Slash Boxes

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 14 submissions in the queue.
posted by martyb on Wednesday September 11 2019, @05:54AM   Printer-friendly
from the renaming-it-to-be-NSHA:-the-Not-Secure-Hashing-Algorithm dept.

Arthur T Knackerbracket has found the following story:

The Wall Street fintech Treadwell Stanton DuPont broke silence today as it announced its Research & Development and Science Teams successfully broke the SHA-256[*] hashing algorithm silently in controlled laboratory conditions over a year ago. The announcement aims to secure financial and technological platform superiority to its clients and investors worldwide.

[...] While the best public cryptanalysis has tried to break the hashing function since its inception in 2001, work on searching, developing and testing practical collision and pre-image vulnerabilities on the SHA-256 hashing algorithm began back in 2016 in Treadwell Stanton DuPont's R&D facilities, culminating 2 years later with the successful discovery of a structural weakness and the initial development of the first practical solution space of real world value by its researchers.

"While we have successfully broken all 64 rounds of pre-image resistance," said Seiijiro Takamoto, Treadwell Stanton DuPont's director of newly formed Hardware Engineering Division, "it is not our intention to bring down Bitcoin, break SSL/TLS security or crack any financial sector security whatsoever."

[*] See the SHA-2 page on Wikipedia for background on SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by stormwyrm on Wednesday September 11 2019, @03:25PM

    by stormwyrm (717) on Wednesday September 11 2019, @03:25PM (#892728) Journal

    I'm pretty sure that these people, if they feel that the actual method they used to crack SHA-256 is too risky to publish, ought to still be able to give conclusive proof that they've really cracked SHA-1, in the form of a collision for some SHA-256 hash. Let's see them give a preimage for A6:DC:A5:91:CA:32:85:A1:90:E8:D8:DB:9D:50:95:08:33:F0:F1:26:13:55:98:FE:BC:1C:92:AD:6C:50:91:EA, which is the SHA-256 of PayPal's certificate. I think a paper from Messrs. Takamoto and his colleagues in the Journal of Cryptography with this sort of demonstration would be warmly received, and a spur towards the adoption and development of other hash functions that don't use the classic Merkle–Damgård construction, e.g. SHA-3 (Keccak). But frankly, I'm not holding my breath. The fact that they went straight for the press release rather than publishing a peer-reviewed paper first raises a lot of red flags. They seem to be playing science by press release, which is almost never a good sign.

    Numquam ponenda est pluralitas sine necessitate.
    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4