SHA-256 compromised?
cgracey
Posts: 14,206
This Finnish guy explains how our encryption/hash standards are probably not secure, due to gov't infiltration of encryption standardization groups. SHA-256 is published by NIST (National Institute of Standards and Technology):
http://www.youtube.com/watch?feature=player_embedded&v=9CqVYUOjHLw#t=334
(starts at 5:38)
For the Prop2, we are currently using SHA256 for loader signing. Does anyone know if there is a more-likely secure hash algorithm we could use, instead?
http://www.youtube.com/watch?feature=player_embedded&v=9CqVYUOjHLw#t=334
(starts at 5:38)
For the Prop2, we are currently using SHA256 for loader signing. Does anyone know if there is a more-likely secure hash algorithm we could use, instead?
Comments
In my mind, the real question is the compromise an issue? I don't know what resources are required to make use of it and whether or not it is known outside of the NSA. Past that, will the P2 be a viable target? I'm not inclined to say no easily, but the answer could be no.
Bruce Schneier has a pretty good article on this: https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html.
The "rebuild" of SHA is just a normal competition to replace SHA-2 with SHA-3 (just as SHA-1 was replaced by SHA-2) in response to the theoretical (not yet practical) weaknesses that have been uncovered. Or do you know anything else about this?
There are plenty of other hash algorithms, but the algorithm is probably the most secure part of the system.
Thanks for article link. I'm getting the picture that SHA-256 is probably not something to worry about. And yes, Prop2 is probably not much of a target for anyone. I'd just like to know that we made the most prudent decision about the hash algorithm. I think we have.
The protection scheme anyone commercial requires is to be secure from theft. The NSA is not interested in stealing anyones P2 code unless it is being used in an unlawful manner. Then they would likely scan with an electron microscope or whatever to work out the fuses - it would be quicker and cheaper. Nothing is ever going to be totally secure these days. It is the deterent and the cost of stealing that commercial users will be thinking of.
The P2 couldn't process SHA-512 efficiently IMHO, because it is geared towards 64 bit operands.
Encryption algorithms are considered "broken" when they lose a full MSB of efficacy, AES-128 is still above 127 bits now.
The algorithms chosen for the P2 were "20 year" algorithms, it is reasonable to expect they will be broken 20 years from now, but that doesn't stop Parallax from doing another silicon spin in 20 years time.