We broke 92% of SHA-256 – you should start to migrate from it
logicallee
60 points
67 comments
March 27, 2026
Related Discussions
Found 5 related stories in 50.2ms across 3,471 title embeddings via pgvector HNSW
- Quantum frontiers may be closer than they appear OJFord · 17 pts · March 29, 2026 · 42% similar
- Quantum computer researchers: Bitcoin encryption breakable in a few years croes · 15 pts · April 03, 2026 · 41% similar
- Safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly madars · 30 pts · March 31, 2026 · 41% similar
- The State of Immutable Linux JustinGarrison · 24 pts · March 27, 2026 · 39% similar
- Claude loses its >99% uptime in Q1 2026 timpera · 83 pts · March 27, 2026 · 39% similar
Discussion Highlights (19 comments)
logicallee
In the linked work, we've broken 92% of SHA-256 across its full 64 rounds, and were encouraged to publish it by the leading cryptographer in the field (who held the previous record). Currently, SHA-256 is the basis of TLS certificates, bitcoin, and many other security applications. We think it is time to begin to migrate to other hash families, because we expect the rest of SHA-256 to fall soon.
jimjeffers
Is this real? The website does not look credible.
pixelpoet
Are you sure you asked enough times for money on the website? I only counted 5 instances, not counting the AI-produced PDF doc.
pavel_lishin
> Secure hash functions are used to make a short version of a large file. Ideally, it has several properties including making it infeasible to find two files with the same cryptographic hash. We've just gotten 92% of the way there. This has security ramifications in that other researchers are expected to be able to complete the work through similar methods as explored in the paper. We weren't sure if this was a remarkable result, since it's not a full collision I thought this meant they were able to generate collisions for 92% of files/hashes they tried, but it sounds like they're able to generate hashes that are 92% identical?
kstrauser
For a shorter executive summary, what does "broke" mean here? Can you reliably produce collisions now for 92% of SHA-256 digests?
helterskelter
I'm skeptical.
mkeeter
The "Intermediate Report" [1] lists the authors as "Robert V. and Claude (Anthropic)". Is there any reason to believe this is not AI hallucinations? [1] https://stateofutopia.com/papers/2/intermediate-report.pdf
wonnage
Seems more like a case study in AI psychosis
bob1029
The neat thing about bitcoin is that the incentive to break it is so high that it would almost certainly be the first place you would learn that SHA2 had been broken. Not on a website like this. I can verify its integrity by opening robinhood on my phone.
Kikawala
We publish this work as responsible disclosure. While a full SHA-256 collision (sr = 64) has not yet been achieved, the tools and techniques presented here represent significant methodological advances that bring it closer. Organizations relying on SHA-256 for collision resistance should begin evaluating migration paths to SHA-3 or other post-quantum hash functions. The cryptographic community should treat the collision resistance of SHA-256 as having a finite and shrinking safety margin.
drum55
> it is possible that we'll find relations that carry across the entire double-SHA-256 pipeline Bitcoin mining is a partial second preimage of 0x00 though, not a collision, that statement just seems to be so outside the realm of what they’re claiming to have done. Even MD5, the most widely known to be broken hash, would be secure when used in the same way bitcoin uses SHA256 (other than being too short now, bitcoin miners have done 80 bits of work at this point many times over).
Taterr
Their homepage states this is some sort of "AI-governed nation" https://stateofutopia.com/
rdtsc
From https://stateofutopia.com/papers/2/intermediate-report.pdf > his report was generated on 2026-03-22 as the final artifact of the SHA-256 Cryptanalysis Research Project. Collaboration: Robert V. (research direction, strategy) and Claude/Anthropic (implementation, computation). This Claude guy is pretty prolific it seems. But I'll wait for some known cryptographers to chime in
bem94
I'd expect a finding / paper like this to be submitted to the IACR ePrint server [1] to bring it to the attention of the cryptographic community. I can't see that it's been submitted yet. Venue should not imply credibility but in this case it would certainly help bring the proper scrutiny. [1] https://eprint.iacr.org/
newobj
S-tier schizoposting
MostlyStable
I know people (especially around here) hate it when people just post AI output, and I generally agree, since it is trivial for anyone else who is interested to do the same thing. However, the majority of the comments here are from people seemingly asking the author (or someone else) to explain how significant this is, without having taken that step themselves. So while I normally wouldn't do this, in this case it seems helpful. Claude thought the paper was interesting and had a novel cryptographic technique, but that the claims of near-term breaking of the SHA-256 algorithm to be unsupported. Here's the conversation: https://claude.ai/share/b10b95ef-5d9f-43dd-9005-3d1d89f9dbc1
redeemer_pl
Hey Claude, Do some research and write a paper about breaking Bitcoin.
thrill
At this point we need AI filtering out the slop being constantly submitted to HN.
Retr0id
I looked into citation [5] since it sounded interesting but the DOI link has been hallucinated and goes to some other article. I assume many of the others are similarly bogus.