I came up with a mutation-based solution to this. Supply any string and it finds a valid hash in as few edits as possible.<p>Example: <a href="http://bochs.info/img/mutation-20140606-024906.png" rel="nofollow">http://bochs.info/img/mutation-20140606-024906.png</a><p>One could definitely optimize this to be less destructive and produce more pronounceable results. It's basically two pieces: an engine for suggesting mutations, and a simple algorithm to score and pick mutations. Changes to either half (vowel distribution, ngrams, etc) could result in better strings.<p>(fyi, this kind of attack is a big reason to use cryptographic hashes: <a href="http://en.wikipedia.org/wiki/Cryptographic_hash_function" rel="nofollow">http://en.wikipedia.org/wiki/Cryptographic_hash_function</a>)
Aw guys, don't go start posting on their site (which I won't link) with devil names. Everyone knows communities turn to shit when they get too big and 300 different users posting all with blank icons is going to kill the fun for them.<p>I'm not even a member of Merveilles but that makes me sad for them.
This hash is very weak. You can actually find many preimages of a given hash value in seconds with a meet-in-the-middle attack: <a href="https://gist.github.com/pedrox/eb8d674bf2b8be63da0f" rel="nofollow">https://gist.github.com/pedrox/eb8d674bf2b8be63da0f</a>
<p><pre><code> I’m half tempted to buy a few hours of highcpu AWS compute power and get
it done nowish instead ... I set myself a $50 spending limit, which
gave me about 24 hours of compute on an instance with 32 virtual cores
</code></pre>
The price of a c3.8xlarge with 32 cores and 60 GB is currently $0.28 in us-west-2.<p>You could get 178 hours of compute for your $50 budget.
i was intrigued by this, so i done it in C.<p>on my 4-core MBP (2.6ghz ivy bridge) i can manage ~1.8 <i>billion</i> hashes per second.<p>i could parallelize with OpenCL, but i think this is enough. after a few minutes, i get ARbyhlf as a valid name (although i don't know if this is actually valid.. but it definitely might be)<p>(removed)<p>edit: just realised that my nonce calculation was wrong.. <a href="http://pastebin.com/bcHcECPJ" rel="nofollow">http://pastebin.com/bcHcECPJ</a>
WOW my C++ solution is horrible. It's as though I'd just ignored everything I've learned about Doing Things Right in C++ Post 2010. Such is hacking, I guess.