Was SHA-256 cracked? Don’t buy into the retraction!

SHA-256 is a one way hashing algorithm. Cracking it would have tectonic implications for consumers, business and all aspects of government including the military.
It’s not the purpose of this post to explain encryption, AES or SHA-256, but here is a brief description of SHA-256. Normally, I place reference links in-line or at the end of a post. But let’s get this out of the way up front:
One day after Treadwell Stanton DuPont claimed that a secret project cracked SHA-256 more than one year ago, they back-tracked. Rescinding the original claim, they announced that an equipment flaw caused them to incorrectly conclude that they had algorithmically cracked SHA-256.
“All sectors can still sleep quietly tonight,” said CEO Mike Wallace. “Preliminary results in this cryptanalytic research led us to believe we were successful, but this flaw finally proved otherwise.”
Yeah, sure! Why not sell me that bridge in Brooklyn while you backtrack.

The new claim makes no sense at all—a retraction of an earlier claim about a discovery by a crack team of research scientists (pun intended). The clues offered in the original claim, which was issued just one day earlier, cast suspicion on the retraction. Something fishy is going on here. Who pressured DuPont into making the retraction—and for what purpose? Something smells rotten in Denmark!
Let’s deconstruct this mess by reviewing the basic facts:

  • A wall street, financial services firm proudly announces the solution to a de facto contest in math and logic
  • They succeeded in this achievement a year ago, but kept it secret until this week
  • One day later (with no challenge by outsiders),* they announce a flaw in the year-old solution

Waitacottenpickensec, Mr. DuPont!! The flaw (an ‘equipment issue’) was discovered a year after this equipment was configured and used—but only one day after you finally decide to disclose the discovery? Poppycock!

I am not given to conspiracy theories (a faked moon landing, suppressing perpetual motion technology, autism & vaccinations, etc)—But I recognize government pressure when I see it! Someone with guns and persuasion convinced DuPont to rescind the claim and point to a silly experimental error.

Consider the fallout, if SHA-256 were to suddenly lose public confidence…

  • A broken SHA-256 would wreak havoc on an entrenched market. SHA-256 is a foundational element in the encryption used by consumers & business
  • But for government, disclosing a crack to a ubiquitous standard that they previously discovered (or designed) would destroy a covert surveillance mechanism—because the market would move quickly to replace the compromised methodology.
I understand why DuPont would boast of an impressive technical feat. Cracking AES, SSL or SHA-256 has become an international contest with bragging rights. But, I cannot imagine a reason to wait one year before disclosing the achievement. This, alone, does not create a conundrum. Perhaps DuPont was truly concerned that it would undermine trust in everyday communications, financial transactions and identity/access verification…
But retracting the claim immediately after disclosing it makes no sense at all. There is only one rational explanation. The original claim undermines the interests of some entity that has the power or influence to demand a retraction. It’s difficult to look at this any other way.
What about the everyday business of TS DuPont?
If the purpose of the original announcement was to generate press for DuPont’s financial services, then they have succeeded. An old axiom says that any press is good press. In this case, I don’t think so! Despite the potential for increased name recognition (Who knew that any DuPont was into brokerage & financial services?) I am not likely to think positively of TS DuPont for my investment needs.

* The cryptographic community could not challenge DuPont’s original claim, because it was not accompanied by any explanation of tools, experimental technique or mathematical methodology. Recognizing that SHA-256 is baked into the global infrastructure: banking, commerce and communications, their opaque announcement was designed to protect the economy. Thank you, Mr. DuPont, for being so noble! 

CA model must be more distributed, less monetized

My columns, op-ed and feedback appear on many web sites. Among my favorite soap boxes are Engadget, Yahoo, Amazon and The Wall Street Journal. But I also contribute to various technical communities.

Recently, I have become active in InfoSec, the largest of LinkedIn discussion groups. InfoSec participants include a remarkably diverse cross section of information security specialists representing all sides of the security matrix. We have policy pundits, in house security directors, technicians, law enforcement officials & consultants, ethical hackers, and an occasional anti-forensic zealot, like me!

Patrick Gustavsson is Senior Consultant at Cybercom in Stockholm Sweden. This week he posed this question to InfoSec members:

Considering recent problems with certificates, what’s your opinion about PKI?
Does PKI have a future?

Patrick was referring to recent events concerning certificate authorities (CAs) being hacked and the forgery of widely trusted certificates, as was the case with Google’s. Because the CA model is built upon trust for the CA, Patrick was asking if the model is broken and that perhaps PKI was a poor design for the future.

My response: Good question. Wrong culprit!

PKI is not broken. In fact, it is brilliant and durable. The whole concept of digital trust is at thing of beauty and simplicity (Thank you Clifford Cocks, Diffie, Hellman, Elgamal, Kravitz, Rivest. But the trust is misdirected. In the past decade it has become expected that the trust is never P2P, but rather involves central repositories, and that somewhere along the way, certificates must grease the palms of “Central Authorities”.

PKI is not the component that is broken. PKI is just fine, thank you! The technology will remain the linchpin of any secure communication, and eventually of all IP packets including VOIP. (PKI can be enhanced with Sender Bonds, a form of financial risk for packets exchanged between strangers…But we’ll save that for another day!).

Rather, complexity of the CA model is the problem. The certified party is not readily evident, the paths of trust are murky and – most importantly – visitors rarely know why they should be trusted! The solution is easy, but it will require that we (the security specialists), dismantle the trust model…

Ellery’s Solution for P2P Trust: Outside of a communist regime, trust is not something that lends itself to central authority. Trust should always be personal and built on relationships both individuals and “flexible communities” (that is: either circles of trust or trust pyramids), and  save the individual. We must return the Internet to a pyramid of trust (like PGP) and – at the very least – create a mechanism to self sign new relationships as they are developed. The entire CA house is built on an old boys’ network of payoffs and profit. It must not be so. Real trust is built by referral and the 3rd party trust of your own trusted parties, just as it was in the beginning.

Don’t agree? Sound off. Add feedback to this article.