On 08/10/13 06:18 PM, Jim MacKenzie wrote:
This is easily one of the coolest things I've seen skullspace do for a
while.
Ahh, wait and hope for more screw-ups to give us an excuse to have
something cool to work hard at reversing those mistakes. :)
Don't get too excited, this project has major potential for fall off in
interest. There's a sense of progress you can get from building an
increasingly sophisticated cracking apparatus, but no sense of progress
on the actual end product as other projects have.
You can't 25% or 50% crack an AES key and say, "hey, look at that great
progress". Every run but the last one will end in failure. I think I've
already gone through earlier today the search space Ian considers likely
and we're now into the "possible, but not likely".
As I said, this could be an on again, off again project that lives for
awhile, potential folklore material and tour of space stop (once it
becomes a treasure hunt poster).
If I understand correctly there's no issues with cracking your own
passwords?
Password.
We sure won't be the first folks to try and rescue their own
mis-remembered encryption passphrase, both in bitcoinland and outside of
it. This is as white-hat an operation as you can get.
While I'm posting, here's a password cracking story from Ars today:
http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/
Our wrench crew may see that and ask, "Ian, are you sure your passphrase
didn't quote the bible? ". (he's certain)
Or the Silk Road Charter?
http://www.reddit.com/r/SilkRoad/comments/1d5f0q/silk_road_charter/
(better check all variations of that one :P )
And I didn't write about bounties. Anyone that has the ciphertext and
password interview information will be in a position to solve it, and
once you solve it, it is very easy to put the found private key to use
and take all the funds. We would never know who among those in the know
did so.
I could administer some BS where folks have to submit their cracking
code to me for me to go off and run on whatever infrastructure and have
it so only Ian and I have the ciphertext for that.
But, I won't be doing that.
Once I make it available, I'm going to trust that members will keep the
ciphertext in the Skullspace family (including not posting it on this
open public mailing list or IRC).
As such, I'm willing to say that whoever of us finds the private key can
decide whatever it is they want to give to Skullspace out of the
proceeds, what they want to keep, and how much to share with others who
have helped along the way. There's no pretending that they don't have
that power to decide for themselves, so I'm just going to acknowledge
that power and say do what you think is right.
Mark
_______________________________________________
SkullSpace Discuss Mailing List
Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss
Archive: https://groups.google.com/group/skullspace-discuss-archive/
