Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.
posted by martyb on Wednesday September 11 2019, @05:54AM   Printer-friendly
from the renaming-it-to-be-NSHA:-the-Not-Secure-Hashing-Algorithm dept.

Arthur T Knackerbracket has found the following story:

The Wall Street fintech Treadwell Stanton DuPont broke silence today as it announced its Research & Development and Science Teams successfully broke the SHA-256[*] hashing algorithm silently in controlled laboratory conditions over a year ago. The announcement aims to secure financial and technological platform superiority to its clients and investors worldwide.

[...] While the best public cryptanalysis has tried to break the hashing function since its inception in 2001, work on searching, developing and testing practical collision and pre-image vulnerabilities on the SHA-256 hashing algorithm began back in 2016 in Treadwell Stanton DuPont's R&D facilities, culminating 2 years later with the successful discovery of a structural weakness and the initial development of the first practical solution space of real world value by its researchers.

"While we have successfully broken all 64 rounds of pre-image resistance," said Seiijiro Takamoto, Treadwell Stanton DuPont's director of newly formed Hardware Engineering Division, "it is not our intention to bring down Bitcoin, break SSL/TLS security or crack any financial sector security whatsoever."

[*] See the SHA-2 page on Wikipedia for background on SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday September 11 2019, @03:10PM (2 children)

    by Anonymous Coward on Wednesday September 11 2019, @03:10PM (#892720)

    Not releasing details is exactly what any responsible party would do when finding something like this, because there is so much of this stuff in use. So them not releasing any details does not harm their credibility. Once details are released, it could become trivial since off the shelve programs would become widely available to abuse it.

    If they did find way to crack it, its also possible others know about it, since there are even better funded people who are looking for problems like this (states) , but for their own purposes and would themselves likely keep it out of public view as well since they want it for their own uses, since if it did become public information then it would no longer be of use to them.

    Not releasing the details right now would be to keep it out of the hands of every two bit scumbag scammer on the planet until a replacement algorithm is moved to (SHA-3). Always good to have more backups and bigger safety margins. SHA-10000 anyone?

  • (Score: 0) by Anonymous Coward on Wednesday September 11 2019, @05:13PM (1 child)

    by Anonymous Coward on Wednesday September 11 2019, @05:13PM (#892797)

    Than why wait over a year to announce it?

    • (Score: 1) by DECbot on Friday September 13 2019, @06:08PM

      by DECbot (832) on Friday September 13 2019, @06:08PM (#893776) Journal

      Because that is the computational time necessary to compute a solution to confirm their findings?

      --
      cats~$ sudo chown -R us /home/base