Shop OBEX P1 Docs P2 Docs Learn Events
SHA-256 compromised? — Parallax Forums

SHA-256 compromised?

cgraceycgracey Posts: 14,206
edited 2013-11-26 16:00 in Propeller 2
This Finnish guy explains how our encryption/hash standards are probably not secure, due to gov't infiltration of encryption standardization groups. SHA-256 is published by NIST (National Institute of Standards and Technology):

http://www.youtube.com/watch?feature=player_embedded&v=9CqVYUOjHLw#t=334

(starts at 5:38)

For the Prop2, we are currently using SHA256 for loader signing. Does anyone know if there is a more-likely secure hash algorithm we could use, instead?

Comments

  • potatoheadpotatohead Posts: 10,261
    edited 2013-11-26 08:46
    All I know is SHA is being rebuilt sans this problem. Doing that will take a while. Lots of well meaning people out there right now asking this same question.

    In my mind, the real question is the compromise an issue? I don't know what resources are required to make use of it and whether or not it is known outside of the NSA. Past that, will the P2 be a viable target? I'm not inclined to say no easily, but the answer could be no.
  • ersmithersmith Posts: 6,068
    edited 2013-11-26 09:30
    AFAIK the possbily compromised encryption algorithms are elliptic curve (ECC) public/private key algorithms. SHA-256 has been examined by a lot of academics over the years, and no practical attacks against it are known at present (there are some theoretical weaknesses but they are of the "instead of 1 billion years to crack it will take only 500 million years" sort). I don't think the NSA would have motivation to compromise SHA-256, since it's not an encryption algorithm but rather is primarily used for authentication -- reliable authentication of messages is actually in the spooks' interest. They want to know who sent the message too!

    Bruce Schneier has a pretty good article on this: https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html.

    The "rebuild" of SHA is just a normal competition to replace SHA-2 with SHA-3 (just as SHA-1 was replaced by SHA-2) in response to the theoretical (not yet practical) weaknesses that have been uncovered. Or do you know anything else about this?

    There are plenty of other hash algorithms, but the algorithm is probably the most secure part of the system.
  • potatoheadpotatohead Posts: 10,261
    edited 2013-11-26 09:38
    No, I'm thinking I have the two confused, lumping SHA in where it didn't need to be. When I get back to my home machine, I will go back and check the material I had bookmarked.
  • cgraceycgracey Posts: 14,206
    edited 2013-11-26 11:49
    ersmith wrote: »
    AFAIK the possbily compromised encryption algorithms are elliptic curve (ECC) public/private key algorithms. SHA-256 has been examined by a lot of academics over the years, and no practical attacks against it are known at present (there are some theoretical weaknesses but they are of the "instead of 1 billion years to crack it will take only 500 million years" sort). I don't think the NSA would have motivation to compromise SHA-256, since it's not an encryption algorithm but rather is primarily used for authentication -- reliable authentication of messages is actually in the spooks' interest. They want to know who sent the message too!

    Bruce Schneier has a pretty good article on this: https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html.

    The "rebuild" of SHA is just a normal competition to replace SHA-2 with SHA-3 (just as SHA-1 was replaced by SHA-2) in response to the theoretical (not yet practical) weaknesses that have been uncovered. Or do you know anything else about this?

    There are plenty of other hash algorithms, but the algorithm is probably the most secure part of the system.

    Thanks for article link. I'm getting the picture that SHA-256 is probably not something to worry about. And yes, Prop2 is probably not much of a target for anyone. I'd just like to know that we made the most prudent decision about the hash algorithm. I think we have.
  • Cluso99Cluso99 Posts: 18,069
    edited 2013-11-26 13:47
    Agreed. SHA-256 sounds fine to me.

    The protection scheme anyone commercial requires is to be secure from theft. The NSA is not interested in stealing anyones P2 code unless it is being used in an unlawful manner. Then they would likely scan with an electron microscope or whatever to work out the fuses - it would be quicker and cheaper. Nothing is ever going to be totally secure these days. It is the deterent and the cost of stealing that commercial users will be thinking of.
  • pedwardpedward Posts: 1,642
    edited 2013-11-26 16:00
    Before recommending SHA-256, I already presumed that the three letter agencies had compromised some algorithms. The DES standard for certain is owned by the NSA, for a long time. SHA-256 has been evaluated by many academics and while the "effective" bits is reduced slightly with each breakthrough, it is "good enough" for now.

    The P2 couldn't process SHA-512 efficiently IMHO, because it is geared towards 64 bit operands.

    Encryption algorithms are considered "broken" when they lose a full MSB of efficacy, AES-128 is still above 127 bits now.

    The algorithms chosen for the P2 were "20 year" algorithms, it is reasonable to expect they will be broken 20 years from now, but that doesn't stop Parallax from doing another silicon spin in 20 years time.
Sign In or Register to comment.