Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday September 11 2019, @05:54AM   Printer-friendly
from the renaming-it-to-be-NSHA:-the-Not-Secure-Hashing-Algorithm dept.

Arthur T Knackerbracket has found the following story:

The Wall Street fintech Treadwell Stanton DuPont broke silence today as it announced its Research & Development and Science Teams successfully broke the SHA-256[*] hashing algorithm silently in controlled laboratory conditions over a year ago. The announcement aims to secure financial and technological platform superiority to its clients and investors worldwide.

[...] While the best public cryptanalysis has tried to break the hashing function since its inception in 2001, work on searching, developing and testing practical collision and pre-image vulnerabilities on the SHA-256 hashing algorithm began back in 2016 in Treadwell Stanton DuPont's R&D facilities, culminating 2 years later with the successful discovery of a structural weakness and the initial development of the first practical solution space of real world value by its researchers.

"While we have successfully broken all 64 rounds of pre-image resistance," said Seiijiro Takamoto, Treadwell Stanton DuPont's director of newly formed Hardware Engineering Division, "it is not our intention to bring down Bitcoin, break SSL/TLS security or crack any financial sector security whatsoever."

[*] See the SHA-2 page on Wikipedia for background on SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by Anonymous Coward on Wednesday September 11 2019, @12:33PM (2 children)

    by Anonymous Coward on Wednesday September 11 2019, @12:33PM (#892644)

    Definitely trust but verify.

    Show two different hash inputs that make the same output.
    That should not divulge (much) about what they did.

    (Unless there is some other sense of the word 'break' associated with a hash?)

    Starting Score:    0  points
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 2) by ElizabethGreene on Wednesday September 11 2019, @12:42PM (1 child)

    by ElizabethGreene (6748) Subscriber Badge on Wednesday September 11 2019, @12:42PM (#892647) Journal

    > Show two different hash inputs that make the same output.

    This is not an unreasonable bar for credibility for someone making a claim of a collision break.

    • (Score: 0) by Anonymous Coward on Wednesday September 11 2019, @01:09PM

      by Anonymous Coward on Wednesday September 11 2019, @01:09PM (#892660)

      Bonus points if the two inputs show that you can make the hash collision by only changing a few bits selected bits.
      (For example, flip the first bit in the input and then fix the hash by adjusting the last N bits in the input, when N is about the same size as the hash.)
      Finding a random looking hash collision is neat, but finding one that looks like a real transaction is extraordinary.

      Definitely a high bar to break the hash, but a low bar to show that you did.
      That these folks don't show a result could say that the 2 inputs may show something about the hole they drove the truck through.

      The problem with their story is that if they found a hole, others will also.
      (it's funny how much more possible it is to solve some problems after know know they are solvable.)
      If they really want to save the world, they need to be a bit more convincing.
      As it stands, it sounds more like a cold fusion event.
      Maybe good enough to wake up some bad guys, but not good enough to make the world prepare for them.