Assuming you could rededicate the whole network to attacking SHA-1 (which you practically couldn't, the ASICs would need replacing) you could break 2^10 intermediate SHA-1 signed CA certs per year, and compromise the whole current deployment of HTTPS.
With the ability to generate collisions, it becomes easier to trick a CA into signing an evil certificate, but collisions don't help if you want to break someone else's certificate.
p1mrx is correct - creating plain SHA-1 collisions shouldn't break the CA system.
Even though it's believed that one can create an identical-prefix collision with that amount of work, after the MD5 Industries demo all CAs now inject at least 64 bits of randomness into the signed certificate. Thus the certificate that they actually sign isn't predictable and doesn't have an identical prefix.
Technically what one needs to break is the target-collision-resistance of SHA-1, and that's standing up much better.
For things like git, however, an identical-prefix SHA-1 collision would be a problem.
Assuming that the hashes are equivalent difficulty (I don't know if they are): Given that the market cap of Bitcoin is ~$1B, imagine what you could do if you had ~$1-200M and wanted to crack some certificates...
And now we know how NSA "breaks the internet encryption", it is not through RDRAND, its by good old force. Its much more cost-effective to do things by force than trying to predict the future uses of some hardware with some special software.
Whatever you may think about Bitcoin itself, the _story_ of Bitcoin is impressive. Bitcoin started as a small, open source hacker project by an anonymous fellow on the internet. Somehow, this has snowballed to the point where an entire datacenter's worth of custom computing power is being thrown at it. That's inspiring and amazing no matter how you slice it.
Amidst the on-going onslaught against our digital world, it's refreshing to see what people can accomplish using open source ideals.
Oh right, all resources should only be spent on literally the most unfortunate single human on the planet, until he or she becomes the second most unfortunate human on the planet, ad infinitum.
There must be a law that describes this type of comment. Something to the effect of "When any given project passes a certain inertia, someone will invariably comment that 'it would be nice/better if XXX could be used to help the less fortunate on this planet'".
We can start applying this law to things like String Theory, cures for Male Pattern Baldness and whatever else doesn't directly benefit some 3rd world shithole.
You assume that energy that isn't used for the network would automagically go to "less fortunate" people. It wouldn't. Power lines don't appear out of thin air, neither do governments who provide a stable environment for them to be built in.
I've never heard of ripple before the GP's post, any particular reason why you consider it a scam? After all, many people consider bitcoin to be a scam as well...
The coin is issued by a central entity who has kept 50% of it. This makes people suspicious. Bitcoin has no central issuing entity, thus no one person to 'get rich quick' in some scam type operation.
Yeah, the early adopters got rich. I think that's fair because they invested in something that was really uncertain at that point. You could even argue that if you buy bitcoins now you're still an early adopter.
Bitcoin itself is less of a pyramid scheme than gold. This is because even when the price stops to rise (or even when it collapses) you can use it to easily transfer value across the world.
Shame downvoters. Proof-of-stake is bitcoin minus the constantly exponential energy increasing requirement for profitable mining operations.
Ripple has the same advantage, but without the benefit that (ongoing) minting of the coin is actually decentralized. In fact you can't see for sure that there is or isn't ongoing minting with Ripple.
Not a shame: At least so far as has been envisioned proof-of-stake doesn't appear to actually work. The fundamental problem with proof of stake is that there is nothing at stake: Its in your rational best interest to mine all possible subchains that you can mine in, and not only in the single unique chain you believe to be most likely to survive, as is the case for PoW.
PPCoin's security is not provided by proof of stake but by cryptographically signed lockins broadcast to the network by its creator... so you have to trust this anonymous party to behave honestly. It sort of defeats the purpose of having a cryptocurrency.
Ripple is even worse in that regard— an opaque ledger implemented via a closed source system.
The source is open, you can build your own chain separate from PPC with the same (or incompatible algorithms), and there is plenty at stake; you might not think your chain will ever be long enough to win, but maybe your transactions need to be private and then there's that at stake.
It is impossible for me to imagine mining all possible subchains that you can mine in; maybe it's because there is no pool I know who supports merged mining in more than just BTC and NameCoin, but I thought there was a technical reason why it wasn't possible (or especially why it was possible specifically for this pair).
You can mine TerraCoin and PPCoin today when you don't need those hashes for BTC, but you can't mine all three at once.
So, how do you propose to mine all possible subchains that you can mine in for the PPC Proof of Stake coin? When the difficulty drops on one chain, it would be to your benefit to mine just that one chain, if you think it will be accepted as the longest chain. Unless you have BTGuild on your side, you don't have much hope of making the longest chain, unless you found a chain that they just forgot.
When I read the CDF graph, I got the impression there is a sweet spot for payouts on chains that behave according to CDF (and because of the nature of "averages" most of us don't have it yet and never will.)
You sound like a person who knows, so I hope you'll tell me more, since I'm interested in Proof-of-Work as it applies to PPCoin. I like the PPCoin website and if that's any indicator, I think that some people will pick PPCoin over Bitcoin without any technical expertise even if it only "seems fairer".
Altruism and defaults are powerful things. In fact, they're the only thing enforcing rules about "nonstandard transactions", without which the blockchain would have been DDoSed all the way to a terabyte by now.
And the checkpointing system is a backup measure used to maintain stability because PPCoin is still small; it is not intended to be the primary mechanism holding it up. If you want to see an altcoin without checkpoints, look at any of the ones that got killed by a 51% attack.
Assuming you could rededicate the whole network to attacking SHA-1 (which you practically couldn't, the ASICs would need replacing) you could break 2^10 intermediate SHA-1 signed CA certs per year, and compromise the whole current deployment of HTTPS.