In the main video on cryptocurrencies, I made two references to situations where, in order to break a given piece of security, you would have to guess a specific string of 256 bits. One of these was in the context of digital signatures and the other in the context of a cryptographic hash function. For example, if you want to find a message whose SHA-256 hash is some specific string of 256 bits, you have no better method than to just guess and check random messages, and this would require, on average, 2^256 guesses. Now this is a number so far removed from anything that we ever deal with that it can be hard to appreciate its size. But let’s give it a try. 2^256 is the same as 2^32, multiplied by itself 8 times. Now what’s nice about that split is that 2^32 is 4 billion. Which is at least a number we can think about, right? It’s the kind of thing you might see in a headline. So what we need to do is appreciate what multiplying 4 billion times itself 8 successive times really feels like. As many of you know the GPU on your computer can let you run a whole bunch of computations in parallel incredibly quickly. So if you were to specially program a GPU to run a cryptographic hash function over and over, a really good one might be able to do a little less than a billion hashes per second. Let’s say that you just take a bunch of those and cram your computer full of extra GPUs so that your computer can run 4 billion hashes per second. So the first 4 billion here is going to represent the number of hashes per second per computer. Now, picture four billion of these GPU-packed computers. For comparison, even though Google does not at all make their number of servers public, estimates have it somewhere in the single-digit millions. In reality, most of those servers are going to be much less powerful than our imagined GPU-packed machine. But let’s say Google replaced all of its millions of servers with a machine like this. Then four billion machines would mean about a thousand copies of this souped-up Google. Let’s call that one KiloGoogle worth of computing power. There’s about 7.3 billion people on Earth, so next imagine giving a little over half of every individual on Earth their own personal KiloGoogle. Now, imagine four billion copies of this Earth. For comparison, the Milky Way has somewhere between 100 and 400 billion stars. We don’t really know, but the estimates tend to be in that range. So this would be akin to a full 1% of every star in the galaxy, having a copy of Earth, where half the people on that Earth have their own personal KiloGoogle. Next, try to imagine 4 billion copies of the Milky Way. And we’re going to call this your GigaGalactic Super Computer, running about 2^160 guesses every second. Now four billion seconds? That’s about 126.8 years. Four billion of those? Well, That’s 507 billion years, which is about 37 times the age of the universe. So even if you were to have your GPU-packed KiloGoogle per person multiplanetary GigaGalactic computer guessing numbers for 37 times the age of the universe, it would still only have a 1 in 4 billion chance of finding the correct guess. By the way, the state of Bitcoin hashing these days is that all of the miners put together guess-and-check at a rate of about five billion billion hashes per second. That corresponds to one-third of what I just described as a KiloGoogle. This is not because there are actually billions of GPU-packed machines out there, but because miners actually use something that’s about a thousand times better than a GPU – Application Specific Integrated Circuits. These are pieces of hardware specifically designed for Bitcoin mining, for running a bunch of SHA-256 hashes and nothing else. Turns out, there’s a lot of efficiency gains to be had when you throw out the need for general computation, and design your integrated circuits for one and only one task. Also, on the topic of large powers of two that I personally find it hard to get my mind around, this channel recently surpassed 2^18 subscribers, and to engage a little more with some sub-portion of those 2^18 people, I’m going to do a Q&A session. I’ve left a link in the description to a Reddit thread where you can post questions and upload the ones you want to hear answers to, and probably in the next video or on Twitter or something like that, I’ll announce the format in which I’d like to give answers. See you then.

don't forget to ask siri/alexa/google what 2^256 is for lolz

Then you're just lucky and the first guess your computer makes turns out to be correct lol

Message: It is safe.

Just pray and hope for the best! ๐

And yet, everything gets hacked. Your exponent is irrelevant.

I wish I had a like button who's value would have been 4 Billion Likes. ๐

I know itโs a old video now, but it would be awesome if you could explain the different algorithms and how they work or differentiate from each other like X11 (DASH) and Equihash (BTG) or Blake or what not ๐

(I already posted this on the main video, bit i hope it will get recognized if i post it more often๐ )

"…so you're telling me there's a chance!"

By secure, you mean extrapolating 256 bits into human language, yes? Else it is just 256 bit secure.

that shit ain't secure, there's collisions, loopholes, compressions, backdoor extractions.

The decryption would actually take 2^255 guesses on average.

2^256 guesses is the worst case scenario because there are 2^256 possibilities!

Cool – thanks !

brute force is the last resort of the ignorant. probably easier to devise a turing oracle and quicker in the long run.

very scary to think that the best thing we have in security is a race against time to find a better computer.

All of SHA softwares on market including bitlocker are either using unsafe key storing method, able to be hacked when software is running or even backdoor-planted. So for safetest solution for your company, build a encrypting software by yourself. Or it's like 30kg Titianium lock on a wooden door.

2^20 subs by the way

More importantly, e^14 subs!

How about 2^kiloGoogle++

quantum computer with 256 qubits will spend 1 sec to deal with it)

ูุฑุฌู ุชูููุฑ ุงูุชุฑุฌู ุฉ ุงูุนุฑุจูุฉ ๐ญ

I once saw an argument based on energy rather than speed that followed this very general outline:

Suppose you had a computer that operated at absolute maximum theoretical efficiency, so that there was no way it could possibly use less energy to flip a bit from zero to one, or one to zero. Suppose that's all this computer did: flip a single bit from one to zero and back again, over and over. (No counting: that's too complicated, reserved for a future version of the system. Certainly no complicated hashing or other common brute-force crypto-attack techniques: this is just a prototype.) Suppose you put this computer in the most naturally-cold place in the universe, to maximize its efficiency. (Don't want to spend energy on cooling, only on bit-flipping.)

Now suppose you could capture the entire energy output of a standard-size supernova, and feed this energy into your super-cold bit-flipper–assuming the existence of whatever energy-storage technology would be necessary to spread out the energy consumption over whatever time interval the bit-flipper required.

A supernova's worth of energy would be enough to power the bit-flipper through about 2^192 bit flips; which means you'd need to feed in 2^64 supernovas to get all the way up to 2^256. So that's version 0.1. By version 1.0, you'd need an actual crypto-attack algorithm, rather than just bit flipping, where each of the 2^256 attempts would require hundreds of thousands or maybe millions of bit flips. But..first things first.

So I probably have the numbers wrong, and perhaps some of the details as well…but that was the overall shape of the argument. I'd love to see you do a video on the real argument with actual numbers.

It's less about how secure it is and more about how you implement it in code.

I just want an hour long video of a growing binary number at 0:11

I love this video.

However, it's misleading to say, as is commonly said, "no better way" to find the answer is to guess randomly. The reason this is misleading involves a pretty cool concept: posterior probability. Lacking this concept leads to insane energy waste. It would be interesting to hear you tackle this concept.

Here comes social hacking

more please ! more abut math in computer science

this amazing! ! !

wow !!!

You lost me at kiloGoogle.๐๐๐๐

And what about quantum computers?

Hella.

This makes Quantum Computing even more terrifying.

How would you know if you got the correct code? I guess you have to try every possible combination by entering it as a the password on the website. Is that going to happen?

where and how do you learn this stuff?

encryption i mean

Why the hell is this description translated by translator to polish? I'm polish and I totally can't understand a shit. Please turn this disabled feature off.

1.1579208923731619542357098500869e+77

There is still a chance it guesses the correct number on the first try

The problem with these kinds of videos is they don't really describe a realistic scenario. Most importantly, they neglect to explain the fact that security is only as strong as the weakest link.

Sure, if you find a random hash and the only information you have about it is the hash function and the fact that the input was 256 bits, then yes you have 2^256 possibilities. However, in reality that is rarely the case when the user is involved. If the 256bits are a 32 character/byte long password, then an assumption of 96 options per byte is not too unrealistic. It represents roughly all printable characters in 7 bit ASCII. This reduces the complexity by about 40 000 billion. So instead of a 4 billionth chance after 37 times the age of the universe, you have a roughly 400 000th chance after 126.8 years. It is of course, still a ridicules large amount of effort. If we throw in the ASICs, we can of course slice the number by 1000 and end up with 1/400th chance. Still an impractical amount of effort given galaxies of super computers.

Now lets assume that we know that this password is from someone a little bit more stupid and unaware. Lets say the password is only lower case a-z. This gives 26 options per byte and thus 26^32 options in total. This is still 256 bits into the hash function, but we know the complexity of the input is far lower. In fact, it reduces the complexity by about 6*10^31 or 60 000 billion billion billion. In other words, the giga galactic super computer has a roughly 1/900th chance of solving this every second. If we throw in ASICs, it should solve this every second even at worst case. Still ridiculously impractical, but also very far away from what this video describes. However, if we start stripping out more complexity, say reducing the input down to 12 characters, each with 26 options, we are left with a complexity of 26^12, roughly 95 million billion or something a single computer with ASICs could solve within 47 days at worst. Still 256 bit security, but knowing the true complexity means it's solvable.

I don't know what I am watching. Seems great, though.

Oh my god… This is mind blowing. So well explained. Thank you. I want some bitcoin now. LOL

imagine getting it in the first guess…

Why would the average number of guesses be 2^256? Isn't the the maximum number of guesses you would have to make?

The fun thing here, is that there still is a chance to guess it first try…

I'm Italian, we solve problems in other ways… For example you just have to put a false information at the beginning of the blockchain to create a disaster… That's something to think about, not the security of the data sent. My opinion

5 years later…

how 256 bit encryption is useless thanks to quantum computers

0:30 wouldn't it require at most 2^256 guesses rather than "on average"? Am I missing something?

It is more secure than 128-bit security, but not as secure as 512-bit security.

i used to program radios with AES 256 bit encryption, i couldnt do the math then but i realized it's virtually impossible especially when keys are changed at least daily

Until quantum computing gets around

"next, try to imagine 4 billion copies of the milky way" … okay, I'm out.

i bet that my commodore with 128mb of VRAM can find the correct hash in less than an hour

Good theory, but you don't explain all the factors of pen testing, 256 is somewhat secure, but if you know a certain way someone codes or their theories of math, and you account for those factors, I'm sure you can severely cutdown the time for a brute force hack, not to mention looking for random data sets, that you know would be in the message, i.e you know who it's addressed to. That's how they broke the enigma machine. Not everything is boiled down to a math formula x = y2.

This channel will soon surpass 2^21 subscribers 2097152

I am from 2042, and our computer can take 2^512 Hash per second now, 2^256 is

SUCKNo matter how many "kilogoogles" you have, the server you are trying to crack would be instantly ddosed by all these tries to find the correct password.

And… It's still safe even if you use a quantum computer?

In Encryption We Trust

I want a Giga Galactic Super Computer.

Got some extreme problems to solve.

Can't we use a quantum computer to explore all 2^32 possibilities in one 'quantum step', for example, once Google bristlecone is quilt?

you are approaching 2^21 subscribers now!

I thought it was kylo google. Like Kylo Ren.

facepalmas soon as he said 'copies of earth', I lost track ๐

3:28

Awesome….Finally I understand how huge number it isWell, what about quantum computers? I guess that will solve the encryption

man i fuckin love you

Explicaรงรฃo perfeita

Olรก, meu comentรกrio รฉ em portuguรชs, em meu paรญs tem um jogo de loteria que vocรช pode ganhar um prรชmio em dinheiro se acertar 6 nรบmeros entre 01-60, a chance disso รฉ 1:50 milhรตes numa aposta simples de 6 nรบmeros, se isso for convertido em bits seria aproximadamente 25,57545 bits de criptografia q a pessoa teria uma chance de acertar, ou seja algo surreal e difรญcil.

he probably showed a few dudes password.

3:15 is why you came here

1.7M subs in 2 years

How could my calculator get the answer of 2^256=1.157*10^77 instantly?

My personal favorite "big number" is the number of atoms in the universe – about 10^80 (Wikipedia), or 2^83. Molecules vibrate at 10^13 .. 10a^14 Hz – call it 2^17. So, if every atom did one guess-and-check every time it twitched, you'd still need 2^156 seconds – about 2^40 years, which is 250 times the age of the universe.

NSA created, enough said.

4:23, now the channel is ยฝ of 2^20 in a span of 3 years! 2^256 will take a long time to crack!

hacker RNG god

Shor's Algorithm: i'm about to ruin this man's whole career

I looooooooooooooooove your explanation

I think this may be the best visualisation/conceptualisation of large numbers i've seen! Thank you!

2100, quantum computers era. A power of a galaxy of kilogoogle computers in your hands, as a gift in laundry detergent.

On average 2**255. One half of Al possibilities

to sum up my brain while watching this

what

You are now 2**21

Imagine sending this in words as a donation message on livestream.

3 blue 1 brown always comes In clutch with the visualizations. This reminds of combinatorial explosion, and how often it comes up in real world problems, it would be interesting to see you make a video going into depth on this topic.

quantum computing plz

you are the best OBusly

Enter Quantum Computing

The funny thing is, even though 256 bit is really secure, a number of people are just dumb enough to just tell attackers their password.

So how powerful would a quantum computer have to be to threaten 2^256 bit encryption? That seems like a tall task now that it makes slightly more sense.

look how cute that pi is

Eh, I want 1024 bit plz

we all know that quantum computers have no problem to invert sha256 . irony off.

The said quantum computer will not only calculate the original input of the sha256 function

but will also calculate the 8*255+7 (?) solutions which are only 1 bit off.

And it will calculate the (insert large number) solutions which are 2 bits off. And so on.

Will be big fun to extract the solution which is 0 bits off only.

Quantum computer : hold my beer!!!

Why do miners need only 10 minutes to brute force the solution? DO they know a part of it already from previous transactions? And if someone attacks what is the difference? You can't use the known part of the solution for a collision attack?

So… You're telling me there's a chance?

"A really good one" a 2080 ti has a hashrate of about 50 MH/s

What about the new GPU Cerebras WSE?

The genius behind my 4btc hack in my wallet is [email protected],com

Hey you!! I know how bad you want to double your Btc. Why not contact [email protected],com and save your stress

You must be looking for a real bitcoin miner. [email protected],com is specialized in software and cryptocurrency mining. Her services is free of charge

guess I can verify [email protected],com for the genius hack she has done โ . She got me 1BTC with her hacking skills. Free script

People need to understand that SHA256 is just a hashing algorithm and not a encryption algorithm. With encryption, you need a algorithm to encrypt the data and a algorithm to decrypt the data so it can be read via plaintext. Hashing algorithm's are a 1-way street, meaning it will scramble your message, but you cannot unscramble it and get the original message back. When people are trying to find the right SHA256, what they are really trying to do is just find a copy of 'YOUR' SHA-256 that the computer accepts as its key. This is good for hiding your private key values, as the number of guesses is so astronomical, that even modern day computers can't keep up. SHA-256 is good for providing Integrity, making sure data itself has not changed, however please do not mistake it for encrypting your data as it does not do this. So when you think of security, you can think of SHA-256 as a good tool for making sure data has not be changed (providing integrity), but not providing security to the level that encryption can offer. SHA-256 is used for many encryption services, masking the key to encrypt and decrypt, through the hashing algorithm itself.