Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 14 submissions in the queue.
posted by martyb on Wednesday September 11 2019, @05:54AM   Printer-friendly
from the renaming-it-to-be-NSHA:-the-Not-Secure-Hashing-Algorithm dept.

Arthur T Knackerbracket has found the following story:

The Wall Street fintech Treadwell Stanton DuPont broke silence today as it announced its Research & Development and Science Teams successfully broke the SHA-256[*] hashing algorithm silently in controlled laboratory conditions over a year ago. The announcement aims to secure financial and technological platform superiority to its clients and investors worldwide.

[...] While the best public cryptanalysis has tried to break the hashing function since its inception in 2001, work on searching, developing and testing practical collision and pre-image vulnerabilities on the SHA-256 hashing algorithm began back in 2016 in Treadwell Stanton DuPont's R&D facilities, culminating 2 years later with the successful discovery of a structural weakness and the initial development of the first practical solution space of real world value by its researchers.

"While we have successfully broken all 64 rounds of pre-image resistance," said Seiijiro Takamoto, Treadwell Stanton DuPont's director of newly formed Hardware Engineering Division, "it is not our intention to bring down Bitcoin, break SSL/TLS security or crack any financial sector security whatsoever."

[*] See the SHA-2 page on Wikipedia for background on SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by stormwyrm on Wednesday September 11 2019, @03:25PM

    by stormwyrm (717) on Wednesday September 11 2019, @03:25PM (#892728) Journal

    I'm pretty sure that these people, if they feel that the actual method they used to crack SHA-256 is too risky to publish, ought to still be able to give conclusive proof that they've really cracked SHA-1, in the form of a collision for some SHA-256 hash. Let's see them give a preimage for A6:DC:A5:91:CA:32:85:A1:90:E8:D8:DB:9D:50:95:08:33:F0:F1:26:13:55:98:FE:BC:1C:92:AD:6C:50:91:EA, which is the SHA-256 of PayPal's certificate. I think a paper from Messrs. Takamoto and his colleagues in the Journal of Cryptography with this sort of demonstration would be warmly received, and a spur towards the adoption and development of other hash functions that don't use the classic Merkle–Damgård construction, e.g. SHA-3 (Keccak). But frankly, I'm not holding my breath. The fact that they went straight for the press release rather than publishing a peer-reviewed paper first raises a lot of red flags. They seem to be playing science by press release, which is almost never a good sign.

    --
    Numquam ponenda est pluralitas sine necessitate.
    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4