SoylentNews is people
SoylentNews
from the renaming-it-to-be-NSHA:-the-Not-Secure-Hashing-Algorithm dept.
Arthur T Knackerbracket has found the following story:
The Wall Street fintech Treadwell Stanton DuPont broke silence today as it announced its Research & Development and Science Teams successfully broke the SHA-256[*] hashing algorithm silently in controlled laboratory conditions over a year ago. The announcement aims to secure financial and technological platform superiority to its clients and investors worldwide.
[...] While the best public cryptanalysis has tried to break the hashing function since its inception in 2001, work on searching, developing and testing practical collision and pre-image vulnerabilities on the SHA-256 hashing algorithm began back in 2016 in Treadwell Stanton DuPont's R&D facilities, culminating 2 years later with the successful discovery of a structural weakness and the initial development of the first practical solution space of real world value by its researchers.
"While we have successfully broken all 64 rounds of pre-image resistance," said Seiijiro Takamoto, Treadwell Stanton DuPont's director of newly formed Hardware Engineering Division, "it is not our intention to bring down Bitcoin, break SSL/TLS security or crack any financial sector security whatsoever."
[*] See the SHA-2 page on Wikipedia for background on SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.
(Score: 4, Interesting) by stormwyrm on Wednesday September 11 2019, @03:25PM
I'm pretty sure that these people, if they feel that the actual method they used to crack SHA-256 is too risky to publish, ought to still be able to give conclusive proof that they've really cracked SHA-1, in the form of a collision for some SHA-256 hash. Let's see them give a preimage for A6:DC:A5:91:CA:32:85:A1:90:E8:D8:DB:9D:50:95:08:33:F0:F1:26:13:55:98:FE:BC:1C:92:AD:6C:50:91:EA, which is the SHA-256 of PayPal's certificate. I think a paper from Messrs. Takamoto and his colleagues in the Journal of Cryptography with this sort of demonstration would be warmly received, and a spur towards the adoption and development of other hash functions that don't use the classic Merkle–Damgård construction, e.g. SHA-3 (Keccak). But frankly, I'm not holding my breath. The fact that they went straight for the press release rather than publishing a peer-reviewed paper first raises a lot of red flags. They seem to be playing science by press release, which is almost never a good sign.
Numquam ponenda est pluralitas sine necessitate.