
Has SHA-256 been broken? - furtheranalysis
https://www.treadwell-stanton.com/services/latest-news
======
intsunny
Everything points to fake news:

1) The copy is not great, and is not of the standard you would expect from a
supposedly American company: "In accordance with its disclosure policy,
Treadwell Stanton DuPont won't be saying exactly how they did it — because
once the proof-of-concept is out, anyone with enough computing power will be
able to produce a SHA-256 collision, rendering the algorithm both insecure and
obsolete."

2) The phone number listed is 917, which usually (not always) is for mobile
phones in NYC. (Which finance firm can't afford a nice 212/800 central number
from Verizon?)

3) Their About Us page doesn't actually list any real names of executives and
directors: [https://www.treadwell-stanton.com/about-us](https://www.treadwell-
stanton.com/about-us)

4) Their email is hosted by Godaddy:

host -t mx treadwell-stanton.com treadwell-stanton.com mail is handled by 10
mailstore1.europe.secureserver.net. treadwell-stanton.com mail is handled by 0
smtp.europe.secureserver.net.

FINRA, SEC, etc would probably not be pleased with Godaddy email.

~~~
teilo
This is not a quick fake site. Too much went into it. Also, their social media
profiles go back to Oct. 2017. If it's a fake company (and that seems likely),
they are playing the long con.

Their "address," 30 Wall Street, is for a virtual office business center,
Capstone Executive Offices. [https://liquidspace.com/US/NY/new-york/your-wall-
street-offi...](https://liquidspace.com/US/NY/new-york/your-wall-street-
office)

In any case, this announcement seems to be a vaporware pump-and-dump scheme
for a bitcoin accelerator:
[https://www.facebook.com/TreadwellStanton](https://www.facebook.com/TreadwellStanton)

The timing of their first Facebook post is within 6 months of when they
supposedly broke SHA256, so that definitely says long con.

~~~
teilo
AND they are associated with a lotto computer scam: [https://neural-
lotto.net/index.php/en/kga6](https://neural-lotto.net/index.php/en/kga6)

------
FiloSottile
By some unknown blockchain miners with no proof that want to sell you one of
25 units instead of operating them using something something quantum? No, it
wasn't. Come on.

------
maaaats
While not saying how they did it, shouldn't they be able to prove it? By
showing some colliding hashes or so?

~~~
masklinn
It's not just that, they're claiming computationally feasible preimage attack,
something which AFAIK has not been feasibly achieved in SHA1 (SHAttered is a
collision attack).

~~~
johnsilver19
A preimage attack still isn't feasible for MD5. What an absolutely ridiculous
claim they made.

------
vardump
Looks like an attempt to manipulate Bitcoin value? Pathetic.

~~~
mtmail
From the article "it is not our intention to bring down Bitcoin, break SSL/TLS
security or crack any financial sector security whatsoever."

~~~
AmazingTurtle
That's exactly what one would say when he had the intention to do that.

------
Wheaties466
Heres the Outline link, if anyone is having trouble visiting the original site
like I was.

[https://outline.com/54ReCb](https://outline.com/54ReCb)

------
rdl
OK, we've now found something even worse than the stupid "best logo
competition" for vulnerabilities.

------
exabrial
Has been /.-ed to death already. Anyone have a snapshot?

~~~
lol768
[https://webcache.googleusercontent.com/search?q=cache:7M6t0i...](https://webcache.googleusercontent.com/search?q=cache:7M6t0ia3SfYJ:https://www.treadwell-
stanton.com/services/latest-news+&cd=1&hl=en&ct=clnk&gl=uk&client=firefox-b-d)

