[TriLUG] best way to hack root...

Igor Partola igor at igorpartola.com
Fri Feb 22 10:59:41 EST 2013


I wonder if you could make it predictably expensive to recover your
passphrase. Basically, publish bcrypt(workfactor, salt, passphrase) to the
internet with the work factor tuned such that you know it would take X
number of CPU/GPU cycles to brute force the answer. To a casual observer
this is of no interest: if they manage to steal your laptop it would cost
them, say $10,000 to harness enough computing power to recover the original
passphrase. Same for you: it would cost you $10,000 to recover it. Or, you
know, wait a year and it'll cost you $5,000 due to Moore's law. In roughly
10 years it should cost you about a $1.

You could change your passphrase, tune the workfactor and publish a
new bcrypt(workfactor, salt, passphrase) every year to keep the target at
$10,000.

Basically, tell everyone where you buried the gold, but that the lock on
the gold is more expensive to break than the value of the gold.

Igor

On Fri, Feb 22, 2013 at 10:49 AM, Joseph Mack NA3T <jmack at wm7d.net> wrote:

>
> At the beginning of WWII Alan Turing converted his cash to gold and buried
> it in the woods. At the end of WWII he couldn't find it. He doesn't know if
> he can't remember the spot, or someone had dug it up.
>
> Joe
>



More information about the TriLUG mailing list