Is there a way to manually locate user's passwords?

Wait, is that safe? You just shared your password.

Is that true as of 2021?

Wait, how long would it take to brute-force that on an M1 MacBook Pro using a compiled binary as of 2021-10-11T07:00:00Z?

No I didn’t. If you actually managed to find a collision against that hash that isn’t binary garbage but also valid UTF-8, it would be some snarky message congratulating you for wasting a couple hundred MW in compute power. Or something along those lines. Or perhaps just “test”, because this was taken from some local development instance. :stuck_out_tongue:

Regarding the security of SHA-256: sha256 - Won't ASIC miners eventually break SHA-256 encryption? - Bitcoin Stack Exchange provides a good extrapolation based on the BitCoin network’s hashing speed.

Tl;dr:

Back in 2018, the combined compute power of the BitCoint network took 10 minutes to compute a collision against the first 17 hex-digits or 68 bits of a SHA-256 hash. We can extrapolate that computing the full 256 bit collision, the 2018 BitCoin network would have taken 7,65 * 10^51 YEARS. Even if the BitCount network’s comput power has grown by a factor of 10 year of year, that’s still many orders of magnitures longer than the lifetime of the sun, and sustaining such growth would consume the entirety of the resources of Earth long before the time needed to find collisions becomes decreases meaningfully.

Bottomline, if the security of SHA-256 is ever compromised, it’s due to some design flaw in the algorithm that allows an attacker to calculate some number of bits analytically instead of using brute force. And if that ever happens, it’ll definitely be in the news. :wink:

4 Likes

Wow. So, there’s no point in trying it, although I’m sure someone is. :slight_smile: