I believe this question exhibits a lack of understanding of what "mining" Bitcoins means. Or possibly how Bitcoin works. Or both.
Mining Bitcoins is simply a search for an SHA256 hash matching a certain set of criteria. The mining hardware could theoretically be used to search for hash collisions faster than previously existing hardware, but that is of limited utility in the scenario of trying to find a specific hash collision (i.e. one that allows you to decrypt a file or login to a system) rather than one that meets certain qualifications (but doesn't have to be an exact match for one unique hash).
The set of possible values is so large that even the next generation of ASIC mining hardware (which will continue the exponential growth of worldwide hashing power) would require hundred or thousands of years (I don't know the specifics and can't be bothered to find the numbers with specificity), on average, to find a specific hash. SHA256 is still strong, even assuming a vastly larger pool of searching machines.
In short: Bitcoin mining is not "cracking" SHA256. It's gambling on finding a hash that has one specific (rare, but not even close to unique) characteristic. Finding one, just like winning at poker or at the roulette wheel, does not make the next round easier.
>even the next generation of ASIC mining hardware (which will continue the exponential growth of worldwide hashing power) would require hundred or thousands of years (I don't know the specifics and can't be bothered to find the numbers with specificity), on average, to find a specific hash.
It would take much longer than that.
The current hashing power of the entire Bitcoin network is ~5 PH/s. If we assume it will increase 200x over the next generation of ASICs (this is unlikely), it will still only be ~1 EH/s. That's 1e18 hashes per second, or 3e25 hashes per year. Finding an input that hashes to a specific 2^256 bit hash would take, on average, 2e51 years. The universe is only 14e9 years old.
What if someone is collecting everything, including the misses, from bitcoin mining and running some sort of statistical analysis on it to determine if there are patterns in the noise.
Bitcoin mining generates 160 quadrillion bytes (160 Petabytes) of misses per second. The limit would be the amount of data that you could reasonably store and analyze, and we were at that limit long before Bitcoin came around.
(Although you can't actually collect the misses from other miners, because they never publish them).
true. It is however, possible that some statistical analysis can be run on the hits, although interpretation would be convoluted since the initial value is SHA'd twice.
Slightly. Bitcoin mining encourages people to build SHA256 crackers. It's not inconceivable that these things could be repurposed to attack other types of SHA256 attacks besides those relevant to the BTC block chain.
When "other SHA256 purposes" are implemented correctly, this is no issue at all. For example hashing passwords should use bcrypt or something similar, and HMACs should use long enough keys. While you may increase the search speed with ten orders of magnitude, it's still well beyond our current capabilities to successfully crack any SHA-2 hash.
See also the answer I just posted on the SE question.
Since the hypothetical brokenness of SHA256 is unknown, can we be sure there is a "correct" way to implement "other purposes"? Surely, it's conceivable a new attack could exploit an unforeseen weakness in all those uses.
I'm not sure it does encourage the use of SHA256 crackers.. It's about looking for/generating a particular hash, not cracking or breaking a hash; all that these miners do is generate more hashes quicker.
I usually find stackexchange's discussions more than ample. There are many sites whose comment system and content could use a re-hashing by HN's nerdery, but stackexchange isn't one of them. (Unless we are playing the wayback game of re-posting a question from several years ago).
Yes. Sorta. Depends if you believe that the NSA is responsible for creating bitcoin as a means to get millions of CPU resources for free, which could be used to crack SHA and to track the comings and goings of criminals.
It is not so far fetched. Since we don't know who really created it, and we know that for something that the government should have been very "anti" and yet seem to have left it alone.
I am not one for conspiracies, but if it walks like a duck, and you haven't heard it make a noise who is to say it isn't a duck?
This would be a very ineffective means of attacking SHA256. The terahashes being thrown at Bitcoin mining are effectively wasting 99.9999% (more at this point, actually, due to difficulty scaling) of their hashing power, if that were the goal. If someone wanted to design a cryptocurrency that helped crack SHA256 (or any other algorithm), it wouldn't look like Bitcoin.
The hashes that come out of bitcoin mining aren't just any ordinary hash you could use to crack passwords, though. The hashes have to begin with a number of 0s corresponding to the difficulty.
Most password hashes (including the salt) hardly have these 0s so even as a lookup table the blockchain isn't very good.
Yes, nothing to do with prime numbers. SHA-2 uses some constants. A lot of cryptography needs constants for various reasons. There is always some concern that the creator chose specific constants that weaken or give them a backdoor to the crypto scheme. To reduce this concern, they often choose constants from some simple mathematical basis, perhaps the numbers '1234567890', or digits of pi, etc. In SHA-2's case, they used the first 32 bits of the fractional parts of the square roots of the first n primes.
The numbers they use are not primes, nor are primes useful in any way for attacking SHA. The algorithm still has nothing to do with prime numbers.
Mining Bitcoins is simply a search for an SHA256 hash matching a certain set of criteria. The mining hardware could theoretically be used to search for hash collisions faster than previously existing hardware, but that is of limited utility in the scenario of trying to find a specific hash collision (i.e. one that allows you to decrypt a file or login to a system) rather than one that meets certain qualifications (but doesn't have to be an exact match for one unique hash).
The set of possible values is so large that even the next generation of ASIC mining hardware (which will continue the exponential growth of worldwide hashing power) would require hundred or thousands of years (I don't know the specifics and can't be bothered to find the numbers with specificity), on average, to find a specific hash. SHA256 is still strong, even assuming a vastly larger pool of searching machines.
In short: Bitcoin mining is not "cracking" SHA256. It's gambling on finding a hash that has one specific (rare, but not even close to unique) characteristic. Finding one, just like winning at poker or at the roulette wheel, does not make the next round easier.