[TriLUG] best way to hack root...

Pete Soper pete at soper.us
Fri Feb 22 13:13:40 EST 2013


That's an interesting idea, but IMO the "publish it to the Internet" 
part is not necessary and would constitute a bet that quantum computers 
or the like won't come along and screw you in a very uncomfortable fashion.

-Pete


On 02/22/2013 10:59 AM, Igor Partola wrote:
> I wonder if you could make it predictably expensive to recover your
> passphrase. Basically, publish bcrypt(workfactor, salt, passphrase) to the
> internet with the work factor tuned such that you know it would take X
> number of CPU/GPU cycles to brute force the answer. To a casual observer
> this is of no interest: if they manage to steal your laptop it would cost
> them, say $10,000 to harness enough computing power to recover the original
> passphrase. Same for you: it would cost you $10,000 to recover it. Or, you
> know, wait a year and it'll cost you $5,000 due to Moore's law. In roughly
> 10 years it should cost you about a $1.
>
> You could change your passphrase, tune the workfactor and publish a
> new bcrypt(workfactor, salt, passphrase) every year to keep the target at
> $10,000.
>
> Basically, tell everyone where you buried the gold, but that the lock on
> the gold is more expensive to break than the value of the gold.
>
> Igor
>
> On Fri, Feb 22, 2013 at 10:49 AM, Joseph Mack NA3T <jmack at wm7d.net> wrote:
>
>> At the beginning of WWII Alan Turing converted his cash to gold and buried
>> it in the woods. At the end of WWII he couldn't find it. He doesn't know if
>> he can't remember the spot, or someone had dug it up.
>>
>> Joe
>>




More information about the TriLUG mailing list