This isn't crypto related, but hilarious in it's adjacency.
A warehouse initially alleged to house a cryptocurrency mining operation confused cryptobros because it contained thousands and thousands of PS4 Slims, which are not renowned for their crypto mining potential.
But they weren't mining crypto. They were manned by bots playing FIFA to mine millions of FIFA coins.
This being exactly crypto; artificial scarcity on electronic assets driving value and then bots.
Only difference is crypto doesn't need game servers.
There wouldn't be artificial scarcity though would it? The amount of FIFA coins an individual can earn playing the game is theoretically limitless and the farmer here is just selling coins (or likely the accounts) for cash.
This isn't crypto related, but hilarious in it's adjacency.
A warehouse initially alleged to house a cryptocurrency mining operation confused cryptobros because it contained thousands and thousands of PS4 Slims, which are not renowned for their crypto mining potential.
But they weren't mining crypto. They were manned by bots playing FIFA to mine millions of FIFA coins.
This being exactly crypto; artificial scarcity on electronic assets driving value and then bots.
Only difference is crypto doesn't need game servers.
There wouldn't be artificial scarcity though would it? The amount of FIFA coins an individual can earn playing the game is theoretically limitless and the farmer here is just selling coins (or likely the accounts) for cash.
This is more like WoW goldfarming.
The gold in WoW is as limitless as the points in FIFA.
Edit: The artificial scarcity for both is limiting how they can be obtained, usually costing time, and artificial scarcity for what they can get a player, in game items.
Quid on
+6
Options
ButtersA glass of some milksRegistered Userregular
I don't know about other crypto, but bitcoin's scarcity is permanently baked in as there is a non-theoretical maximum amount that can be mined. That and the fact wallets can be lost makes the scarcity of crypto more prominent than video game bucks.
Plus, the FIFA currency (or at least the products it can buy) can be purchased with real dollars by anyone for a rate that does not fluctuate. Taking that into account, I don't see how you can say there is any scarcity real or artificial.
I don't know about other crypto, but bitcoin's scarcity is permanently baked in as there is a non-theoretical maximum amount that can be mined. That and the fact wallets can be lost makes the scarcity of crypto more prominent than video game bucks.
Plus, the FIFA currency (or at least the products it can buy) can be purchased with real dollars by anyone for a rate that does not fluctuate. Taking that into account, I don't see how you can say there is any scarcity real or artificial.
19 million of the 21 million total has already been mined.
So if we're ever to switch the world economy to Bitcoin we'll need to buy most of the bitcoins from current owners.
This is the theory behind "hlod", Eventually they'll have to buy it from you, and in that Future, you can sit like an Harkonnen Duke on your hover-chair, and demand they DANCE, DANCE! also, more sex and drugs!
Artificial scarcity is limiting the production of something despite having the capacity to produce more. How extensive that limitation is is irrelevant. FIFA points and the things they buy in this case are limited by requiring payment or time put in to buy digital goods. Currency and goods that only hold value to people because EA withholds them.
Any currency that isn't built entirely on scarce physical goods (cowrie shells, etc.) is going to be artificially scarce. That's not the real issue with crypto or FIFA funbucks.
Any currency that isn't built entirely on scarce physical goods (cowrie shells, etc.) is going to be artificially scarce. That's not the real issue with crypto or FIFA funbucks.
In fact, it's better that they aren't backed by scarce physical goods! Fiat currencies are a /good/ thing. The real issue with cryptocurrency is that no one has any control over the supply of cryptocurrency.
Any currency that isn't built entirely on scarce physical goods (cowrie shells, etc.) is going to be artificially scarce. That's not the real issue with crypto or FIFA funbucks.
In fact, it's better that they aren't backed by scarce physical goods! Fiat currencies are a /good/ thing. The real issue with cryptocurrency is that no one has any control over the supply of cryptocurrency.
There are a lot of real issues with cryptocurrency but that's not one. Whomever creates the coin gets to decide what the supply is like.
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Thankfully, most likely P ≠ NP.
($1,000,000 if you can prove it, though.)
To elaborate on this: The P ≠ NP is one of the greatest unsolved mysteries in mathematics, and one of the 7 Millenium Prize problems posed by the Clay Mathematics Institute in 2000. You do get 1 M$ reward if you solve any one of the problems (one has been solved so far).
Roughly speaking, the question here is: "Do hard problems exist at all?"
Take a problem of computational mathematics such as sorting a long list of numbers in ascending order, or cracking SHA256, or doing the logistics for Amazon deliveries. For small problem sets (sorting 5 numbers, cracking a much shorter encryption, or doing logistics when Amazon had just opened) is pretty simple. But when the problem set becomes large, how much harder does it become?
So-called "P" problems can be solved in polynomial time. If the size of the problem is n (number of numbers to be sorted, length of encryption, number of Amazon deliveries today), it takes you na time units to solve it, where a is som number that you can figure out if you have the algorithm. Even if a is very big (1000) it's still "relatively" fast.
So-called "NP" problems cannot be solved in polynomial time. Run-time might be something like en (or anything else that isn't a polynomial in n), which grows enormously enormously quickly even for relatively small n. Very quickly you cannot solve it, and either have to give up (cracking SHA256) or rely on guesstimates in lieu of the optimal solution (logistics).
OK, but maybe we just haven't come up with a clever way of cracking SHA256. Maybe there really is a fast way of doing it that we don't know about? Likewise for all the other NP problems; maybe we just need to find P algorithms that we're too dumb to have found yet. It was only in 2002 that a P-time algorithm for determining if a number is prime or not was found, after all.
But maybe there truly are problems for which P-time algorithms is impossible.
And that is the P ≠ NP problem. Disprove, or prove, that "fast" algorithms exist for all problems. Are there truly hard problems in the world, or have we just not found the easy solutions?
The algorithm they developed was so advanced that it broke encryption through unknown means, and all the creators realized that it would lead to the downfall of society. Not only did they have to prevent the product from being released, but they had to make the product seem like a total failure so that no one would ever attempt it ever again.
It was also a metaphor for companies like Facebook that did the opposite and valued profits over society.
Any currency that isn't built entirely on scarce physical goods (cowrie shells, etc.) is going to be artificially scarce. That's not the real issue with crypto or FIFA funbucks.
Yeah, but the fact that it doesn't actually achieve it's stated goal is hilarious and separate from the fact that the stated goal is stupid.
One interesting bit about the P=NP question is the set of NP-complete problems, which iirc a polynomial time solution for any of them is a solution for all of them (as well as proof that P=NP, so good luck with that).
It also bears mention that the question is for classical algorithms. Shor's algorithm smashes the major encryption schemes to pieces but it doesnt count because its for quantum computing.
Any currency that isn't built entirely on scarce physical goods (cowrie shells, etc.) is going to be artificially scarce. That's not the real issue with crypto or FIFA funbucks.
In fact, it's better that they aren't backed by scarce physical goods! Fiat currencies are a /good/ thing. The real issue with cryptocurrency is that no one has any control over the supply of cryptocurrency.
There are a lot of real issues with cryptocurrency but that's not one. Whomever creates the coin gets to decide what the supply is like.
That is actually the issue. The creator can set parameters when it's created, but once the ball is rolling, you can't adjust how many coins exist and that is essential to a stable currency because the supply of currency is supposed to be reflective of how the economy is performing and economic performance is not a simple curve.
Any currency that isn't built entirely on scarce physical goods (cowrie shells, etc.) is going to be artificially scarce. That's not the real issue with crypto or FIFA funbucks.
In fact, it's better that they aren't backed by scarce physical goods! Fiat currencies are a /good/ thing. The real issue with cryptocurrency is that no one has any control over the supply of cryptocurrency.
There are a lot of real issues with cryptocurrency but that's not one. Whomever creates the coin gets to decide what the supply is like.
That is actually the issue. The creator can set parameters when it's created, but once the ball is rolling, you can't adjust how many coins exist and that is essential to a stable currency because the supply of currency is supposed to be reflective of how the economy is performing and economic performance is not a simple curve.
The value of a fiat currency is tied to the economic performance of the issuing state because it's the economic power of that state which guarantees the currency's value. The issuing state can manipulate the value of the currency by printing more or, I guess, taking it out of circulation but it's not like dollars vanish out of bank vaults and wallets when there's a recession.
Cryptocurrency not having an adjustable volume of currency is a feature, not a bug. It's the gold standard (or some other scarce resource) in digital form with pointless waste of energy in place of the effort and expense required to get more physically scarce materials.
It's a stupid feature but it's definitely on purpose. I guess you could call it a problem if you thought using crypto coins as a real currency was a good idea and wanted to make that happen.
P is the set of all decision problems that can be solved on a deterministic Turing machine in polynomial time.
NP is the set of all decision problems that can be verified in polynomial time. The latter statement is equivalent to saying that NP is the set of all decision problems that can be solved on a non-deterministic Turing machine in polynomial time.
NP-complete is the set of all problems that are NP AND complete, where "complete" means that there is exists a transformation between every problem in that class which in effect means a solution for one is a solution for all.
NP-intermediate is the set of problems that are in NP, but not NP-complete. This class only exists if P≠NP. This is where integer factoring is believed to live.
BQP (bounded-error quantum polynomial) is the set of problems that are solvable in polynomial time on a quantum computer with bounded error. Integer factoring is known to be in this class because of Shor's algorithm. BQP is believed to contain some but not all NP problems and some problems not in NP.
So, a couple of things. Shor's algorithm solves integer factorization but does not (as far as we know) help with any NP-complete problems. Shor's algorithm smashes only encryption schemes based on the integer factorization problem (i.e. RSA). Quantum computers in general, in the vast majority of cases, are no better than classical computers.
None of this has anything to do with breaking SHA-256. Finding collisions in SHA-256 is not known to be NP-complete or P or anything else. Hashes in general rely on the complexity of doing a whole lot of shit so that keeping track of what goes where becomes infeasible, but there's nothing known about the actual complexity of those algorithms. If we discovered P=NP tomorrow and had a constructive proof (one that let's us actually convert a NP problem to a P problem), we still wouldn't be able to crack SHA-256.
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Sigh. If there is a break in SHA-256, you switch to a different hash algorithm (probably SHA-3) and you're done. That's it. It's actually not a big deal at all. SHA-256 does not keep anything secure. It's a hash algorithm. It's used in signatures. Signatures are used to verify something, not secure something. And what SHA-256 verifies has a ridiculously short lifetime, like internet transactions.
Any currency that isn't built entirely on scarce physical goods (cowrie shells, etc.) is going to be artificially scarce. That's not the real issue with crypto or FIFA funbucks.
In fact, it's better that they aren't backed by scarce physical goods! Fiat currencies are a /good/ thing. The real issue with cryptocurrency is that no one has any control over the supply of cryptocurrency.
There are a lot of real issues with cryptocurrency but that's not one. Whomever creates the coin gets to decide what the supply is like.
That is actually the issue. The creator can set parameters when it's created, but once the ball is rolling, you can't adjust how many coins exist and that is essential to a stable currency because the supply of currency is supposed to be reflective of how the economy is performing and economic performance is not a simple curve.
The value of a fiat currency is tied to the economic performance of the issuing state because it's the economic power of that state which guarantees the currency's value. The issuing state can manipulate the value of the currency by printing more or, I guess, taking it out of circulation but it's not like dollars vanish out of bank vaults and wallets when there's a recession.
Cryptocurrency not having an adjustable volume of currency is a feature, not a bug. It's the gold standard (or some other scarce resource) in digital form with pointless waste of energy in place of the effort and expense required to get more physically scarce materials.
It's a stupid feature but it's definitely on purpose. I guess you could call it a problem if you thought using crypto coins as a real currency was a good idea and wanted to make that happen.
I mean, it's a feature in the sense that those idiots think that is a good thing, but anyone with half a brain knows that it isn't. The gold standard is a terrible idea and so is cryptocurrency.
The algorithm they developed was so advanced that it broke encryption through unknown means, and all the creators realized that it would lead to the downfall of society. Not only did they have to prevent the product from being released, but they had to make the product seem like a total failure so that no one would ever attempt it ever again.
It was also a metaphor for companies like Facebook that did the opposite and valued profits over society.
Also lol at BTC's claim at not being infinitely divisible. Congrats on reinventing bank notes worth a fraction of a Satoshi the moment it's economically useful.
One of the funny things about crypto is that literally anyone can be a billionaire on paper now. Create your own coin, mine a bunch for yourself, sell 1/1000000000th of what you own to yourself for $1, and now you have a market value of $1,000,000,000.
Something should make a website that offers exactly this service.
Also lol at BTC's claim at not being infinitely divisible. Congrats on reinventing bank notes worth a fraction of a Satoshi the moment it's economically useful.
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Sigh. If there is a break in SHA-256, you switch to a different hash algorithm (probably SHA-3) and you're done. That's it. It's actually not a big deal at all. SHA-256 does not keep anything secure. It's a hash algorithm. It's used in signatures. Signatures are used to verify something, not secure something. And what SHA-256 verifies has a ridiculously short lifetime, like internet transactions.
Not a cryptography thread so I kept it simple, but if there is a hard break of SHA2 it probably compromises a lot more algorithms.
If SHA2-256 is broke but nothing else somehow and is a minor compromise it breaks enough we can change to SHA2-512 and are magically hunky dory...good I guess?
But even in that the impact on crypto is barely worth mentioning compared to the impact on literally everything.
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Sigh. If there is a break in SHA-256, you switch to a different hash algorithm (probably SHA-3) and you're done. That's it. It's actually not a big deal at all. SHA-256 does not keep anything secure. It's a hash algorithm. It's used in signatures. Signatures are used to verify something, not secure something. And what SHA-256 verifies has a ridiculously short lifetime, like internet transactions.
Not a cryptography thread so I kept it simple, but if there is a hard break of SHA2 it probably compromises a lot more algorithms.
If SHA2-256 is broke but nothing else somehow and is a minor compromise it breaks enough we can change to SHA2-512 and are magically hunky dory...good I guess?
But even in that the impact on crypto is barely worth mentioning compared to the impact on literally everything.
It doesn't. Hashing functions are designed to be interchangeable. You plug in one, it hashes your string, you use the output. At worst, a break in SHA-256 would invalidate the entire SHA-2 family. But there is already a SHA-3. Or we could use BLAKE3. Or Grøstl. Or one of like a hundred other functions. You might wonder what SHA-1 was if we're using SHA-2 now. SHA-1 was the hashing algorithm we used until it had a break. And then we switched to using SHA-2.
But since all the extant cryptocurrencies depend on it and since you can't really change it once the ball is rolling, well, if it breaks, all the current cryptocurrencies become worthless. BTW, this /will/ happen eventually. I have no doubt of that. We've already broken preimage resistance for 52 of the 64 rounds of SHA-2 and collision resistance on 48 of the 64 rounds. A preimage attack would completely break the mining protocol and a collision attack would let you rewrite the history.
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Sigh. If there is a break in SHA-256, you switch to a different hash algorithm (probably SHA-3) and you're done. That's it. It's actually not a big deal at all. SHA-256 does not keep anything secure. It's a hash algorithm. It's used in signatures. Signatures are used to verify something, not secure something. And what SHA-256 verifies has a ridiculously short lifetime, like internet transactions.
Not a cryptography thread so I kept it simple, but if there is a hard break of SHA2 it probably compromises a lot more algorithms.
If SHA2-256 is broke but nothing else somehow and is a minor compromise it breaks enough we can change to SHA2-512 and are magically hunky dory...good I guess?
But even in that the impact on crypto is barely worth mentioning compared to the impact on literally everything.
It doesn't. Hashing functions are designed to be interchangeable. You plug in one, it hashes your string, you use the output. At worst, a break in SHA-256 would invalidate the entire SHA-2 family. But there is already a SHA-3. Or we could use BLAKE3. Or Grøstl. Or one of like a hundred other functions. You might wonder what SHA-1 was if we're using SHA-2 now. SHA-1 was the hashing algorithm we used until it had a break. And then we switched to using SHA-2.
But since all the extant cryptocurrencies depend on it and since you can't really change it once the ball is rolling, well, if it breaks, all the current cryptocurrencies become worthless. BTW, this /will/ happen eventually. I have no doubt of that. We've already broken preimage resistance for 52 of the 64 rounds of SHA-2 and collision resistance on 48 of the 64 rounds. A preimage attack would completely break the mining protocol and a collision attack would let you rewrite the history.
No it wouldn't. A preimage attack is looking for something that hashes to the same thing but that's not what crypto miners are doing. At best it might let you replace one block with another, but it likely wouldn't work at all for old blocks. There's also a problem in that you not only have to generate a valid preimage for a hash of a hash but given you only have like 40 bits of free entropy to choose from in the header most of your attack would also have to work with constructing a valid merkle tree to go along with it
A collision attack is meaningless. Not only would you have to generate a collision but you'd have to generate one that were both valid blocks with appropriately small hashes
And changing these algorithms can take a long time]. And until then basically all SSL/TLS is attackable while you do so. Zero people are ready for a sudden immediate break of SHA-2
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Sigh. If there is a break in SHA-256, you switch to a different hash algorithm (probably SHA-3) and you're done. That's it. It's actually not a big deal at all. SHA-256 does not keep anything secure. It's a hash algorithm. It's used in signatures. Signatures are used to verify something, not secure something. And what SHA-256 verifies has a ridiculously short lifetime, like internet transactions.
Not a cryptography thread so I kept it simple, but if there is a hard break of SHA2 it probably compromises a lot more algorithms.
If SHA2-256 is broke but nothing else somehow and is a minor compromise it breaks enough we can change to SHA2-512 and are magically hunky dory...good I guess?
But even in that the impact on crypto is barely worth mentioning compared to the impact on literally everything.
It doesn't. Hashing functions are designed to be interchangeable. You plug in one, it hashes your string, you use the output. At worst, a break in SHA-256 would invalidate the entire SHA-2 family. But there is already a SHA-3. Or we could use BLAKE3. Or Grøstl. Or one of like a hundred other functions. You might wonder what SHA-1 was if we're using SHA-2 now. SHA-1 was the hashing algorithm we used until it had a break. And then we switched to using SHA-2.
But since all the extant cryptocurrencies depend on it and since you can't really change it once the ball is rolling, well, if it breaks, all the current cryptocurrencies become worthless. BTW, this /will/ happen eventually. I have no doubt of that. We've already broken preimage resistance for 52 of the 64 rounds of SHA-2 and collision resistance on 48 of the 64 rounds. A preimage attack would completely break the mining protocol and a collision attack would let you rewrite the history.
No it wouldn't. A preimage attack is looking for something that hashes to the same thing but that's not what crypto miners are doing. At best it might let you replace one block with another, but it likely wouldn't work at all for old blocks. There's also a problem in that you not only have to generate a valid preimage for a hash of a hash but given you only have like 40 bits of free entropy to choose from in the header most of your attack would also have to work with constructing a valid merkle tree to go along with it
A collision attack is meaningless. Not only would you have to generate a collision but you'd have to generate one that were both valid blocks with appropriately small hashes
And changing these algorithms can take a long time]. And until then basically all SSL/TLS is attackable while you do so. Zero people are ready for a sudden immediate break of SHA-2
To be fair, few people are really ready for open season on everything using SHA2, but at the same times the wolves circle very fast.
And when you are guarding against one big breach vs. targeting everything all the time, the hackers have it easy on a compromised SHA2.
I still get 'want to install Flash' shit sometimes. Legacy vulnerabilities don't go away.
But if Bitcoin is broken just it takes six months to crack a rich wallet...knowing that means Bitcoin is broken. Its minor on the grand scheme, but if it crashes it crashes.
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Thankfully, most likely P ≠ NP.
($1,000,000 if you can prove it, though.)
To elaborate on this: The P ≠ NP is one of the greatest unsolved mysteries in mathematics, and one of the 7 Millenium Prize problems posed by the Clay Mathematics Institute in 2000. You do get 1 M$ reward if you solve any one of the problems (one has been solved so far).
Roughly speaking, the question here is: "Do hard problems exist at all?"
Take a problem of computational mathematics such as sorting a long list of numbers in ascending order, or cracking SHA256, or doing the logistics for Amazon deliveries. For small problem sets (sorting 5 numbers, cracking a much shorter encryption, or doing logistics when Amazon had just opened) is pretty simple. But when the problem set becomes large, how much harder does it become?
So-called "P" problems can be solved in polynomial time. If the size of the problem is n (number of numbers to be sorted, length of encryption, number of Amazon deliveries today), it takes you na time units to solve it, where a is som number that you can figure out if you have the algorithm. Even if a is very big (1000) it's still "relatively" fast.
So-called "NP" problems cannot be solved in polynomial time. Run-time might be something like en (or anything else that isn't a polynomial in n), which grows enormously enormously quickly even for relatively small n. Very quickly you cannot solve it, and either have to give up (cracking SHA256) or rely on guesstimates in lieu of the optimal solution (logistics).
OK, but maybe we just haven't come up with a clever way of cracking SHA256. Maybe there really is a fast way of doing it that we don't know about? Likewise for all the other NP problems; maybe we just need to find P algorithms that we're too dumb to have found yet. It was only in 2002 that a P-time algorithm for determining if a number is prime or not was found, after all.
But maybe there truly are problems for which P-time algorithms is impossible.
And that is the P ≠ NP problem. Disprove, or prove, that "fast" algorithms exist for all problems. Are there truly hard problems in the world, or have we just not found the easy solutions?
I thought it wasn't proven that SHA is NP complete. For a lot of famous problems whether or not they are NP complete is a proven mathematical fact so it is impossible to ever come up with a clever way to solve them. But SHA is not one of those so it's still up in the air.
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Sigh. If there is a break in SHA-256, you switch to a different hash algorithm (probably SHA-3) and you're done. That's it. It's actually not a big deal at all. SHA-256 does not keep anything secure. It's a hash algorithm. It's used in signatures. Signatures are used to verify something, not secure something. And what SHA-256 verifies has a ridiculously short lifetime, like internet transactions.
Not a cryptography thread so I kept it simple, but if there is a hard break of SHA2 it probably compromises a lot more algorithms.
If SHA2-256 is broke but nothing else somehow and is a minor compromise it breaks enough we can change to SHA2-512 and are magically hunky dory...good I guess?
But even in that the impact on crypto is barely worth mentioning compared to the impact on literally everything.
It doesn't. Hashing functions are designed to be interchangeable. You plug in one, it hashes your string, you use the output. At worst, a break in SHA-256 would invalidate the entire SHA-2 family. But there is already a SHA-3. Or we could use BLAKE3. Or Grøstl. Or one of like a hundred other functions. You might wonder what SHA-1 was if we're using SHA-2 now. SHA-1 was the hashing algorithm we used until it had a break. And then we switched to using SHA-2.
But since all the extant cryptocurrencies depend on it and since you can't really change it once the ball is rolling, well, if it breaks, all the current cryptocurrencies become worthless. BTW, this /will/ happen eventually. I have no doubt of that. We've already broken preimage resistance for 52 of the 64 rounds of SHA-2 and collision resistance on 48 of the 64 rounds. A preimage attack would completely break the mining protocol and a collision attack would let you rewrite the history.
No it wouldn't. A preimage attack is looking for something that hashes to the same thing but that's not what crypto miners are doing. At best it might let you replace one block with another, but it likely wouldn't work at all for old blocks. There's also a problem in that you not only have to generate a valid preimage for a hash of a hash but given you only have like 40 bits of free entropy to choose from in the header most of your attack would also have to work with constructing a valid merkle tree to go along with it
A collision attack is meaningless. Not only would you have to generate a collision but you'd have to generate one that were both valid blocks with appropriately small hashes
And changing these algorithms can take a long time]. And until then basically all SSL/TLS is attackable while you do so. Zero people are ready for a sudden immediate break of SHA-2
To be fair, few people are really ready for open season on everything using SHA2, but at the same times the wolves circle very fast.
And when you are guarding against one big breach vs. targeting everything all the time, the hackers have it easy on a compromised SHA2.
I still get 'want to install Flash' shit sometimes. Legacy vulnerabilities don't go away.
But if Bitcoin is broken just it takes six months to crack a rich wallet...knowing that means Bitcoin is broken. Its minor on the grand scheme, but if it crashes it crashes.
No even with a fast SHA-2 preimage attack you couldn't attack a wallet
A wallet consists of a private / public key pair. SHA2(SHA2(public key)) == wallet address.
In order to issue a transaction you need to provide the public key and a signature signed by the private key. You can check the signature with the public key and you can check the wallet address with hashing.
The preimage attack gives you a different public key string that hashes to the same address, but in order to actually generate a transaction you'd need to get the corresponding private key which is difficult as you'd also have to break ECC
So I guess if you have an as-yet unknown major break against SHA-2 and an as-yet unconstructible quantum computer you could do it. But presumably there are much juicer targets out there if you have those tools
The greatest threat of a fast preimage to bitcoin is that it makes it possible to publish two different blocks with the same hash. Which is an issue, but the way it works is you have SHA2(SHA2(fixed data, ~40bits free data, 256bits merkle tree root)). So in order to apply your attack in this way you then have to construct a transaction list that has the correct merkle tree hash - which is not strictly impossible but then you're basically calculating x such that SHA2(SHA2(SHA2(x))) == y and you'd need a very fast and strong preimage attack to go through that many layers in a reasonable time
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Thankfully, most likely P ≠ NP.
($1,000,000 if you can prove it, though.)
To elaborate on this: The P ≠ NP is one of the greatest unsolved mysteries in mathematics, and one of the 7 Millenium Prize problems posed by the Clay Mathematics Institute in 2000. You do get 1 M$ reward if you solve any one of the problems (one has been solved so far).
Roughly speaking, the question here is: "Do hard problems exist at all?"
Take a problem of computational mathematics such as sorting a long list of numbers in ascending order, or cracking SHA256, or doing the logistics for Amazon deliveries. For small problem sets (sorting 5 numbers, cracking a much shorter encryption, or doing logistics when Amazon had just opened) is pretty simple. But when the problem set becomes large, how much harder does it become?
So-called "P" problems can be solved in polynomial time. If the size of the problem is n (number of numbers to be sorted, length of encryption, number of Amazon deliveries today), it takes you na time units to solve it, where a is som number that you can figure out if you have the algorithm. Even if a is very big (1000) it's still "relatively" fast.
So-called "NP" problems cannot be solved in polynomial time. Run-time might be something like en (or anything else that isn't a polynomial in n), which grows enormously enormously quickly even for relatively small n. Very quickly you cannot solve it, and either have to give up (cracking SHA256) or rely on guesstimates in lieu of the optimal solution (logistics).
OK, but maybe we just haven't come up with a clever way of cracking SHA256. Maybe there really is a fast way of doing it that we don't know about? Likewise for all the other NP problems; maybe we just need to find P algorithms that we're too dumb to have found yet. It was only in 2002 that a P-time algorithm for determining if a number is prime or not was found, after all.
But maybe there truly are problems for which P-time algorithms is impossible.
And that is the P ≠ NP problem. Disprove, or prove, that "fast" algorithms exist for all problems. Are there truly hard problems in the world, or have we just not found the easy solutions?
I thought it wasn't proven that SHA is NP complete. For a lot of famous problems whether or not they are NP complete is a proven mathematical fact so it is impossible to ever come up with a clever way to solve them. But SHA is not one of those so it's still up in the air.
edit: Kakos beat me to it by a long way
Also reply to Kakos' post.
I was simplifying things a bit. And I freely admit I was mistaken about SHA256; I just assumed it was NP. I also (incorrectly, apparently) assumed cracking it would somehow be a blow to cryptography, a field I know next to nothing about.
My broader point still stands on the P vs NP problem, though, as does the rough and simplified outline. Importantly, we don't know if P = NP or P ≠ NP, and the most extreme ramifications of a (constructive) proof of P = NP would be enormously wide-reaching.
And my layman's one-sentence explanation "are there hard problems or not?" I feel captures the essence, but of course not the specifics, of the P vs NP problem.
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Sigh. If there is a break in SHA-256, you switch to a different hash algorithm (probably SHA-3) and you're done. That's it. It's actually not a big deal at all. SHA-256 does not keep anything secure. It's a hash algorithm. It's used in signatures. Signatures are used to verify something, not secure something. And what SHA-256 verifies has a ridiculously short lifetime, like internet transactions.
Not a cryptography thread so I kept it simple, but if there is a hard break of SHA2 it probably compromises a lot more algorithms.
If SHA2-256 is broke but nothing else somehow and is a minor compromise it breaks enough we can change to SHA2-512 and are magically hunky dory...good I guess?
But even in that the impact on crypto is barely worth mentioning compared to the impact on literally everything.
It doesn't. Hashing functions are designed to be interchangeable. You plug in one, it hashes your string, you use the output. At worst, a break in SHA-256 would invalidate the entire SHA-2 family. But there is already a SHA-3. Or we could use BLAKE3. Or Grøstl. Or one of like a hundred other functions. You might wonder what SHA-1 was if we're using SHA-2 now. SHA-1 was the hashing algorithm we used until it had a break. And then we switched to using SHA-2.
But since all the extant cryptocurrencies depend on it and since you can't really change it once the ball is rolling, well, if it breaks, all the current cryptocurrencies become worthless. BTW, this /will/ happen eventually. I have no doubt of that. We've already broken preimage resistance for 52 of the 64 rounds of SHA-2 and collision resistance on 48 of the 64 rounds. A preimage attack would completely break the mining protocol and a collision attack would let you rewrite the history.
No it wouldn't. A preimage attack is looking for something that hashes to the same thing but that's not what crypto miners are doing. At best it might let you replace one block with another, but it likely wouldn't work at all for old blocks. There's also a problem in that you not only have to generate a valid preimage for a hash of a hash but given you only have like 40 bits of free entropy to choose from in the header most of your attack would also have to work with constructing a valid merkle tree to go along with it
A collision attack is meaningless. Not only would you have to generate a collision but you'd have to generate one that were both valid blocks with appropriately small hashes
And changing these algorithms can take a long time]. And until then basically all SSL/TLS is attackable while you do so. Zero people are ready for a sudden immediate break of SHA-2
A preimage attack is the ability to find a value that hashes to a specific hash. A preimage attack breaks the mining part of the protocol because the proof of work is based on finding a value that hashes to a value less than the current target. If you can do a effective preimage attack, you basically always win the right to commit the next block which means you control the blockchain. It reduces the 50%+1 attack to needing just one computer.
I'm not sure what you're saying with regards to the collision attack. If you could generate a collision practically, you could definitely cause a lot of havoc. You go to a random block, look at the hash, generate a block that has that same hash, then start propagating that blockchain.
Two things. One, I can change the hashing algorithm used in TLS by changing one line in a config file. If there is notice of a break, competent admins will have that fixed in a day. Maybe two if their infrastructure is really janky. Two, such attacks are rarely so complete (namely they still take a little time) that they render TLS using that hash completely useless. The TLS hash only needs to be secure for the ticket timeout period (which defaults to 300 seconds). If you can't attack it within that period, it doesn't do you much good.
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Thankfully, most likely P ≠ NP.
($1,000,000 if you can prove it, though.)
To elaborate on this: The P ≠ NP is one of the greatest unsolved mysteries in mathematics, and one of the 7 Millenium Prize problems posed by the Clay Mathematics Institute in 2000. You do get 1 M$ reward if you solve any one of the problems (one has been solved so far).
Roughly speaking, the question here is: "Do hard problems exist at all?"
Take a problem of computational mathematics such as sorting a long list of numbers in ascending order, or cracking SHA256, or doing the logistics for Amazon deliveries. For small problem sets (sorting 5 numbers, cracking a much shorter encryption, or doing logistics when Amazon had just opened) is pretty simple. But when the problem set becomes large, how much harder does it become?
So-called "P" problems can be solved in polynomial time. If the size of the problem is n (number of numbers to be sorted, length of encryption, number of Amazon deliveries today), it takes you na time units to solve it, where a is som number that you can figure out if you have the algorithm. Even if a is very big (1000) it's still "relatively" fast.
So-called "NP" problems cannot be solved in polynomial time. Run-time might be something like en (or anything else that isn't a polynomial in n), which grows enormously enormously quickly even for relatively small n. Very quickly you cannot solve it, and either have to give up (cracking SHA256) or rely on guesstimates in lieu of the optimal solution (logistics).
OK, but maybe we just haven't come up with a clever way of cracking SHA256. Maybe there really is a fast way of doing it that we don't know about? Likewise for all the other NP problems; maybe we just need to find P algorithms that we're too dumb to have found yet. It was only in 2002 that a P-time algorithm for determining if a number is prime or not was found, after all.
But maybe there truly are problems for which P-time algorithms is impossible.
And that is the P ≠ NP problem. Disprove, or prove, that "fast" algorithms exist for all problems. Are there truly hard problems in the world, or have we just not found the easy solutions?
I thought it wasn't proven that SHA is NP complete. For a lot of famous problems whether or not they are NP complete is a proven mathematical fact so it is impossible to ever come up with a clever way to solve them. But SHA is not one of those so it's still up in the air.
edit: Kakos beat me to it by a long way
Also reply to Kakos' post.
I was simplifying things a bit. And I freely admit I was mistaken about SHA256; I just assumed it was NP. I also (incorrectly, apparently) assumed cracking it would somehow be a blow to cryptography, a field I know next to nothing about.
My broader point still stands on the P vs NP problem, though, as does the rough and simplified outline. Importantly, we don't know if P = NP or P ≠ NP, and the most extreme ramifications of a (constructive) proof of P = NP would be enormously wide-reaching.
And my layman's one-sentence explanation "are there hard problems or not?" I feel captures the essence, but of course not the specifics, of the P vs NP problem.
That is basically true. I will tell you that, while it is not proven that P≠NP, it is widely assumed that it is based on a lot evidence. If we treated math like science, it would be treated as sacrosanct. But math requires an absolute proof rather than n sigmas of certainty. So, until then, it's an "open" problem. If P=NP, I swear to you that I will dine only on my own feces until I die.
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Sigh. If there is a break in SHA-256, you switch to a different hash algorithm (probably SHA-3) and you're done. That's it. It's actually not a big deal at all. SHA-256 does not keep anything secure. It's a hash algorithm. It's used in signatures. Signatures are used to verify something, not secure something. And what SHA-256 verifies has a ridiculously short lifetime, like internet transactions.
Not a cryptography thread so I kept it simple, but if there is a hard break of SHA2 it probably compromises a lot more algorithms.
If SHA2-256 is broke but nothing else somehow and is a minor compromise it breaks enough we can change to SHA2-512 and are magically hunky dory...good I guess?
But even in that the impact on crypto is barely worth mentioning compared to the impact on literally everything.
It doesn't. Hashing functions are designed to be interchangeable. You plug in one, it hashes your string, you use the output. At worst, a break in SHA-256 would invalidate the entire SHA-2 family. But there is already a SHA-3. Or we could use BLAKE3. Or Grøstl. Or one of like a hundred other functions. You might wonder what SHA-1 was if we're using SHA-2 now. SHA-1 was the hashing algorithm we used until it had a break. And then we switched to using SHA-2.
But since all the extant cryptocurrencies depend on it and since you can't really change it once the ball is rolling, well, if it breaks, all the current cryptocurrencies become worthless. BTW, this /will/ happen eventually. I have no doubt of that. We've already broken preimage resistance for 52 of the 64 rounds of SHA-2 and collision resistance on 48 of the 64 rounds. A preimage attack would completely break the mining protocol and a collision attack would let you rewrite the history.
No it wouldn't. A preimage attack is looking for something that hashes to the same thing but that's not what crypto miners are doing. At best it might let you replace one block with another, but it likely wouldn't work at all for old blocks. There's also a problem in that you not only have to generate a valid preimage for a hash of a hash but given you only have like 40 bits of free entropy to choose from in the header most of your attack would also have to work with constructing a valid merkle tree to go along with it
A collision attack is meaningless. Not only would you have to generate a collision but you'd have to generate one that were both valid blocks with appropriately small hashes
And changing these algorithms can take a long time]. And until then basically all SSL/TLS is attackable while you do so. Zero people are ready for a sudden immediate break of SHA-2
A preimage attack is the ability to find a value that hashes to a specific hash. A preimage attack breaks the mining part of the protocol because the proof of work is based on finding a value that hashes to a value less than the current target. If you can do a effective preimage attack, you basically always win the right to commit the next block which means you control the blockchain. It reduces the 50%+1 attack to needing just one computer.
I'm not sure what you're saying with regards to the collision attack. If you could generate a collision practically, you could definitely cause a lot of havoc. You go to a random block, look at the hash, generate a block that has that same hash, then start propagating that blockchain.
Two things. One, I can change the hashing algorithm used in TLS by changing one line in a config file. If there is notice of a break, competent admins will have that fixed in a day. Maybe two if their infrastructure is really janky. Two, such attacks are rarely so complete (namely they still take a little time) that they render TLS using that hash completely useless. The TLS hash only needs to be secure for the ticket timeout period (which defaults to 300 seconds). If you can't attack it within that period, it doesn't do you much good.
Okay but you do need to be able to do your attack in ~10 minutes or so, which is absurdly quick. Even the hopelessly broken SHA-1 still needs something like 100 gpu-years to do it. The only good news for you is that you still have 10 minutes even as compute increases. And you still need to generate something that looks like a valid block which probably means multiple layers of preimage attacks
You can't just generate completely random data because these blocks are validated in other ways, nor can you just append data since you hash a fixed size block, this makes the attack more difficult
If you instead try to swap out an old block well people will notice and it's not like it's impossible to update the bitcoin software to reject attempts to change old blocks
And sure you can change a line in your server config but all of the certificate infrastructure must necessarily assumed to be compromised and reissued, and there is plenty of software out there that likely won't even support sha-3 without updates, especially embedded shit
And sure you can change a line in your server config but all of the certificate infrastructure must necessarily assumed to be compromised and reissued, and there is plenty of software out there that likely won't even support sha-3 without updates, especially embedded shit
More importantly, there are oceans of code out there using either SHA-2 directly via some library or relying on SSL/TLS via libraries. Not only does all that code need to be touched to change what hashing function it uses, the library they're using may not have support for switching to another function. Or it may have support but need to go through a security vetting process to be included in production code. And even in a best-case scenario where it's a one-line change to switch from SHA-2 to something else for a given piece of software, there's still the entire build, test, and release process to go through. Even expediting things as much as humanly possible in view of a severe security vulnerability, some software simply cannot go from code change to release in a day. And then every consumer of that software is going to have to go and update to a version with the vulnerability patched. Which, in the case of major enterprises and government entities, is sometimes deeply non-trivial even from a practical standpoint to say nothing of the red tape required to do an update. Sure, companies should stay up to date to avoid vulnerabilities but if you don't think there are companies out there with un-patched Windows 98 boxes on their network you don't work in network security.
And then there's all the code that people are still using which isn't being maintained by anyone so won't get an update to switch its hash algorithm and, quite possibly, the people using it won't know or understand that it needs to switch so will simply do nothing about it ever.
I think you also start running into, I need to download an update (which is basically signed using SHA256), from a site that is verified (using SHA256), which was internally validated (using SHA256) all along it's secure dev pipeline, because SHA256 is now badly broken and I need to switch to a new hashing algorithm.
which... is fun.
They moistly come out at night, moistly.
+3
Options
Zilla36021st Century. |She/Her|Trans* Woman In Aviators Firing A Bazooka. ⚛️Registered Userregular
Looks like Musk is going to continue to pump and dump, for as long as he feels that he can get away with it:
My greatest hope is that someone finds a major break in SHA-256. It would instantly destroy every single cryptocurrency. The tears would be delicious.
No, no, that is like being excited about the complete crash of modern civilization because it means Coachella got cancelled and rich people will be sad.
SHA256 being majorly broken breaks everything financial and medical or that should be secure. It would be a very bad thing for our modern world and its impact on crypto wouldn't be a footnote.
Thankfully, most likely P ≠ NP.
($1,000,000 if you can prove it, though.)
To elaborate on this: The P ≠ NP is one of the greatest unsolved mysteries in mathematics, and one of the 7 Millenium Prize problems posed by the Clay Mathematics Institute in 2000. You do get 1 M$ reward if you solve any one of the problems (one has been solved so far).
Roughly speaking, the question here is: "Do hard problems exist at all?"
Take a problem of computational mathematics such as sorting a long list of numbers in ascending order, or cracking SHA256, or doing the logistics for Amazon deliveries. For small problem sets (sorting 5 numbers, cracking a much shorter encryption, or doing logistics when Amazon had just opened) is pretty simple. But when the problem set becomes large, how much harder does it become?
So-called "P" problems can be solved in polynomial time. If the size of the problem is n (number of numbers to be sorted, length of encryption, number of Amazon deliveries today), it takes you na time units to solve it, where a is som number that you can figure out if you have the algorithm. Even if a is very big (1000) it's still "relatively" fast.
So-called "NP" problems cannot be solved in polynomial time. Run-time might be something like en (or anything else that isn't a polynomial in n), which grows enormously enormously quickly even for relatively small n. Very quickly you cannot solve it, and either have to give up (cracking SHA256) or rely on guesstimates in lieu of the optimal solution (logistics).
OK, but maybe we just haven't come up with a clever way of cracking SHA256. Maybe there really is a fast way of doing it that we don't know about? Likewise for all the other NP problems; maybe we just need to find P algorithms that we're too dumb to have found yet. It was only in 2002 that a P-time algorithm for determining if a number is prime or not was found, after all.
But maybe there truly are problems for which P-time algorithms is impossible.
And that is the P ≠ NP problem. Disprove, or prove, that "fast" algorithms exist for all problems. Are there truly hard problems in the world, or have we just not found the easy solutions?
I thought it wasn't proven that SHA is NP complete. For a lot of famous problems whether or not they are NP complete is a proven mathematical fact so it is impossible to ever come up with a clever way to solve them. But SHA is not one of those so it's still up in the air.
edit: Kakos beat me to it by a long way
Also reply to Kakos' post.
I was simplifying things a bit. And I freely admit I was mistaken about SHA256; I just assumed it was NP. I also (incorrectly, apparently) assumed cracking it would somehow be a blow to cryptography, a field I know next to nothing about.
My broader point still stands on the P vs NP problem, though, as does the rough and simplified outline. Importantly, we don't know if P = NP or P ≠ NP, and the most extreme ramifications of a (constructive) proof of P = NP would be enormously wide-reaching.
And my layman's one-sentence explanation "are there hard problems or not?" I feel captures the essence, but of course not the specifics, of the P vs NP problem.
That is basically true. I will tell you that, while it is not proven that P≠NP, it is widely assumed that it is based on a lot evidence. If we treated math like science, it would be treated as sacrosanct. But math requires an absolute proof rather than n sigmas of certainty. So, until then, it's an "open" problem. If P=NP, I swear to you that I will dine only on my own feces until I die.
Yeah the most famous unsolved math problem, the Riemann hypothesis, has been checked out to something like the first 12 trillion zeroes but that doesn't prove it. And in that case mathematicians think that if there are any zeroes off the critical line they must be absurdly big. Like 10^300 big.
And sure you can change a line in your server config but all of the certificate infrastructure must necessarily assumed to be compromised and reissued, and there is plenty of software out there that likely won't even support sha-3 without updates, especially embedded shit
More importantly, there are oceans of code out there using either SHA-2 directly via some library or relying on SSL/TLS via libraries. Not only does all that code need to be touched to change what hashing function it uses, the library they're using may not have support for switching to another function. Or it may have support but need to go through a security vetting process to be included in production code. And even in a best-case scenario where it's a one-line change to switch from SHA-2 to something else for a given piece of software, there's still the entire build, test, and release process to go through. Even expediting things as much as humanly possible in view of a severe security vulnerability, some software simply cannot go from code change to release in a day. And then every consumer of that software is going to have to go and update to a version with the vulnerability patched. Which, in the case of major enterprises and government entities, is sometimes deeply non-trivial even from a practical standpoint to say nothing of the red tape required to do an update. Sure, companies should stay up to date to avoid vulnerabilities but if you don't think there are companies out there with un-patched Windows 98 boxes on their network you don't work in network security.
And then there's all the code that people are still using which isn't being maintained by anyone so won't get an update to switch its hash algorithm and, quite possibly, the people using it won't know or understand that it needs to switch so will simply do nothing about it ever.
I think you are talking about two different things from kakos. You're talking about operations / IT / infrastructure: aka, my job. Yeah, if SHA256 got cracked, I would have a really shitty year. I'd be scrambling to upgrade systems and replace certificates. I'd be holding some difficult discussions with my CTO.
Kakos is being overly dismissive with "If there is notice of a break, competent admins will have that fixed in a day." haha lol no. We're lucky if we get it fixed in a year. There will be legacy systems running mission-critical workloads in healthcare, banking, and transportation relying on the deprecated algorithm for years after the exploits are seen in the wild.
But it wouldn't erase millions or billions of dollars in value overnight. It's a surmountable problem, though a mind-bogglingly enormous one. Whereas the effect of a SHA256 vuln would be to render the entire proof of work system that the BTC blockchain is based on completely moot. It would be existentially fatal to the wealth stored in BTC.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
And sure you can change a line in your server config but all of the certificate infrastructure must necessarily assumed to be compromised and reissued, and there is plenty of software out there that likely won't even support sha-3 without updates, especially embedded shit
More importantly, there are oceans of code out there using either SHA-2 directly via some library or relying on SSL/TLS via libraries. Not only does all that code need to be touched to change what hashing function it uses, the library they're using may not have support for switching to another function. Or it may have support but need to go through a security vetting process to be included in production code. And even in a best-case scenario where it's a one-line change to switch from SHA-2 to something else for a given piece of software, there's still the entire build, test, and release process to go through. Even expediting things as much as humanly possible in view of a severe security vulnerability, some software simply cannot go from code change to release in a day. And then every consumer of that software is going to have to go and update to a version with the vulnerability patched. Which, in the case of major enterprises and government entities, is sometimes deeply non-trivial even from a practical standpoint to say nothing of the red tape required to do an update. Sure, companies should stay up to date to avoid vulnerabilities but if you don't think there are companies out there with un-patched Windows 98 boxes on their network you don't work in network security.
And then there's all the code that people are still using which isn't being maintained by anyone so won't get an update to switch its hash algorithm and, quite possibly, the people using it won't know or understand that it needs to switch so will simply do nothing about it ever.
I think you are talking about two different things from kakos. You're talking about operations / IT / infrastructure: aka, my job. Yeah, if SHA256 got cracked, I would have a really shitty year. I'd be scrambling to upgrade systems and replace certificates. I'd be holding some difficult discussions with my CTO.
Kakos is being overly dismissive with "If there is notice of a break, competent admins will have that fixed in a day." haha lol no. We're lucky if we get it fixed in a year. There will be legacy systems running mission-critical workloads in healthcare, banking, and transportation relying on the deprecated algorithm for years after the exploits are seen in the wild.
But it wouldn't erase millions or billions of dollars in value overnight. It's a surmountable problem, though a mind-bogglingly enormous one. Whereas the effect of a SHA256 vuln would be to render the entire proof of work system that the BTC blockchain is based on completely moot. It would be existentially fatal to the wealth stored in BTC.
SHA256 getting broken is PROBABLY more akin to Y2K than anything else, though technically with a semi variable due date. (I'm thinking mostly in terms of the effort/importance). There are a lot of places that you might be willing to just take the risk of them running SHA256 for a year while you focus on bigger things, because they would still for instance, only be vulnerable to a MITM attack and that's highly unlikely for reason X, Y and maybe Z.
And sure you can change a line in your server config but all of the certificate infrastructure must necessarily assumed to be compromised and reissued, and there is plenty of software out there that likely won't even support sha-3 without updates, especially embedded shit
More importantly, there are oceans of code out there using either SHA-2 directly via some library or relying on SSL/TLS via libraries. Not only does all that code need to be touched to change what hashing function it uses, the library they're using may not have support for switching to another function. Or it may have support but need to go through a security vetting process to be included in production code. And even in a best-case scenario where it's a one-line change to switch from SHA-2 to something else for a given piece of software, there's still the entire build, test, and release process to go through. Even expediting things as much as humanly possible in view of a severe security vulnerability, some software simply cannot go from code change to release in a day. And then every consumer of that software is going to have to go and update to a version with the vulnerability patched. Which, in the case of major enterprises and government entities, is sometimes deeply non-trivial even from a practical standpoint to say nothing of the red tape required to do an update. Sure, companies should stay up to date to avoid vulnerabilities but if you don't think there are companies out there with un-patched Windows 98 boxes on their network you don't work in network security.
And then there's all the code that people are still using which isn't being maintained by anyone so won't get an update to switch its hash algorithm and, quite possibly, the people using it won't know or understand that it needs to switch so will simply do nothing about it ever.
I think you are talking about two different things from kakos. You're talking about operations / IT / infrastructure: aka, my job. Yeah, if SHA256 got cracked, I would have a really shitty year. I'd be scrambling to upgrade systems and replace certificates. I'd be holding some difficult discussions with my CTO.
Kakos is being overly dismissive with "If there is notice of a break, competent admins will have that fixed in a day." haha lol no. We're lucky if we get it fixed in a year. There will be legacy systems running mission-critical workloads in healthcare, banking, and transportation relying on the deprecated algorithm for years after the exploits are seen in the wild.
But it wouldn't erase millions or billions of dollars in value overnight. It's a surmountable problem, though a mind-bogglingly enormous one. Whereas the effect of a SHA256 vuln would be to render the entire proof of work system that the BTC blockchain is based on completely moot. It would be existentially fatal to the wealth stored in BTC.
SHA256 getting broken is PROBABLY more akin to Y2K than anything else, though technically with a semi variable due date. (I'm thinking mostly in terms of the effort/importance). There are a lot of places that you might be willing to just take the risk of them running SHA256 for a year while you focus on bigger things, because they would still for instance, only be vulnerable to a MITM attack and that's highly unlikely for reason X, Y and maybe Z.
Definitely. I don't want to get too far into the weeds on the IT tangent, but among the things we have to worry about (at least in a reasonably cybersec-oriented organization) is an internal threat. Obviously we'd get public-facing systems like our websites and our email servers patched right away. But I still have to think about the possibility of somebody gaining TCP/IP-level access on our network and trying to harvest credentials (say, Active Directory), or somebody who has basic user credentials and trying to elevate privilege to domain admin.
So now we get into shit like printers and copiers. That Xerox copier that everybody hates? It doesn't support anything better than SHA256. There's no patch for it. It has AD credentials stored in its config so it can save scanned documents to a file share or so it can authenticate against an internal SMTP server. And that's just one small example. Maybe we have a point-to-point VPN tunnel to a vendor that's used to transmit sensitive data over an HTTPS/TLS channel to a webserver running an API. I'm not worried about the tunnel; but that HTTPS server need to negotiate TLS with a server at the other vendor, and if the other vendor only recognizes SHA256-based certs or only accepts a short list of deprecated cipher suites, then we have to clench our sphincters and accept it. And this shit happens all the time. We're lucky if the vendor can even communicate which algorithms or cipher suites they support. More often they just tell us "your vpn is down" or some other smoothbrain shit like that, where the real problem is that they only support three cipher suites all of which were deprecated in 2013 so HTTPS connections are failing.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
Posts
There wouldn't be artificial scarcity though would it? The amount of FIFA coins an individual can earn playing the game is theoretically limitless and the farmer here is just selling coins (or likely the accounts) for cash.
This is more like WoW goldfarming.
The gold in WoW is as limitless as the points in FIFA.
Edit: The artificial scarcity for both is limiting how they can be obtained, usually costing time, and artificial scarcity for what they can get a player, in game items.
Plus, the FIFA currency (or at least the products it can buy) can be purchased with real dollars by anyone for a rate that does not fluctuate. Taking that into account, I don't see how you can say there is any scarcity real or artificial.
19 million of the 21 million total has already been mined.
So if we're ever to switch the world economy to Bitcoin we'll need to buy most of the bitcoins from current owners.
This is the theory behind "hlod", Eventually they'll have to buy it from you, and in that Future, you can sit like an Harkonnen Duke on your hover-chair, and demand they DANCE, DANCE! also, more sex and drugs!
That's why the scarcity is artificial.
In fact, it's better that they aren't backed by scarce physical goods! Fiat currencies are a /good/ thing. The real issue with cryptocurrency is that no one has any control over the supply of cryptocurrency.
There are a lot of real issues with cryptocurrency but that's not one. Whomever creates the coin gets to decide what the supply is like.
To elaborate on this: The P ≠ NP is one of the greatest unsolved mysteries in mathematics, and one of the 7 Millenium Prize problems posed by the Clay Mathematics Institute in 2000. You do get 1 M$ reward if you solve any one of the problems (one has been solved so far).
Roughly speaking, the question here is: "Do hard problems exist at all?"
Take a problem of computational mathematics such as sorting a long list of numbers in ascending order, or cracking SHA256, or doing the logistics for Amazon deliveries. For small problem sets (sorting 5 numbers, cracking a much shorter encryption, or doing logistics when Amazon had just opened) is pretty simple. But when the problem set becomes large, how much harder does it become?
So-called "P" problems can be solved in polynomial time. If the size of the problem is n (number of numbers to be sorted, length of encryption, number of Amazon deliveries today), it takes you na time units to solve it, where a is som number that you can figure out if you have the algorithm. Even if a is very big (1000) it's still "relatively" fast.
So-called "NP" problems cannot be solved in polynomial time. Run-time might be something like en (or anything else that isn't a polynomial in n), which grows enormously enormously quickly even for relatively small n. Very quickly you cannot solve it, and either have to give up (cracking SHA256) or rely on guesstimates in lieu of the optimal solution (logistics).
OK, but maybe we just haven't come up with a clever way of cracking SHA256. Maybe there really is a fast way of doing it that we don't know about? Likewise for all the other NP problems; maybe we just need to find P algorithms that we're too dumb to have found yet. It was only in 2002 that a P-time algorithm for determining if a number is prime or not was found, after all.
But maybe there truly are problems for which P-time algorithms is impossible.
And that is the P ≠ NP problem. Disprove, or prove, that "fast" algorithms exist for all problems. Are there truly hard problems in the world, or have we just not found the easy solutions?
It was also a metaphor for companies like Facebook that did the opposite and valued profits over society.
Yeah, but the fact that it doesn't actually achieve it's stated goal is hilarious and separate from the fact that the stated goal is stupid.
It also bears mention that the question is for classical algorithms. Shor's algorithm smashes the major encryption schemes to pieces but it doesnt count because its for quantum computing.
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
That is actually the issue. The creator can set parameters when it's created, but once the ball is rolling, you can't adjust how many coins exist and that is essential to a stable currency because the supply of currency is supposed to be reflective of how the economy is performing and economic performance is not a simple curve.
The value of a fiat currency is tied to the economic performance of the issuing state because it's the economic power of that state which guarantees the currency's value. The issuing state can manipulate the value of the currency by printing more or, I guess, taking it out of circulation but it's not like dollars vanish out of bank vaults and wallets when there's a recession.
Cryptocurrency not having an adjustable volume of currency is a feature, not a bug. It's the gold standard (or some other scarce resource) in digital form with pointless waste of energy in place of the effort and expense required to get more physically scarce materials.
It's a stupid feature but it's definitely on purpose. I guess you could call it a problem if you thought using crypto coins as a real currency was a good idea and wanted to make that happen.
So, a couple of things. Shor's algorithm solves integer factorization but does not (as far as we know) help with any NP-complete problems. Shor's algorithm smashes only encryption schemes based on the integer factorization problem (i.e. RSA). Quantum computers in general, in the vast majority of cases, are no better than classical computers.
None of this has anything to do with breaking SHA-256. Finding collisions in SHA-256 is not known to be NP-complete or P or anything else. Hashes in general rely on the complexity of doing a whole lot of shit so that keeping track of what goes where becomes infeasible, but there's nothing known about the actual complexity of those algorithms. If we discovered P=NP tomorrow and had a constructive proof (one that let's us actually convert a NP problem to a P problem), we still wouldn't be able to crack SHA-256.
Sigh. If there is a break in SHA-256, you switch to a different hash algorithm (probably SHA-3) and you're done. That's it. It's actually not a big deal at all. SHA-256 does not keep anything secure. It's a hash algorithm. It's used in signatures. Signatures are used to verify something, not secure something. And what SHA-256 verifies has a ridiculously short lifetime, like internet transactions.
I mean, it's a feature in the sense that those idiots think that is a good thing, but anyone with half a brain knows that it isn't. The gold standard is a terrible idea and so is cryptocurrency.
Also Sneakers.
"Anybody want to crash a couple of passenger jets?"
Something should make a website that offers exactly this service.
What's this in reference to?
Not a cryptography thread so I kept it simple, but if there is a hard break of SHA2 it probably compromises a lot more algorithms.
If SHA2-256 is broke but nothing else somehow and is a minor compromise it breaks enough we can change to SHA2-512 and are magically hunky dory...good I guess?
But even in that the impact on crypto is barely worth mentioning compared to the impact on literally everything.
It doesn't. Hashing functions are designed to be interchangeable. You plug in one, it hashes your string, you use the output. At worst, a break in SHA-256 would invalidate the entire SHA-2 family. But there is already a SHA-3. Or we could use BLAKE3. Or Grøstl. Or one of like a hundred other functions. You might wonder what SHA-1 was if we're using SHA-2 now. SHA-1 was the hashing algorithm we used until it had a break. And then we switched to using SHA-2.
But since all the extant cryptocurrencies depend on it and since you can't really change it once the ball is rolling, well, if it breaks, all the current cryptocurrencies become worthless. BTW, this /will/ happen eventually. I have no doubt of that. We've already broken preimage resistance for 52 of the 64 rounds of SHA-2 and collision resistance on 48 of the 64 rounds. A preimage attack would completely break the mining protocol and a collision attack would let you rewrite the history.
No it wouldn't. A preimage attack is looking for something that hashes to the same thing but that's not what crypto miners are doing. At best it might let you replace one block with another, but it likely wouldn't work at all for old blocks. There's also a problem in that you not only have to generate a valid preimage for a hash of a hash but given you only have like 40 bits of free entropy to choose from in the header most of your attack would also have to work with constructing a valid merkle tree to go along with it
A collision attack is meaningless. Not only would you have to generate a collision but you'd have to generate one that were both valid blocks with appropriately small hashes
And changing these algorithms can take a long time]. And until then basically all SSL/TLS is attackable while you do so. Zero people are ready for a sudden immediate break of SHA-2
To be fair, few people are really ready for open season on everything using SHA2, but at the same times the wolves circle very fast.
And when you are guarding against one big breach vs. targeting everything all the time, the hackers have it easy on a compromised SHA2.
I still get 'want to install Flash' shit sometimes. Legacy vulnerabilities don't go away.
But if Bitcoin is broken just it takes six months to crack a rich wallet...knowing that means Bitcoin is broken. Its minor on the grand scheme, but if it crashes it crashes.
I thought it wasn't proven that SHA is NP complete. For a lot of famous problems whether or not they are NP complete is a proven mathematical fact so it is impossible to ever come up with a clever way to solve them. But SHA is not one of those so it's still up in the air.
edit: Kakos beat me to it by a long way
No even with a fast SHA-2 preimage attack you couldn't attack a wallet
A wallet consists of a private / public key pair. SHA2(SHA2(public key)) == wallet address.
In order to issue a transaction you need to provide the public key and a signature signed by the private key. You can check the signature with the public key and you can check the wallet address with hashing.
The preimage attack gives you a different public key string that hashes to the same address, but in order to actually generate a transaction you'd need to get the corresponding private key which is difficult as you'd also have to break ECC
So I guess if you have an as-yet unknown major break against SHA-2 and an as-yet unconstructible quantum computer you could do it. But presumably there are much juicer targets out there if you have those tools
The greatest threat of a fast preimage to bitcoin is that it makes it possible to publish two different blocks with the same hash. Which is an issue, but the way it works is you have SHA2(SHA2(fixed data, ~40bits free data, 256bits merkle tree root)). So in order to apply your attack in this way you then have to construct a transaction list that has the correct merkle tree hash - which is not strictly impossible but then you're basically calculating x such that SHA2(SHA2(SHA2(x))) == y and you'd need a very fast and strong preimage attack to go through that many layers in a reasonable time
Also reply to Kakos' post.
I was simplifying things a bit. And I freely admit I was mistaken about SHA256; I just assumed it was NP. I also (incorrectly, apparently) assumed cracking it would somehow be a blow to cryptography, a field I know next to nothing about.
My broader point still stands on the P vs NP problem, though, as does the rough and simplified outline. Importantly, we don't know if P = NP or P ≠ NP, and the most extreme ramifications of a (constructive) proof of P = NP would be enormously wide-reaching.
And my layman's one-sentence explanation "are there hard problems or not?" I feel captures the essence, but of course not the specifics, of the P vs NP problem.
A preimage attack is the ability to find a value that hashes to a specific hash. A preimage attack breaks the mining part of the protocol because the proof of work is based on finding a value that hashes to a value less than the current target. If you can do a effective preimage attack, you basically always win the right to commit the next block which means you control the blockchain. It reduces the 50%+1 attack to needing just one computer.
I'm not sure what you're saying with regards to the collision attack. If you could generate a collision practically, you could definitely cause a lot of havoc. You go to a random block, look at the hash, generate a block that has that same hash, then start propagating that blockchain.
Two things. One, I can change the hashing algorithm used in TLS by changing one line in a config file. If there is notice of a break, competent admins will have that fixed in a day. Maybe two if their infrastructure is really janky. Two, such attacks are rarely so complete (namely they still take a little time) that they render TLS using that hash completely useless. The TLS hash only needs to be secure for the ticket timeout period (which defaults to 300 seconds). If you can't attack it within that period, it doesn't do you much good.
That is basically true. I will tell you that, while it is not proven that P≠NP, it is widely assumed that it is based on a lot evidence. If we treated math like science, it would be treated as sacrosanct. But math requires an absolute proof rather than n sigmas of certainty. So, until then, it's an "open" problem. If P=NP, I swear to you that I will dine only on my own feces until I die.
Okay but you do need to be able to do your attack in ~10 minutes or so, which is absurdly quick. Even the hopelessly broken SHA-1 still needs something like 100 gpu-years to do it. The only good news for you is that you still have 10 minutes even as compute increases. And you still need to generate something that looks like a valid block which probably means multiple layers of preimage attacks
You can't just generate completely random data because these blocks are validated in other ways, nor can you just append data since you hash a fixed size block, this makes the attack more difficult
If you instead try to swap out an old block well people will notice and it's not like it's impossible to update the bitcoin software to reject attempts to change old blocks
And sure you can change a line in your server config but all of the certificate infrastructure must necessarily assumed to be compromised and reissued, and there is plenty of software out there that likely won't even support sha-3 without updates, especially embedded shit
More importantly, there are oceans of code out there using either SHA-2 directly via some library or relying on SSL/TLS via libraries. Not only does all that code need to be touched to change what hashing function it uses, the library they're using may not have support for switching to another function. Or it may have support but need to go through a security vetting process to be included in production code. And even in a best-case scenario where it's a one-line change to switch from SHA-2 to something else for a given piece of software, there's still the entire build, test, and release process to go through. Even expediting things as much as humanly possible in view of a severe security vulnerability, some software simply cannot go from code change to release in a day. And then every consumer of that software is going to have to go and update to a version with the vulnerability patched. Which, in the case of major enterprises and government entities, is sometimes deeply non-trivial even from a practical standpoint to say nothing of the red tape required to do an update. Sure, companies should stay up to date to avoid vulnerabilities but if you don't think there are companies out there with un-patched Windows 98 boxes on their network you don't work in network security.
And then there's all the code that people are still using which isn't being maintained by anyone so won't get an update to switch its hash algorithm and, quite possibly, the people using it won't know or understand that it needs to switch so will simply do nothing about it ever.
which... is fun.
Yeah the most famous unsolved math problem, the Riemann hypothesis, has been checked out to something like the first 12 trillion zeroes but that doesn't prove it. And in that case mathematicians think that if there are any zeroes off the critical line they must be absurdly big. Like 10^300 big.
I think you are talking about two different things from kakos. You're talking about operations / IT / infrastructure: aka, my job. Yeah, if SHA256 got cracked, I would have a really shitty year. I'd be scrambling to upgrade systems and replace certificates. I'd be holding some difficult discussions with my CTO.
Kakos is being overly dismissive with "If there is notice of a break, competent admins will have that fixed in a day." haha lol no. We're lucky if we get it fixed in a year. There will be legacy systems running mission-critical workloads in healthcare, banking, and transportation relying on the deprecated algorithm for years after the exploits are seen in the wild.
But it wouldn't erase millions or billions of dollars in value overnight. It's a surmountable problem, though a mind-bogglingly enormous one. Whereas the effect of a SHA256 vuln would be to render the entire proof of work system that the BTC blockchain is based on completely moot. It would be existentially fatal to the wealth stored in BTC.
the "no true scotch man" fallacy.
SHA256 getting broken is PROBABLY more akin to Y2K than anything else, though technically with a semi variable due date. (I'm thinking mostly in terms of the effort/importance). There are a lot of places that you might be willing to just take the risk of them running SHA256 for a year while you focus on bigger things, because they would still for instance, only be vulnerable to a MITM attack and that's highly unlikely for reason X, Y and maybe Z.
Definitely. I don't want to get too far into the weeds on the IT tangent, but among the things we have to worry about (at least in a reasonably cybersec-oriented organization) is an internal threat. Obviously we'd get public-facing systems like our websites and our email servers patched right away. But I still have to think about the possibility of somebody gaining TCP/IP-level access on our network and trying to harvest credentials (say, Active Directory), or somebody who has basic user credentials and trying to elevate privilege to domain admin.
So now we get into shit like printers and copiers. That Xerox copier that everybody hates? It doesn't support anything better than SHA256. There's no patch for it. It has AD credentials stored in its config so it can save scanned documents to a file share or so it can authenticate against an internal SMTP server. And that's just one small example. Maybe we have a point-to-point VPN tunnel to a vendor that's used to transmit sensitive data over an HTTPS/TLS channel to a webserver running an API. I'm not worried about the tunnel; but that HTTPS server need to negotiate TLS with a server at the other vendor, and if the other vendor only recognizes SHA256-based certs or only accepts a short list of deprecated cipher suites, then we have to clench our sphincters and accept it. And this shit happens all the time. We're lucky if the vendor can even communicate which algorithms or cipher suites they support. More often they just tell us "your vpn is down" or some other smoothbrain shit like that, where the real problem is that they only support three cipher suites all of which were deprecated in 2013 so HTTPS connections are failing.
the "no true scotch man" fallacy.
If you could sell a stock, and then tank its value, and then buy it again cheaper, and then endorse it, wouldn't you? Repeatedly?