOL

But it does not sound good.
legendary
Activity: 938
Merit: 1000
What's a GPU?
June 24, 2012, 03:06:49 PM
#23
I know 7.

Pfft... I found upwards of 70 this week alone...
newbie
Activity: 42
Merit: 0
June 24, 2012, 02:54:12 PM
#22
I know 7.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
June 24, 2012, 07:28:16 AM
#21
I'm still waiting for that collision  Roll Eyes
legendary
Activity: 1176
Merit: 1011
June 24, 2012, 06:37:29 AM
#20
Let's put it otherwise: can you post a single collision (two different pieces of data having the same sha256 hash) somewhere later this month? Good luck sir Wink
Any news on this? Smiley
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
June 08, 2012, 01:01:11 AM
#19
360 BTC is probably also all you could possibly mine unless you really really broke SHA.

The best thing is indeed to tell Gavin. The next best thing is tell him after a few days (and say you were testing it.)
hero member
Activity: 504
Merit: 500
June 08, 2012, 12:56:59 AM
#18
If you break SHA the best thing to do would be to quietly let gavin know and wait for bitcoin to be fixed with an announcement that you broke it and were responsible for no one being ripped off because you only let gavin know, and the BTC "thankyou" payments will start rolling in
hero member
Activity: 1596
Merit: 502
June 08, 2012, 12:16:29 AM
#17
5000 is a little to much I think, only 24*6*50 = 7200 / day are mined, so 5000 is almost 70% of total.
If you just mine 5% it is 360 BTC, somewhere like $1800 a day, it is much harder to notice so the chance of someone finding out is much less likely.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
June 07, 2012, 11:07:19 PM
#16
doh. I confused SHA256 with the ECDSA keypair. But what I meant applies to whoever breaks whatever algorithm. Just mine bitcoins. You'd get 5000 a day easy if you broke SHA.
newbie
Activity: 5
Merit: 0
June 06, 2012, 08:05:06 PM
#15
Dabs: SHA-256 isn't used to sign transactions. You can't use it to steal money directly. You could exploit weaknesses by forking the blockchain, or, more practical, just earn a lot of BitCoins by mining at a not-too-suspicious rate. Even then, you need something better than just the ability to find a random collision.
Pages:
Jump to: