The SHA256 for this sentence begins with: one, eight, two, a, seven, c and nine.

277 pointsby ispover 1 year ago

41 comments

oefrhaover 1 year ago

Since I'm slacking off, here's a straightforward, not at all optimized Go implementation:<pre><code> package main import ( "bytes" "crypto/sha256" "encoding/hex" "fmt" ) var ( _chars = []byte("0123456789abcdef") _names = []string{"zero", "one", "two", "three", "four", "five", "six", "seven", "eight", "nine", "a", "b", "c", "d", "e", "f"} _size = len(_chars) ) func main() { hexsum := make([]byte, 64) for i1 := 0; i1 < _size; i1++ { for i2 := 0; i2 < _size; i2++ { for i3 := 0; i3 < _size; i3++ { for i4 := 0; i4 < _size; i4++ { for i5 := 0; i5 < _size; i5++ { for i6 := 0; i6 < _size; i6++ { for i7 := 0; i7 < _size; i7++ { s := fmt.Sprintf("The SHA256 for this sentence begins with: %s, %s, %s, %s, %s, %s and %s.", _names[i1], _names[i2], _names[i3], _names[i4], _names[i5], _names[i6], _names[i7]) sum := sha256.Sum256([]byte(s)) hex.Encode(hexsum, sum[:]) prefix := []byte{_chars[i1], _chars[i2], _chars[i3], _chars[i4], _chars[i5], _chars[i6], _chars[i7]} if bytes.HasPrefix(hexsum, prefix) { fmt.Printf("%s\n", s) fmt.Printf("%s\n", hexsum) } } } } } } } } } </code></pre> Takes a few minutes on common consumer hardware. There's exactly one hit.(Easiest optimization is wrapping the loop body in a goroutine. GOEXPERIMENT=loopvar really makes this nicer btw.)The reply is obviously more interesting, need to come up with a lot of variations.

评论 #37469906 未加载

评论 #37470027 未加载

评论 #37472178 未加载

评论 #37473562 未加载

评论 #37473930 未加载

评论 #37471777 未加载

评论 #37476514 未加载

评论 #37475488 未加载

评论 #37471701 未加载

评论 #37475327 未加载

评论 #37469558 未加载

rawlingover 1 year ago

> Was just verifying your tweet's hash, and then...omg!!! I couldn't believe what I realised. The SHA256 of THIS tweet starts with exactly the same 7 characters as your tweet's hash. What are the chances of that?As always, the real WTF is in the comments.

评论 #37470006 未加载

评论 #37465213 未加载

评论 #37468311 未加载

评论 #37477465 未加载

gtrubetskoyover 1 year ago

The original from July 2019 <a href="https://twitter.com/humblehack/status/1088982929940848647" rel="nofollow noreferrer">https://twitter.com/humblehack/status/1088982929940848647</a>$ echo -n 'The SHA256 for this sentence begins with seven, seven, f, zero, a, b, b and five.' | sha256sum 77f0abb54cd09ad7b654bd5e762d7be58e7daffd1a0da6a56f5135bd667856a3 -

评论 #37472770 未加载

Someoneover 1 year ago

That’s 28 bits. Loop through 256 million of these strings, and you’re bound to find a hit.Bitcoin difficulty is at around 50 bits (<a href="https://ycharts.com/indicators/bitcoin_average_difficulty#:~:text=Bitcoin%20Average%20Difficulty%20is%20at,74.81%25%20from%20one%20year%20ago" rel="nofollow noreferrer">https://ycharts.com/indicators/bitcoin_average_difficulty#:~...</a>.)It also uses SHA256.So, if my logic is right (is it? That seems awfully cheap to me), this is about 2^22 times as easy as mining a bitcoin. Bitcoin is at about $25k, so there are people who can find hits like this one for way less than a cent.

评论 #37469314 未加载

评论 #37475331 未加载

评论 #37468624 未加载

nneonneoover 1 year ago

Well, I got bored too, so here's some results with CUDA (on an RTX 3090):<pre><code> The SHA256 hash of this message begins with 534d765 The SHA256 hash of this message begins with c18b2de The SHA256 hash of this message begins with 7fe17da2 The SHA256 hash of this message begins with a7fdc855d The SHA256 hash of this message begins with 46eae34f1 </code></pre> My unoptimized implementation takes about 40s for 9 digits, so it will probably take about 10 minutes for 10 digits, about 3 hours for 11 digits, etc. It shouldn't be hard to use words instead of hex digits, if that's desired.

评论 #37475552 未加载

curtisfover 1 year ago

A semi-useful variant of this technique was posted nine months ago on Hacker News:<a href="https://news.ycombinator.com/item?id=33704297">https://news.ycombinator.com/item?id=33704297</a>Generating sequential Git short commits! It's so pleasant looking I'm tempted to try using it one of my projects, but deep down I know it's not worth the hassle.

jphover 1 year ago

Rust implementation...The code searches permutations of increasing length. Benchmark is 8 seconds on a MacBook Pro M1 to discover the match of 182a7c9. The code is not yet optimized.<pre><code> use std::time::SystemTime; use itertools::Itertools; use sha256::digest; fn main() { let digits: [usize; 16] = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]; let chars = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"]; let words = ["zero", "one", "two", "three", "four", "five", "six", "seven", "eight", "nine", "a", "b", "c", "d", "e", "f"]; let mut length = 2; let start = SystemTime::now(); loop { for permutation in digits.iter().permutations(length) { let parts = permutation.iter().map(|x| words[**x]).collect_vec(); let sentence = format!( "The SHA256 for this sentence begins with: {} and {}.", &parts[0..(parts.len() - 1)].join(", "), &parts[parts.len() - 1] ); let checksum: String = digest(&sentence); let starts: String = permutation.iter().map(|x| chars[**x]).collect(); if checksum.starts_with(&starts) { println!("milliseconds: {:?}, {} ", start.elapsed().unwrap().as_millis(), &sentence); } }; length += 1; } } </code></pre> Output:<pre><code> milliseconds: 3, The SHA256 for this sentence begins with: zero, b, six and two. milliseconds: 54, The SHA256 for this sentence begins with: zero, e, d, eight and f. milliseconds: 8279, The SHA256 for this sentence begins with: one, eight, two, a, seven, c and nine. </code></pre> Repository:<a href="https://github.com/joelparkerhenderson/sha256-sentence">https://github.com/joelparkerhenderson/sha256-sentence</a>

skilledover 1 year ago

It appears to have been taken from here,<a href="https://news.ycombinator.com/item?id=19003644">https://news.ycombinator.com/item?id=19003644</a> (2019)

评论 #37465211 未加载

mgdmover 1 year ago

Something that I'm not seeing mentioned in these comments (I may just have missed it) is that you can precompute the hash of the static part of the string and then extend it with the numbers in a loop, saving some cycles. This is because the full hex representation of a SHA hash gives you the entire internal state of the algorithm. This can lead to security vulnerabilities:<a href="https://en.m.wikipedia.org/wiki/Length_extension_attack" rel="nofollow noreferrer">https://en.m.wikipedia.org/wiki/Length_extension_attack</a>

chriskwover 1 year ago

I did something similar once (with a bit of a twist) for my bio when I was a TA in college:"Hi! I’m a senior studying CS. My hobbies include making semantic paradoxes and my bio includes eight a’s, seventeen e’s, fourteen i’s, eight o’s, six u’s, and one wrong number"

ispover 1 year ago

<pre><code> $ echo -n "The SHA256 for this sentence begins with: one, eight, two, a, seven, c and nine." | sha256sum 182a7c930b0e5227ff8d24b5f4500ff2fa3ee1a57bd35e52d98c6e24c2749ae0 -</code></pre>

sirabenover 1 year ago

With some clever information hiding, you can sort of mask the brute force:<pre><code> On 2015/7/6 at 00:00, I wrote this message's hash down. It started with 1337. Thought #335552803: I love beef so much I made sure the sha256 of this message started with 0xbeef! </code></pre> A longer example:<pre><code> $ cat predestination.txt (1991/4/7 at 00:16) <siraben> I know the hash of this message before you do! (1991/4/7 at 00:17) <larsivi> Huh. What is it? (1991/4/7 at 00:18) <siraben> It starts with 1337. $ sha256sum predestination.txt 1337a4654163ab48761bf8acc75a407179e700f67f97d754b08c7afeac7da70a predestination.txt</code></pre>

omoikaneover 1 year ago

Related, here is a program that prints its own SHA-512 hash:<a href="https://www.ioccc.org/years.html#2019_diels-grabsch2" rel="nofollow noreferrer">https://www.ioccc.org/years.html#2019_diels-grabsch2</a>

评论 #37470837 未加载

danbrucover 1 year ago

After picking some scheme to generate messages that predict n bits of their hash in some form, the chance of finding at least one message that correctly predicts its hash is 1 - (1 - 1/x)^x where x is 2^n. This approaches 1 - 1/e = 63.2 % for large n. So by trying a few different schemes, for example slightly varying the prefix »The SHA256 for this sentence begins with:«, it becomes quickly very likely to succeed. In the limit of large n, for example only 5 different schemes will yield at least one correct message with 99 %.With 5 patterns, 24 bits and SHA-1.<pre><code> The SHA-1 hash of this text starts with 051E35. The hash of this text starts with A943BD. The SHA-1 hash of this text starts with B6640C. The SHA-1 hash of this message starts with C3B03D. The SHA-1 hash of this message starts with D93717. </code></pre> Or the same as before but as patterns just padding the 6 hex digits with zero zero to eight dots.<pre><code> 0AF3DE.. 2AF7DF....... 3E0E50. 8EE84C..... 919025... A57198.... B20775..... DA525A........ ED20F4..</code></pre>

olafaloover 1 year ago

Well, this nerd sniped me... I made a quick Go tool for this. You simply write a string {like|this}, and then it finds a hash with the same prefix automatically. (Hash this comment, it's also 182a7c9)

评论 #37473767 未加载

nneonneoover 1 year ago

I bet you could hack hashcat (or just use CUDA) to find these quickly for larger prefixes. Might make a fun (silly) challenge. Hashcat can do 21B SHA256 hashes per second on an RTX 4090; this translates into bruteforcing a 9-digit prefix in 4 seconds, a 10-digit prefix in 52 seconds, or a 11-digit prefix in about 14 minutes.

SethTroover 1 year ago

Took less than a minute to find a seven digit example in pythonThe SHA-256 of this sentence begins with 0, three, 9, four, 8, four, and 1 amazing!The SHA256 for this sentence begins with 0, 4, five, 5, eight, 6, and 7 amazing!Suffix extensions (hence the "amazing!") are several times faster to try than throwing away the entire sha256 state for each attempt.

评论 #37475443 未加载

pontifierover 1 year ago

This is similar to the vanity address generation for Bitcoin and other cryptocurrency addresses.

dragontamerover 1 year ago

28 bits of entropy? That's definitely within brute-force regions with CPU. Possibly even single-threaded CPU honestly.-------GPU-level brute force is pushing ~40-bits. Assuming ~1 week of solid compute, a 6 TFlop computer has ~3.7 sextillion compute cycles. Or alternatively, that's ~3 billion clock cycles (single thread) per check to reach 2^40 bits of entropy. More than easily doable for most simple brute-force computational problems IMO.If you go multi-GPU on top of that, you'll have even more computational work available.

ms0over 1 year ago

Beneath the veil of binary territories, in a subtle symphony of stillness, sevenfold zeros rise and conjure a calm masterpiece. As if celestial beacons in an ethereal night sky, they materialize in the form of an arcanum with heptadic serenity, with divine grace.

评论 #37526467 未加载

istjohnover 1 year ago

I now see that eyeballing the first and/or last few characters of a checksum is not going to detect a skillfully altered executable or ISO.

评论 #37477306 未加载

Obscurity4340over 1 year ago

Dumb question but what are the implications here? Is this problematic⌨ or is it more of an Easter egg?

评论 #37474413 未加载

评论 #37477524 未加载

lionkorover 1 year ago

You would get more possibilities if you allowed "eighteen" instead of "one, eight"

评论 #37502514 未加载

sagebirdover 1 year ago

I made <a href="https://lowhash.com" rel="nofollow noreferrer">https://lowhash.com</a> to collect string with low hashes.I am not sure who submitted "byzBLFAM4Penguin"...

kifover 1 year ago

Whereas the SHA256 for this sentence begins with: five, three, e, two, one, f and e.

Alifatiskover 1 year ago

Here's an implementation for this <a href="https://github.com/joelparkerhenderson/sha256-sentence">https://github.com/joelparkerhenderson/sha256-sentence</a>

Ekarosover 1 year ago

Now a SHA256 hash that hashes to itself would be more interesting.

评论 #37473893 未加载

nabla9over 1 year ago

Would you believe in God if sha256 of "I am God. My name is BOB " would be 4920616D20476F642E204D79206E616D6520697320424F4220202020202020 (the text in hex)?

评论 #37477320 未加载

Gunnerheadover 1 year ago

I’m not sure I understand the significance. Can anyone explain?

评论 #37468395 未加载

评论 #37469425 未加载

评论 #37468504 未加载

评论 #37468308 未加载

narcindinover 1 year ago

This is cool. Isn't finding these the same as minting a new block of bitcoin? So definitially hard using our best understanding of algorithms, math, etc.

评论 #37471284 未加载

bizzleDawgover 1 year ago

It's way above my head mathematically as to if this is even possible, but it is hilarious how screwed so many things would be if sha256 was discovered to have a means to more quickly reverse at least a partial hash. Just off the top of my head:<pre><code> - SSL - Bitcoin (bonus: unlimited money hack if you can keep the discovery under wraps) - Signed updates for devices </code></pre> Goodness only knows what I am missing, but that first one along is enough to cause an unmitigated disaster.I assume these tweets are effectively brute forced given the fairly short prefix though and we're all safe

评论 #37477342 未加载

grantmnzover 1 year ago

See also: <a href="https://github.com/grantm/no-more-f-s-repo">https://github.com/grantm/no-more-f-s-repo</a>

nuancebydefaultover 1 year ago

It took some time for me to sink in why no explanation was needed. Is there a general term for such a thing, self-reflection or something the like?

评论 #37472793 未加载

评论 #37472282 未加载

评论 #37472235 未加载

wholesomepotatoover 1 year ago

This is only 7 * 4 bits. That's really nothing.

matt3210over 1 year ago

Why is X covering code as “sensitive material”?

PaulHouleover 1 year ago

You have to try like what, 2^24 ~ 16 million sentences to make that work?

ms0over 1 year ago

sha-256 of the above is 182a7c95ae9e1149eb48f0f5eedee0a184764a45e8a2cb5d986b7c57c9a42022

Uptrendaover 1 year ago

It's like a human-readable PoW, lol.

fleekonpointover 1 year ago

Reminds me of this xkcd:<a href="https://xkcd.com/917/" rel="nofollow noreferrer">https://xkcd.com/917/</a>

评论 #37473481 未加载

kjroseover 1 year ago

Yay pigeon-hole principle combined with birthday attack.

评论 #37469865 未加载

评论 #37469070 未加载

kazinatorover 1 year ago

In this game, the rules should be that the digit 9 counts as either "nine" and "quine".

评论 #37469005 未加载

41 comments

oefrhaover 1 year ago

评论 #37469906 未加载

评论 #37470027 未加载

评论 #37472178 未加载

评论 #37473562 未加载

评论 #37473930 未加载

评论 #37471777 未加载

评论 #37476514 未加载

评论 #37475488 未加载

评论 #37471701 未加载

评论 #37475327 未加载

评论 #37469558 未加载

rawlingover 1 year ago

评论 #37470006 未加载

评论 #37465213 未加载

评论 #37468311 未加载

评论 #37477465 未加载

gtrubetskoyover 1 year ago

评论 #37472770 未加载

Someoneover 1 year ago

评论 #37469314 未加载

评论 #37475331 未加载

评论 #37468624 未加载

nneonneoover 1 year ago

评论 #37475552 未加载

curtisfover 1 year ago

jphover 1 year ago

skilledover 1 year ago

It appears to have been taken from here,<a href="https://news.ycombinator.com/item?id=19003644">https://news.ycombinator.com/item?id=19003644</a> (2019)

评论 #37465211 未加载

mgdmover 1 year ago

chriskwover 1 year ago

ispover 1 year ago

<pre><code> $ echo -n "The SHA256 for this sentence begins with: one, eight, two, a, seven, c and nine." | sha256sum 182a7c930b0e5227ff8d24b5f4500ff2fa3ee1a57bd35e52d98c6e24c2749ae0 -</code></pre>

sirabenover 1 year ago

omoikaneover 1 year ago

评论 #37470837 未加载

danbrucover 1 year ago

olafaloover 1 year ago

评论 #37473767 未加载

nneonneoover 1 year ago

SethTroover 1 year ago

评论 #37475443 未加载

pontifierover 1 year ago

This is similar to the vanity address generation for Bitcoin and other cryptocurrency addresses.

dragontamerover 1 year ago

ms0over 1 year ago

评论 #37526467 未加载

istjohnover 1 year ago

I now see that eyeballing the first and/or last few characters of a checksum is not going to detect a skillfully altered executable or ISO.

评论 #37477306 未加载

Obscurity4340over 1 year ago

Dumb question but what are the implications here? Is this problematic⌨ or is it more of an Easter egg?

评论 #37474413 未加载

评论 #37477524 未加载

lionkorover 1 year ago

You would get more possibilities if you allowed "eighteen" instead of "one, eight"

评论 #37502514 未加载

sagebirdover 1 year ago

I made <a href="https://lowhash.com" rel="nofollow noreferrer">https://lowhash.com</a> to collect string with low hashes.I am not sure who submitted "byzBLFAM4Penguin"...

kifover 1 year ago

Whereas the SHA256 for this sentence begins with: five, three, e, two, one, f and e.

Alifatiskover 1 year ago

Here's an implementation for this <a href="https://github.com/joelparkerhenderson/sha256-sentence">https://github.com/joelparkerhenderson/sha256-sentence</a>

Ekarosover 1 year ago

Now a SHA256 hash that hashes to itself would be more interesting.

评论 #37473893 未加载

nabla9over 1 year ago

Would you believe in God if sha256 of "I am God. My name is BOB " would be 4920616D20476F642E204D79206E616D6520697320424F4220202020202020 (the text in hex)?

评论 #37477320 未加载

Gunnerheadover 1 year ago

I’m not sure I understand the significance. Can anyone explain?

评论 #37468395 未加载

评论 #37469425 未加载

评论 #37468504 未加载

评论 #37468308 未加载

narcindinover 1 year ago

This is cool. Isn't finding these the same as minting a new block of bitcoin? So definitially hard using our best understanding of algorithms, math, etc.

评论 #37471284 未加载

bizzleDawgover 1 year ago

评论 #37477342 未加载

grantmnzover 1 year ago

See also: <a href="https://github.com/grantm/no-more-f-s-repo">https://github.com/grantm/no-more-f-s-repo</a>

nuancebydefaultover 1 year ago

It took some time for me to sink in why no explanation was needed. Is there a general term for such a thing, self-reflection or something the like?

评论 #37472793 未加载

评论 #37472282 未加载

评论 #37472235 未加载

wholesomepotatoover 1 year ago

This is only 7 * 4 bits. That's really nothing.

matt3210over 1 year ago

Why is X covering code as “sensitive material”?

PaulHouleover 1 year ago

You have to try like what, 2^24 ~ 16 million sentences to make that work?

ms0over 1 year ago

sha-256 of the above is 182a7c95ae9e1149eb48f0f5eedee0a184764a45e8a2cb5d986b7c57c9a42022

Uptrendaover 1 year ago

It's like a human-readable PoW, lol.

fleekonpointover 1 year ago

Reminds me of this xkcd:<a href="https://xkcd.com/917/" rel="nofollow noreferrer">https://xkcd.com/917/</a>

评论 #37473481 未加载

kjroseover 1 year ago

Yay pigeon-hole principle combined with birthday attack.

评论 #37469865 未加载

评论 #37469070 未加载

kazinatorover 1 year ago

In this game, the rules should be that the digit 9 counts as either "nine" and "quine".

评论 #37469005 未加载