Quote from: SuperDerp on April 29, 2012, 06:33 amWhy bother when GPG, Truecrypt and dozens of other encryption algos already exist and are proven. Prison employees break code all the time that prisoners send to each other, and if they can't it goes to the FBI code breaking lab who have broken everything except one guy http://www.nytimes.com/2011/04/01/us/01code.htmlThe unabomber was a PHD mathematician and they eventually broke his codesAh, but this isn't an encryption algorithm. It may appear to be similar, since in both cases you're turning plaintext into incomprehensible junk, but a hashing algorithm and an encryption algorithm do not serve the same purpose. With an encryption algorithm, you are turning plaintext into ciphertext. Should you have some special information, then you can find the pattern and reverse the ciphertext into plaintext.With a hashing algorithm, you are turning plaintext into a hash. You cannot turn the hash back into plaintext. Although that hash uniquely identifies the plaintext, you cannot easily derive the plaintext. Your receipt from a shop could be using hashes so it can be proved you used your credit card to buy those bags of groceries. However, don't be collecting all those discarded shopping receipts in order to extract credit card numbers just yet, because you won't be able to reverse the hash.You can however, very easily turn the plaintext into a hash. So, if you have a list of suspect addresses, then you could turn them into hashes and compare them to any public hashes on a black-list. That's a bit of a problem even if they are all scammers (could affect the reputation of the Silk Road because the media wouldn't distinguish between scammers and legitimate buyers, they'd just say "darkweb drug users busted by their own drug website!"), so that's why we need to do some more brainstorming on that issue.First, we enable vendors to use hashes in a private list so that buyer security (even if scammer) is stronger, then think about the possibility of public lists later.On the issue of CSI or whoever breaking hash algorithms, it's like somebody cracking the Tor network or PGP, it's possible, it's just not very likely. Most threats are hypothetical rather than actual.