Double SHA-256 still relies on the underlying properties of SHA-256...

With 3DES and the like, it is more than just DES three times. With bitcoin, it is just SHA-256 twice. It's quite good but the argument could be made having an alternate middle hash function would be "more" secure.

Regardless, if SHA-256 has serious issues bitcoin is the least of the problems 

Care to prove?



Care to prove?



Doubtful, sorry.

fpgaminer proved it; you are just bad at math (basing this partially on your previous thread). If you are of Middle-school age, the math may be just a little advanced for you.

I mentioned 3DES because it is an example of a weak algorithm being strengthened by repeated application.

Running SHA-256 twice buys us some time if 'single' SHA-256 is found to be broken.

If you want to confirm that Bitcoin simply runs the standard SHA-256 twice, you have only to check the source-code.

Hehe. U r close to compare me with Hitler.



If u r not a schoolboy u should use mathematical notation instead of vague words. Try again.



Ta, I know that.

Many of you seem to be lost in translation.


SHA-256 HAS BACKDOORS.

LIKE WINDOWS OS HAS BACKDOORS. That means NSA works with Windows to plant backdoors to access any system. NSA purposely weakens software and plants backdoors in it, SHA-256 is no exception.

Uh, no.

The wikipedia page gives a little more detail about 3DES. Encrypting 3 times does not triple the strength of the cipher. However, it also does not weaken it.

So kokjo is pointing out that nobody has proven that SHA-256 has a completely uniform probability distribution.

That does not imply that a second iteration makes the combined hash weaker for the reason fpgaminer pointed out. The example he used was to assume double-SHA-256 has about the same cryptographic strength as MD5. I will make a weaker assumption: assume the second hash has reduced variability because of the limited input size.

Once the attacker determines the intermediate hash in 2⁸⁰ time, they have a problem: they must now break the remaining 'single' hash. I suppose I should prove that later rounds don't undo the work of earlier rounds: but frankly, I don't have the time right now.

Shhh.... if people hear you talk, they'll know you're dumb. 

Some pretty childish bickering going on here but anyway.

There have been many discussions about this subject already, I would dig them out as they have already dealt with these concerns. The best thing I've heard out of it is that the Bitcoin algorithm has been testing for 20years and not even a theoretical weakness has been found by the best experts in the world. I don't think any power of resources could overcome that fact. It would be like 1000 monkeys trying to write Shakespear. The latest theory I've read is that they can decrypt RC4 only which is very old and has known weaknesses (used in WEP wifi and SSL). Despite these weaknesses it is still used very heavily across the web (god know's why).

You can get an addon for Firefox called Calomel if you want to see how regularly RC4 and other is used.

EDITED
https://bt.irlbtc.com/view/288545.0
https://bt.irlbtc.com/view/291217.0

In particular:
https://bt.irlbtc.com/view/288545.msg3091137#msg3091137

It's worse than you think.  All they need is 8 BITS of a SHA-256 message digest and they can backdoor their way to reconstructing your arbitrary length message.  Incidentally this is the same tech they use to store a full year of global telecoms traffic on a thumb drive.