Arthur T Knackerbracket has found the following story:
The Wall Street fintech Treadwell Stanton DuPont broke silence today as it announced its Research & Development and Science Teams successfully broke the SHA-256[*] hashing algorithm silently in controlled laboratory conditions over a year ago. The announcement aims to secure financial and technological platform superiority to its clients and investors worldwide.
[...] While the best public cryptanalysis has tried to break the hashing function since its inception in 2001, work on searching, developing and testing practical collision and pre-image vulnerabilities on the SHA-256 hashing algorithm began back in 2016 in Treadwell Stanton DuPont's R&D facilities, culminating 2 years later with the successful discovery of a structural weakness and the initial development of the first practical solution space of real world value by its researchers.
"While we have successfully broken all 64 rounds of pre-image resistance," said Seiijiro Takamoto, Treadwell Stanton DuPont's director of newly formed Hardware Engineering Division, "it is not our intention to bring down Bitcoin, break SSL/TLS security or crack any financial sector security whatsoever."
[*] See the SHA-2 page on Wikipedia for background on SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.
(Score: 2) by RamiK on Wednesday September 11 2019, @12:29PM (1 child)
I'm guessing they're referencing https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html [googleblog.com] .
Most distros switched away from MD5 and SHA256 around that time so that's something I suppose.
Btw, Secure Boot uses SHA256... :D
compiling...
(Score: 2) by eravnrekaree on Wednesday September 11 2019, @04:34PM
SHA-1 is known to be broken for some time. SHA-256 is not SHA-1, and it seems like people think SHA-256 still considered secure.