[Cryptography] Securing cryptocurrencies
Bill Cox
waywardgeek at gmail.com
Wed Mar 11 18:30:30 EDT 2015
On Tue, Mar 10, 2015 at 10:26 PM, Peter Todd <pete at petertodd.org> wrote:
> It's worth considering that Bitcoin's SHA256 proof-of-work *is*
> performing some very usful mathematical research with real-world
> implications that answers the following question:
>
> Is SHA256 broken?
>
>
BitCoin has also shown that the typical PBKDF2-SHA256(1000) is essentially
broken. About 1/2-ish of all user passwords are likely to be in an
attacker's 5-million-ish entry dictionary. See 10-million-combos.zip -
over 2.5 million of the first 5 million users' passwords occur in the
second 5 million. These passwords can be brute-force guessed by ASICs in
about 2.5 million guesses, where the guessing hardware costs $1 per 1
billion SHA256 per second. An average password in the dictionary is broken
in 5 seconds (two SHA-256 calls per guess) on $1 worth of hardware,
assuming the attacker has bought enough of them to get to the economy of
scale that the BitCoin miners have achieved.
We didn't know this before BitCoin. I did some back-of-the-envelop
calculations, but never guessed ASIC attacks could be this brutal.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150311/baf6c4ce/attachment.html>
More information about the cryptography
mailing list