May 13, 2014 | Author: Mircea Popescu

Half hour after my attempt to revive cryptographs, last night :

dignork http://trilema.com/2014/cryptographs-revived/
dignork Dunno, but: echo -n "teeming" | sha1sum
dignork 8d7ae863d9c10823e2af4cecd803e380dbcc3bf3
mircea_popescu Lol so post there with a salt ?

Half a minute later :

mircea_popescu Aw shit! I calced the wrong hash OMFG.
dignork I just googled the hash actually :)

mircea_popescu Ahahaha ok brb. http://trilema.com/2014/cryptographs-revived/ updated. Tyvm :)
dignork Heh, kill my comment then :) Although, if now your challenge is echo -n "something", you should mention it, because I'm not sure it's a default assumption.

mircea_popescu I did update the note. Basically using "trilema" as salt. (Also teh original hash was actually mistaken, I had hashed the wrong word).

The next morning :

dignork I solved it: http://btcbase.org/log/?date=12-05-2014#672531
mircea_popescu But pls to comment will you.

dignork And posted to your site, but I was drunk, and I think comment didn't pass through.
mircea_popescu I don't see it. Do it again pls.

Two minutes later.

mircea_popescu O wow motherfucker you're too good at this aren't you ? :D Lmme check! a66c1991dd3f13fc12238d88c80795d1e54631be yup you got it.
dignork I also gave a solution.

mircea_popescu I saw. Pls to make the post on Trilema so reference to it doesn't get lost in logs.
dignork And I still dunno how you derived this word from the pics, our cultural background is rather different I guess :)

mircea_popescu :)
dignork Added comment with hash and mention of irc logs. Btw if you want to avoid bruteforce, you either have to slow down/complicate the hashing, or just make it interactive, with new hash target/nounce via site, and rate limit per IP.

mircea_popescu http://trilema.com/2014/cryptographs-revived/#comment-99793
dignork :) So do I get the "key" thingy, or it's a cheating ? :)

mircea_popescu You don't because you need 5 solutions :D
dignork Oh, so 4 more challenges.

Ten minutes later, after having trotted around back and forth all over my garden...

mircea_popescu O I got you you little bitch you. I gohohohohot you. So : backwards hashed.
dignork But can you explain the derivation process? I mean why is this pic == esteem?

mircea_popescu 00c96392f93c67650a3f6c3c3e372394700c86cf << Find this one. Then I'll explain teh process.
dignork Backward, word is reversed?

mircea_popescu Yes.
dignork Well, it won't help, I'll just reverse it in the same script. f(00c96392f93c67650a3f6c3c3e372394700c86cf) == esteem ?

mircea_popescu To make it clear what I mean : I picked a word. I reversed its letters. I hashed the reversed string. That's your hash. Find the word.
dignork So word will be sha1(drow), without salting? or sha1(trliemadrow) ?

mircea_popescu No salting.
dignork Does not compute: http://dpaste.com/0C50GC1/

mircea_popescu :D It was... dignork.
dignork So either you got a word not in a spellcheck vocabulary, or your reversal requirment is not clear.

mircea_popescu Now let's take an actual dictionary word, enough trolling.
dignork Ohh

mircea_popescu 964a3846c7d1e2a60c2ded7ae91d4918fc98b276
dignork kcehclleps 964a3846c7d1e2a60c2ded7ae91d4918fc98b276

mircea_popescu Mhm.
dignork Same script :)

mircea_popescu Da fuq am I gonna do.i
dignork Script it into the site. Don't publish the hash, or publish derivative hash with secret, so the word should go through your site anyway.

mircea_popescu I dun wanna do that. Fucking creaky wp install, it's literally drywalled into a closet.
dignork Host it on google appengine or something :) As external thing.

mircea_popescu Lol. I should create a gpg keypair for each cryptograph and then publish the privkey. That wouldn't work as you don't get the same digests obviously, so it'd only work to verify. But not allow people to check their own guesses.
dignork Well, disclosure is too strict - you can give a user any choice of his own salt. Or salt == nick.

mircea_popescu Yeah, but I'd rather people be able to check failed guesses w/o my input. Back when I was running this in Romanian people hated having to wait for me to check their idea.
dignork Verification is easy, but un-bruteforcing is interesting.

mircea_popescu Yeah.

A little later :

dignork It's not really reversing, just a simple bruteforcing. But here is a cheap-o idea: challenge+some .iso, say openbsd 5.5 cd1. Will bring each trial to few seconds.
mircea_popescu Yeah, but it would also take most people out.

dignork Not sure, but (echo -n "challenge"; cat some.iso) | sha1sum. That is, if you're unix/mac/cygwin. Or the mere fact of iso download req. ?
mircea_popescu Well yeah. most readers aren't. I'm not saying it can't be done, mind you. Even Windowsii works well if someone knows what they're doing. But... users...

dignork Well, I can put a something.onion thing for online verification if you want :) User will send a word, I'll output a hash. But most users don't know what to do with .onion I suspect.
mircea_popescu Indeed. Nor do I want to support tor, I don't trust it.iii

dignork Oh well, I can run some trashy box on amazon with plain IP. Or irc bot :) Or twitter bot, for technology inclined.
mircea_popescu O hey! Irc bot would rock actually.

dignork Ok, never did it before, I'll try to adapt supybot, or do you guys use something else, for assbot for example?
mircea_popescu AFAIK gribble is supyboyt, and assbot is some homebrew. Supybot should be fine really.

dignork Ok, supybot it is then.
mircea_popescu So what you planning to do here ? Make a special command for me to load the plaintext then people can just pm it and it tells them if they got it ?

Even later :

dignork I thought of just making a hashing service, so that you don't have to supply the correct answer up front. Or some hidden hash, declared later for verification, need to think it through. Trivial idea: we say there is a slow hash: keyword + some.iso, but if you can't do it yourself, just ask the bot, and he'll burn some cpu. Crude and provokes HPC battles. Alternatively I'll abstain from the game, and bot will know the correct answer and will act just as oracle. Best solution would be some kind of zero-knowledge system, so that bot knowledge won't make any meaningful difference, and then I'm game. Or, greedy solution - make btc addr, which on arrival of new tx, issues one-time usable nonce, crypted for sender btc addr. Bruteforcing will be costly :) I won't play it though, I'm poor. Anyway, I gave your puzzle to my colleague - native English speaker. We came up with east+teem, without t, doesn't make sense, so my colleague came up with the idea that east is est in Romanian, and then it makes sense.
mircea_popescu It is e(a)st + teem but the t is struck so. Esteem. And I don't want this to have moneyz involved. I guess the only way is to not actually supply the whole hash, but merely half of it. Then, someone can pretty confidently see if they managed to guess, cause figure the odds of getting a collision. Actually no, fuck that. That doesn't work either. There's just no way to do it.iv

dignork So I'll just do a bot that accepts a hash from you, and then for anyone else just accepts "guess word" and replies true/false without exposing the hash.
mircea_popescu Sounds like the only solution here.

dignork But then no game for me :( I'll figure it out later.
mircea_popescu Sucks that this doesn't have a better solution. It is a quite clear problem.

dignork It has, probably in the field of zkp, but I need to read some more to grasp the current state of this topic. Specifically non-interactive zkp.
mircea_popescu Hm.

dignork E(a)st - so by what rule (a) is striked? Soundex?
mircea_popescu By the rule of "fuzzy logic", ie, fuck you if you're an AI rather than human. It always pisses people off.

———
  1. If you are keeping score at home, the fuck you are gonna do is understand that amateur cryptography DOES-NOT-WORK. Because it doesn't, that's why. Yes I know it looked like it would. It doesn't. Yes I know you don't see any reason why it shouldn't. That's because you're fucktarded. Like me.

    Human brains aren't made to crypto, they just have other jobs to do. []

  2. No I didn't really say that, ok ? []
  3. Yes, this was much before Bleeding Heart. 2013, in fact. See the comments to that piece, they're a riot. To quote :

    Now. Are you seriously suggesting that because you predicted that the intersango dude is lame and would fail and everybody was trying to ask you to bear the burden of proof - that you will be right this time?

    In a word, yes. I am stating, quite seriously, that to the man that has a long list of correct predictions behind him, derpanon doth not come asking for proofs. We’re not equals in this story, as much as that may conflict with what misguided teachers might have told you about how the world works. Like it or not I’m your elder, and you’re stuck dealing with me as your elder, not as your equal.

    And on it goes. []

  4. Here's the real problem at work : a fully developed language, such as English, or Latin, or Romanian, a language which supports a culture and can vie for world domination has maybe 50`000, maybe 100`000 words. Most languages have much fewer. There's a total of 200 countries in the world today, so that'd be a topmost 2mn words, thinking that for some reason there's no collision at all, somehow. Even if you count these backwards and forwards and anything else, and even if you count all the languages that ever existed in the entire history of life on Earth (whether we know about them or not, even) you won't likely break 10mn words. That's 10mn hashes. That's a millisecond of Bitcoin mining network time. Or less.

    You see, something fundamental has changed in the world, since Bitcoin. Something major, that most nobody even realises : Bitcoin is currently doing more math than all other human activities combined. All through history.

    It's an earth shattering thing, this, it hasn't sunk in, yet, not even peripherally. It's not even been much observed, even through corners of eyes. You know how SF productions are fond of showing some sort of primitive hunter-gatherer going about his primitive hunter-gathering thing when suddenly a nuke hits and he just gapes in wonder for a split second before being fried by the blast ? Well, that's exactly what's happened, we're at the moment blissfully unaware of exactly how narrow and constrained human language space is, as seen from the machine side. But we'll be finding out.

    So no, there isn't a way for me to resolve my problem : whatever I do, so can you. Except apply it to the whole dictionary, and then simply match and mix. How about that! Takes you less time to do it that way than it takes me to come up with the code in the first place. How about that! []