Sep 16, 2019
Was SHA-256 cracked? Don’t buy into retraction!
Posted by Philip Raymond in categories: bitcoin, cryptocurrencies, encryption, government, hacking, internet, mathematics, military, privacy, security, software
SHA-256 is a one way hashing algorithm. Cracking it would have tectonic implications for consumers, business and all aspects of government including the military.
It’s not the purpose of this post to explain encryption, AES or SHA-256, but here is a brief description of SHA-256. Normally, I place reference links in-line or at the end of a post. But let’s get this out of the way up front:
- Sept 11: Original disclosure
- Sept 11: Community skepticism
- Sept 12: Claim retracted: [announcement] [press]
One day after Treadwell Stanton DuPont claimed that a secret project cracked SHA-256 more than one year ago, they back-tracked. Rescinding the original claim, they announced that an equipment flaw caused them to incorrectly conclude that they had algorithmically cracked SHA-256.
“All sectors can still sleep quietly tonight,” said CEO Mike Wallace. “Preliminary results in this cryptanalytic research led us to believe we were successful, but this flaw finally proved otherwise.”
Continue reading “Was SHA-256 cracked? Don’t buy into retraction!” »
In the case of Syed Rizwan Farook’s iPhone, the FBI doesn’t know if the shooter used a long and sufficiently unobvious password. They plan to try a rapid-fire dictionary attack and other predictive algorithms to deduce the password. But the content of the iPhone is protected by a closely coupled hardware feature that will disable the phone and even erase memory, if it detects multiple attempts with the wrong password. The FBI wants Apple to help them defeat this hardware sentry, so that they can launch a brute force hack—trying thousands of passwords each second. Without Apple’s help, the crack detection hardware could automatically erase incriminating evidence, leaving investigators in the dark.
