How secure is 256 bit security?

All

And I think by then if people would be still alive we would have 1024 bit secure lock or something

@@clayz1 bruh thats going to be around 3.09e1,292,913,986

exp(2)

@@Owenrandom brruh

Yeah even my brother who set up my wifi router set the password as "password"

A chain is only as strong as its weakest link. You can have the most secure system in the world, but all you need is the wrong user to use 'password' as their password and a breach is inevitable.

Most forms of compromising rely on human error

The human link in the security chain is always the weakest; there's a reason most successful hacks are done with social engineering. (No really.)

@Jonny Nobody so you just replied to a 4-month-old reply that is on a 1-year-old comment and I only have seen your reply now(4 hours after you replied) so new password !1Y4 M4h

Luckier than 4 billion Giga galactic Super computers would most probably be in 507 billion years lmao.

A 1/115792089237316195423570985008687907853269984665640564039457584007913129639936 chance?
That man would be so fucking lucky I'm pretty sure the universe would simply explode from the improbability. I mean, it's on that level

@@lucaslucas191202 chances are low, but never zero!

@@khf3940
So close to zero that you can safely call it zero though. Our brains aren't made to understand such numbers so when we say "not zero" we usually overestimate how likely it is. It's the same problem with the lottery. People buy that even though they mathematically shouldn't.
Because of that it might actually be _more_ correct to call it zero to make people understand what you're talking about.

A 256-bit quantum computer will do it in less than 6 months

we need to write qwertyui because it requires 8 characters

Password hashed is secure just If It have never been hashed, and believe me, It probably have been, unless you take It into account to make your password.
The ingenuos be like: But my password is my birthday and just me have It as birthday!
Ah! Of course no one on earth have the same birthday as you! Hahahah

@@MrRenanwill A password with 990k characters would be possible to hack?

​@@Lucas_strable impropable, but possible

Hash and salt, now you'll HAVE to brute force everything

Taran Van Hemert
Maybe they can use quantum entanglement as some form of communication. Not sure how though.

2010ngojo - Even with quantum entanglement you couldnt do it because it doesnt allow for information to be sent faster than light.

DeusExAstra I need to brush up on some physics

Taran Van Hemert sup taran

I might be wrong, but if you already have some sort of quantum powered way of comunication, then you DON'T NEED to guess in the first place, isn't? what is easier to get? Quantum powered way of comunications or a quantum computer capable to destroy to dust SHA-256 encryption?

I knew it! ....I read ya...

YEAHHHHH!

And that's exactly what hackers try to do. get your passwords or details in some other way than bruteforcing.

Which is actually one of the major reasons cryptocurrencies are such a misguided idea. It's like building a castle made of indestructible stone that has no guards.

I have done the calculations. I discovered that it takes a approximate maximum of 497.1026 centuries for the speed of 4Billion hashes per second.

​​@@harshavardhanamnholla7026Are you sure that is correct? I checkd and it takes approximately 8 × 10^59 years

@@jmiller6066 how so?

nyx211 not really...You see, quantum computing can cut down the required processing time(hence increased processing power) in logarithmic scale, which means cutting down the time needed to "hash" until match is wayyy lower compared to the current day method. So yes, we are quite fucked.

And don't forget that the hash can be guessed in the early stages, not always having to be the last computed hash, so there's a chance to be even faster

They already found solutions to way more secure encryption, so secure it can completely render quantum computers useless. This is done by using other quantum computers.

Lancelot V even if quantum computers turns out to test these billions of trillions times faster it would still be an unbelievable amount of time.

Arthur Machado it is not just billion trillion time faster, it is logarithmicly faster. For example a computer can do x amount of work at a time, the quantum computer can do x^8 amount of work, which is not just *fast* can justify it.

I know it's quite a while ago you commented here but how does it make sense to take 4 billion copies if only 1 percent of 1 copy actually is filled with planets that are important for the calculation?

@@cedrik1031 It's not my hypothetical, ask him that.

@@Superphilipp yeah I know that but I doubt anyone would have seen it if I wrote my own comment, so I just tried my luck with you but thanks for the answer✌

@@cedrik1031 I thought he said imagine that the Milky Way was filled with 4 billion planets where 4 billion peoplee had access to a Googlekilo worth of computers. Meaning that in this hypothetical more than 1% of the Milky Way would be filled with planets

Man this acid is really messing with me

So basically you lose about half the total value.

so the final time to take has to be double

2^22 surpassed, and in the middle in the way to 2^23

Yes, unlike you can not able in English

I think like 10 FPS in 720

But can they run Microsoft Flight Simulator 2020?

@@SBerTtube I had more of a stroke trying to read your comment than the one you responded to

New thing is MS Flight Simulator

uh...hi

We should just be friends

Why don’t you marry him

How could u not apreciate this

We are watching this at practically the same time!

ALittleOff the worst case scenario is implied I guess, Big O wise

ALittleOff so with the giga galactic super computer running for 37 times the age of the universe it is just a 1in 2 billion chance. Got it.

No, it would still be 1 in 4 billion chance

To chime in a year late, ALittleOff was correcting at 0:35 when he says it would take “on average” 2^256 guesses. Worst case it would take 2^256 guesses, but on average, it would take 2^255 + 1/2 guesses.
You can find this with some simple math: Let n = 2^256 just for ease of reading. Since there is a 1/n chance for the hash to be any numbered guess, we can find the average number by adding up the possible numbers of guesses and dividing by n. The number of guesses can be anything from 1 to n. If we add up those numbers, we get n(n+1)/2. Dividing by n gives us (n+1)/2=2^255 + 1/2.

There is no such a thing as worst case in here since(assuming sha256 to be an ideal hash function) every new guess gives you exactly 1/2^256 probability of success independently of previous guesses. Actually, after 2^256 guesses you'll still have failed to find the preimage wuth probability very close to 1/e.

You state that it takes an average of 2^256 guesses to get the correct hash. Wouldn't the correct value for that be 2^255 guesses, as you'd on average search half the solution space? Also, hasn't there been research on some cryptographic hash functions (not sure if it would include SHA-256) which dramatically lower these exponents?

There's been plenty of research. Governments have lots of cash and lots of reasons to find a way to hack into these hash functions, but SHA-256 has not been "cracked" yet. As the previous video says, no one really knows if it's mathematically cryptographically secure because it's very complex math. SHA1 is not secure but only because it doesn't require enough computing power to break. It only takes one Google to crack it. Google "sha1 cracked".

In the video you describe the complexity of a brute-force pre-image attack.
Wouldn't a collision attack work for digital signatures?
The complexity of that for SHA-256 seems to be 2^65.5, which while still not being practical is not as impressive as 2^256.
Edit: 2^65.5 attack that I mention seems to apply only for a SHA-256 with a reduced number of hashing rounds performed (31 out of 64), for a full method there's a 'birthday collision attack' with a complexity 2^128

-2^255 is right on average- [see correction by 3blue1brown below], but complexity theory usually uses big O which is worst case, I think that might be way people often say 2^256. As for collision attacks, finding proof of work is indeed not a pre-image attack, think of the difficulty as bounding a set of elements, and you get a chance for a collision with each of those. But that doesn't apply to digital signatures - in bitcoin those are made using ecdsa, with the secp256k1 curve, and I think it's possible to attack it more efficiently than brute force, but I don't think it's as cheap as a collision attack. As far as the size of the search space, NIST used to recommend 2^80 for being secure for the "foreseeable future", otherwise known as a security parameter of 80 bits, and since the 90s they changed the general to 128. Collision resistance requires a hash that outputs double that bit width, so modern hashes are usually 256 bits (and also why ripemd and sha1 are 160, note that ripemd is used in bitcoin for addresses, on top of sha256 if I remember correctly). Finally, if to attempt to future proof against quantum computing, if you double the bitwidth again then this is supposed to be enough to resist nondeterministic collision searches, which is the main reason to use 512 bit hashes as far as I know.
Update: I should say - regarding ecdsa attacks - I think that because I know I don't know enough about the algebraic structures of elliptic curves, but as far as I know the 256 bit representations have some bias because of them, and also because improperly chosen curves are breakable, but don't quote me on this since I don't actually understand the details.

To the point about it really requiring half as many guesses, (i.e. 2^255 not 2^256): This is true for something like hacking a digital signature, where you are methodically going through all possibilities. But if a cryptographic hash function truly behaves like a random function, guessing and checking a nonce with a hash will not look like going through all possible hashes one-by-one, it's more like rolling a die over and over until you hit a 6, in which the expected number of rolls needed is 6, not 3. While running this GigaGalactic supercomputer, many of the guesses will actually collide, so it is not a methodical search through all possible hashes.
However, as you point out, the actual security on SHA256 is indeed lower than 256-bits. It turns out not to quite behave like a nice random function. But this discussion just centered on an idealized cryptographic hash function.

quaternary It took awhile but we already have 500mh scrypt ASICS. Still Ethereum is only mined with GPUs.

The number of all chess games possible is arround 10^10^50. I love this number.

There is no such thing as a program that is impossible to design an ASIC for.

Impossible is really the wrong word. Impractical is better. It wouldn't significantly improve your efficiency enough to matter even if you did make an ASIC for it, basically.

Amir Abudubai Correct, mostly, though it will just start looking more and more like a CPU ;)
These coins also have the feature that they can modify the parameters without creating a new chain, so you would either need ASICs with redundant hardware (fails the "becoming a CPU" stumbling block), of you would need new ASICs each time this happened (fails by being infeasible due to cost and time)

*try*

actually only computations by a single GPU can't be imagined

the weakness is collision and i think in this case it's not important. with files you can add bytes and so on to create the same hash for 2 different files... with blochchain it's much much harded even if sha256 would be cracked.

The CIA probably already has quantum computers that crack this shit in hours. I mean D-wave is a thing so...

David Vermillion Thats false, Current quantum computers are way weaker than the regular(Binary) computers.

Well... It's important to know how many bits you need in an algorithm where the only option is brute force. And it seems as though 256 bits is enough for that. It tells me that there's no need to jump up to 512 or 1024 or more in order to secure against brute force attacks, we've already got all that we need. How many extra bits of padding is needed to compensate for an algorithm's flaws would require a video of its own.

so do you mean that after enough time patterns start to become apparent and you can start reducing the number of bits you have to guess?

Mr. Rigden's Channel Sub-humans aliens in the Year 70.5 Billion in the future and still to get the private key of Satoshi Nakamoto

@@lagillas The easiest way to solve the problem is to find the root of the problem. The easiest way to crack Satoshi Nakamoto's private key is to point a gun at him! 😳

hey hello

Uh, sure, but not hash functions. Further, Shor's algorithm (which is the one that gets all the hype about this) only works on encryption schemes that depend on factoring large numbers, namely RSA. Since RSA uses prime numbers, it makes factoring the multiple of two of them really hard (the numbers are huge). We can revamp everything to stop using RSA (and already have been, for many, many years) relatively easily, given the impetus that it'll be completely broken soon enough.
We've already got encryption schemes that can run on classical computers that are hardened against both known classical and known quantum attacks. Often they take more compute time and are more complicated to implement, but with how classical computing is still getting faster, and specialized hardware can be built to accelerate encryption and decryption once the standards are set, this really shouldn't be a big issue.

@@liesdamnlies3372 is lattice-based cryptography a candidate for post-quantum

@@absolutezero6190 I wasn't familiar with them until you mentioned it and I did a little bit of reading. Seems like it though.

nah as long as the "checker" has traditional methods, quantum computing wont work.

2^256/(10^80*10^14) is about 1.2*10^-17, so your scenario would actually only take around 12 attoseconds.

approx 2^22.213 so far

Bruh

yea, I think you meant 2^22

​@@ryanKeenN 2^22.27 now

2^22.253 so far

Yet you weren't able to understand when Oscar explained the idea of a budget surplus to you??

Because economic is made up to suit the elites, there's no real logic or science behind it.

+adrian peiron You are right in that many of the existing economic structures were created by the elite to serve the elite.
Modern economic 'science' is applied mathematics. You have to know the rules to led you to a sound methodology. Without that you are just a theorist no better than a hack.
Unfortunately there are certain fields in economics that are stuck in a habit of intellectual masturbation rather than doing something based in reality.

Michael Scott

I think you mean 2^22? 4^22 is... _a tiny bit_ larger.

♫ conversion and currency ♫

♫ I'm a menace, a miner, a hash-figure finder ♫
♫ Gimme a table and in less than an hour ♫
♫ Give the chain a new link in it ♫
♫ Get some bits for fixin' it, Slide 'em in some hooker's tit ♫

♫ so, find that hash for me, find that hash for me ♫
♫ come on, mine, find that hash for me, find that has for me ♫

🎵England is my city 🎵

tits

1 week*

Python is fast. And you should know that printing to the console is an IO task and C++ isn't that much faster than any other programming language at doing that.

@Omar alpjaly For the differences between languages being "very small and hardly noticeable", python sure takes 62 times longer than c++ to count to 2^32 - 1
Yes I tested it

type these in a ubuntu terminal:
sudo apt update
sudo apt install crunch
crunch 1 128 01

@@chappie3642 considering that it's a fucking TH-cam comment, it should be obvious why a smaller line count as well as more readability is more desirable than execution time, because guess what, everyone READ the comment as opposed to execute it.
Furthermore, if you still insist on execution time mattering, then I'm sure that you'll be thrilled to know that since the bottle neck in both cases is the console, both python and c++ have the same execution time as they're both faster than the CLI's output capability. In other words, by using python, you'll literally write 2 lines of code to achieve the same result in the same time as if you did it in c++.

Tim Swast です

Thanks! I think a second Q&A round will be in order soon.

Video is in 60fps

1 kilogoogle of computing power for rendering frames

Well, he is a mathematician and a programmer...

It's because he uses his self developed animation library "manim", written in python.

@@vinzer72frie i heared that humans can only hear 30fps

steve martin what's that analogy?

Not as large as a Googol :)

CarBricksCity and a Googol isn't even anything near Grahams Number.

graham Number is infinite time smaller than infinity

But can it run Crysis?

It's a relativ large number

So 2^255 guesses

@@aarushparvataneni3249 Oh yeah that's true

I think it's 2^256 on average. You may guess a new message which evaluates to a hash you've already seen before.

No. I just replied to another comment about this, where 3blue1brown himself commented: "While running this GigaGalactic supercomputer, many of the guesses will actually collide, so it is not a methodical search through all possible hashes". So yes, if you do it this way you can expect to find the answer after only checking half of the pool:
Have a list of all 256 bit numbers, guess 1 & remove it from the list & calc the hash & check it, repeat until you have the hash you want.

No. You could guess 2^1000 times and still get it wrong, there's no "at most guesses" in probability.

Twin Helix you mean Pi to 3:30

Twin Helix I

0817283866

yes

yes

Yeah exactly they need to communicate to not try the same thing some other computer already did.

@@sayamqazi and that, will use petabytes of ram, and even an i9 propably can't handle it

phyrexkasgaming definitely* also, we would have different processors for maximum efficiency and just communicate it all through a database. The computers would each have assigned images which they process into hashes and repeat. That’s how I would do it, but we would be limited heavily by physical and storage space.

They don't really need to communicate at all. When you assign the problem you can easily just say that A solves numbers 1 to 1000, B solves numbers 1001 to 2000 etc. Report back if you have something. Then you just wait for someone to report back that they either are out of numbers to solve or have solved it.

@@ShadowManceri Horray for basic software engineering logic. ... Sadly in short supply at most schools that teach software engineering but whatever...

Yes cant do much if the end users are stupid

already happened, infinitely many times

But it would also take infinite time to transmit the correct answer back to earth.

@@MAUROtele thar comment already happened an infinite amount of times

@@theodiscusgaming3909 not if it got there an infinite time ago

@@B-DINO the universe has a finite age though

+Abhishek Shivkumar I thought the same...

Not really, since the outcome of the hash function is unpredictable, it can (and it does) give the same output for different messages, so basically, in each try you'd have 2^(-256) chance of guessing it right independently of how many tries you've done before.
That gives you sum over n of n*p*(1-p)^(n-1) from n=0 to infinity average guesses (where p=2^(-256)), which you can solve using n*(1-p)^(n-1)=-d/dp((1-p)^(n)) and trying to write the sum as function of it's derivative and solving the differential equation, or alternatively writing n*(1-p)^(n-1) as (1/(1-p))-*-((n+1)-*-(1-p)^n-(1-p)^n) and trying to write the sum as function of itself and solving the linear equation. Or even more alternatively, you could plug that on wolfram and see that when m goes to infinity (the sum goes from 1 to m) the sum goes to 1/p, which is 2^256.
Another thing is that the average amount of guesses isn't necessarily when amount that gives you 50% chance, that's the median. But since if we could avoid doing repeated guesses the probability would grow linearly, the 2 would coincide.

Yes, after you checked half of them, the chance of having found the right hash would be 50%. This would also be the average time it would take to find the right hash.

is not 255 vs 256 remember that he group them in 8 groups of 2^32

So the difference is actually 2^224 vs 2^256

Ricardo Milos 🙄😂

😂😂😂😂 absolutely 👍

+1

quantum computers in 2024??? LOL!!! do you mean 50 years later?

Quantum computer can only break RSA with has keys of 2048 bit 256 bit RSA has been Made useless and quantum computers Cannot break AES

ArcadiaCv I’m not sure it’s broken. A weakness that only makes AES128 for instance 3-5 times easier still seems pretty secure.
My general rule is assume key length /2 is the effective key length. That accounts for weakness that don’t actually break the algorithm directly like some hidden oracle yet to be discovered.

Late to the party.
First thing first, I fully agree that the title is misleading for the reason you mentioned.
That said, "already broken" comes across as misleading on its own, at least for a layman reading your comment. You already know this, but I still feel the need to explain the comment to everyone who doesn't know cryptanalysis: While completely correct in the scope of cryptanalysis, the biclique attack makes it ~4 times easier to break AES-128 (equivalent to breaking 126.1 bits in brute force), ~5 times easier to break AES-192 and ~3 times easier for AES-256, which, AFAIK, still is far off the computational capability of anyone.

Instead of 2^256 you need to check 2^254 how is that broken?

@@Mojkanal1234 I believe it's four bits, so 252. Anyone who claims that 252 bit isn't secure and is broken because it's weaker than 256 is straight up smoking crack.
We're still taking about computational times approaching the heat death of the universe, so it makes no difference if it's weaker.

"But let's give it a try!"
Giggity!

Don't ever go to Las Vegas.

Friendly advice: You should not try gambling ever.

But it would still be a 'Guess'.
Try to calculate the probability of guessing the correct answer twice. :)

@@sarthaksharma4816 Due to how exponents work I think the answer is 2^258 which seems like a difference but that's really pretty massive.

@@sarthaksharma4816 Correct me if I'm wrong, wouldn't it be for guessing it once :
1/(1/2^256) = 1/1.1579208923731619542357098500869x10^77‬
And then to guess it twice you square it? So, 1/1.3407807929942597099574016910872x10^154‬

To show you how big 2^256 is: 00:00

That's small. Very small.

@@carbrickscity its not small you can just compare it to a bigger number

If you compare it to daily numbers then yes it is big but compare to the world of big numbers it's small compare to even googol, which is just the beginning of big numbers. There is an infinite number of numbers bigger than it.

@@carbrickscity Yes but compared to how fast computers can generate and guess numbers it is really big. Imagine flipping a coin 256 times and you need to land on heads every time. How long will it take you to get there? A really long time. Granted, a computer can generate number much faster than you can flip a coin but the problem remains - it will take a really long time. You will reach the heat death of the universe before then. And, in a couple years, SHA-512 will be adopted and now the problem is significantly longer.

We would be indeed. Also, quantom Computers. (Probably)

www.quora.com/Is-cryptographic-hash-inversion-believed-to-be-NP-complete-or-NP-hard-etc

If P=NP and an AI generated, we would be fucked^256

Not necessarily. Even if P = NP, you still would have to show which P replaces the current NP. Not easy.

I don't think there is any algorithm for quantum computers that easily solve hashes. And currently, making them say 15 = 3X5 is a big success, so I think there is no need to worry before a few years/decades

🙃

first guess: 01000101101001001010101001111100101000101101001001010101001111100110010001001011100101010101010110100010101001010110101010010000010100010110100100101010100111110010100010110100100101010100111110011001000100101110010101010101011010001010100101011010101001000001

000011001101010101010101010101101010101010101001000010101020101

@@guardianangel1468 I'll use your guess as my key, thanks

@@garrettzucker2894 wait, that's illegal

is used by 1/(4 Billion) people

That name made me think of C++

Google+ next gen (but stille not popular xD)

We can only wonder why it wasn't ++Google. What is it with people and disliking prefix?

LunarCoffee because it takes longer to recognize what it actually is about? Would be my guess.
I.e. For c++, when the 'c' is spoken, I know it's about a programming language and am then waiting to hear which one.

I do invest and refer people to Mrs.ChangChang because she is the best trader I have seen

You can can reach Her on what:::::::::app

🇱🇷.+1......46/9-3[12-2)97....1

Admin Panel, Bootstrap, On-line chat, Responsive, Sample Data Installer, Theme Color Switcher. e-web.top/category/security/

This video is pretty misleading. It's a good illustration of how big a 256 bit number is, but NOT a good illustration of how secure 256 bit security is. These cryptographic hash functions are broken and need to be replaced every few years. This happens because weaknesses are found in the algorithm that make them easier to guess, and has very little to do with raw computing power. SHA-1 is now considered dangerously weak, and output 160 bits. No one made a computer that checked all 2^160 combinations. People found weaknesses in the algorithm. This has been true for almost everything in cryptography from the Enigma to MD5.