Arthur T Knackerbracket has found the following story:
The Wall Street fintech Treadwell Stanton DuPont broke silence today as it announced its Research & Development and Science Teams successfully broke the SHA-256[*] hashing algorithm silently in controlled laboratory conditions over a year ago. The announcement aims to secure financial and technological platform superiority to its clients and investors worldwide.
[...] While the best public cryptanalysis has tried to break the hashing function since its inception in 2001, work on searching, developing and testing practical collision and pre-image vulnerabilities on the SHA-256 hashing algorithm began back in 2016 in Treadwell Stanton DuPont's R&D facilities, culminating 2 years later with the successful discovery of a structural weakness and the initial development of the first practical solution space of real world value by its researchers.
"While we have successfully broken all 64 rounds of pre-image resistance," said Seiijiro Takamoto, Treadwell Stanton DuPont's director of newly formed Hardware Engineering Division, "it is not our intention to bring down Bitcoin, break SSL/TLS security or crack any financial sector security whatsoever."
[*] See the SHA-2 page on Wikipedia for background on SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.
(Score: 0) by Anonymous Coward on Wednesday September 11 2019, @06:35AM (4 children)
I have heard an independent third party claim it was breakable, although it was still computationally expensive to do. Real-time website handshaking is impractical for now, but any long term signature verification requiring more than a few months of hash security should be looked at as suspect, or ideally combined with multiple checksums from different families, making the likelihood of a union of duplicate collisions next to impossible mathematically speaking.
(Score: 1, Informative) by Anonymous Coward on Wednesday September 11 2019, @08:03AM (2 children)
The problem with combining hash functions is two fold: First, you may get weird interactions between the two that can make it even weaker than the system should be in theory. Second is that your hash is only as secure as the weakest hash because you can exploit the weaknesses in that hash to control the outputs of the stronger hash and the system as a whole, in the vast, vast majority of implementations.
The only exception to the second rule is concatenation of outputs with non-identical inputs, which is not what most people implement. On top of that, the theoretical strength of concatenation of hashes with non-identical inputs is not that much more than the strongest hash by itself, especially when compared to raising the parameters of modern hashes.
(Score: 1, Insightful) by Anonymous Coward on Wednesday September 11 2019, @11:52AM (1 child)
Having 2 or more individual hashes, from different ciphers or techniques should not interact in the way you describe. This does mean that tiy either need multiple passes over the data or a specially optimized set of functions that can iterate the data through multiple ciphers side by side, allowing the performance benefit of the current data still being in-memory for each hashing function's pass. Given modern cpu technology the cpu time is negligible but the disk i/o wasted could be dramatic.
(Score: 0) by Anonymous Coward on Wednesday September 11 2019, @06:51PM
If you are talking about something like H1(H2(password)), H1(password)||H2(password), H1(password) xor H2(password), etc. then they absolutely do interact that way. There are numerous papers that prove that, which I can find when off work, if you'd like.
(Score: 4, Interesting) by FatPhil on Wednesday September 11 2019, @08:37AM
Which is noticeably absent in both your comment and TFPR (yes, it is a press release).
So I'm with the "pump & dump" school here.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves