Concept: Password Mining

[t3a]

Right now miners are calculating 6*10^18 hashes every 10 minutes and earning an average of 25 bitcoins every 10 minutes (maybe a bit less than 10 minutes), meaning the cost to solve 2.4*10^17 hashes is 1 bitcoin.

There are (26*2+10) possible alphanumeric characters meaning you could find all alphanumeric sha256 passwords of length 9 or less for the cost of 1 bitcoin. (log_(26*2+10) of 2.4*10^17 = 9.69)

It is expensive to calculate one alphanumeric password of length 9, but a password miner would be able to find more than one password at once.


In this password mining system, password hash owners submit the hashes they want "reversed" and pay a small fee for each hash (which is less if the hashes are given in bulk).

Once the service owner has a sufficient number of bitcoins (5BTC allows 10 char alphanumeric passwords to be reversed) and hashes, he will mix in winning hashes (hashes that are alphanumeric strings of length 10 or less) with the user submitted hashes.

Mixing in winning hashes guarantees the miners did the work even if they didn't find any submitted hashes.

After completion, the miners are rewarded based on the number of user submitted hashes they reverse and known-to-win hashes they reverse. The users are given an encrypted message telling them what the reverse of their hash is.

Notes:
*Alphanumeric isn't a necessity and was only used for the example.
*Number of hashes a bitcoin can buy should increase as ASIC technology improves.
*Comparing hashes to a list of hashes rather than checking whether it is smaller than a certain value will take more time and make the price per hash higher.

[dewdeded]

Sense? Why not use rainbow tables like established password cracking services like www.onlinehashcrack.com or www.cloudcracker.com?
They work very good.

[Rannasha]

It doesn't work like that.

First of all, Bitcoin mining uses a double application of SHA-256, so SHA256(SHA256(input)).

Secondly, ASICs don't work with arbitrary data. They are fed a block header, add a nonce value to it, hash the thing twice and check if the outcome is below a certain value. This is completely different from being fed a hash and then trying random input until it matches the given hash.

[t3a]

Sense? Why not use rainbow tables like established password cracking services like www.onlinehashcrack.com or www.cloudcracker.com?
They work very good.

This works better. These rainbow tables can be used to store 3*10^10 hashes in a 1tb harddrive (~$50 for the harddrive), while this method can solve 3*10^10 hashes for 100 satoshis (~0.0001). The comparison isn't exact because they use word combinations, but the ASIC crackers are still more efficient.

It doesn't work like that.

First of all, Bitcoin mining uses a double application of SHA-256, so SHA256(SHA256(input)).

Secondly, ASICs don't work with arbitrary data. They are fed a block header, add a nonce value to it, hash the thing twice and check if the outcome is below a certain value. This is completely different from being fed a hash and then trying random input until it matches the given hash.

Your first point is valid, most ASICs are hard coded to do double-SHA256, which means only  compatible FPGAs and ASICs can be used on single hash passwords, otherwise the website must use double-SHA256.

As for your second point, I find it hard to believe that this is true for all ASIC. Could you provide a source?