theymos (OP)
Administrator
Legendary
Offline
Activity: 5362
Merit: 13340
|
|
March 21, 2015, 06:15:39 PM |
|
In theory, if you were to monitor when enough users are promoted to legendary status, it would be possible to reverse engineer what the secret seed is (you would however need to take into consideration that the required activity for each member may not be divisible by 14), although it would probably take more effort/work then it is really worth.
If you can find the secret seed by looking at when people are promoted, then you've (more-or-less) broken SHA-1's preimage resistance. This has never been done before, so if you do it, you should probably publish a paper about it.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2982
Merit: 2371
|
|
March 21, 2015, 07:19:45 PM |
|
In theory, if you were to monitor when enough users are promoted to legendary status, it would be possible to reverse engineer what the secret seed is (you would however need to take into consideration that the required activity for each member may not be divisible by 14), although it would probably take more effort/work then it is really worth.
If you can find the secret seed by looking at when people are promoted, then you've (more-or-less) broken SHA-1's preimage resistance. This has never been done before, so if you do it, you should probably publish a paper about it. This will probably show my newbieness in the world of encryption and cryptography. If I have many examples when one out of two variables is known and the other is unknown and the output is always the same, then I would think that it would be possible to determine what the unknown variable is. I would think it would be similar to figuring out the private key that was created using a weak RNG. I would think that someone would essentially use some level of computing power to "guess"/hash what the secret seed is based on the above known variables. I was under the understanding this is why bitcoin related gambling sites generally have their server seed expire after (usually) 24 hours and have their 'rolls' result in a number that is 4 digits (usually two before and two after a decimal). Although after reading a few wikipedia articles, a few stack exchange answers, and the beginning of a paper (it quickly became more advanced then what I could understand so further reading would have been futile), it sounds like my theory is incorrect.
|
|
|
|
Hfleer
Sr. Member
Offline
Activity: 448
Merit: 250
Changing avatars is currently not possible.
|
|
March 21, 2015, 07:22:18 PM |
|
In theory, if you were to monitor when enough users are promoted to legendary status, it would be possible to reverse engineer what the secret seed is (you would however need to take into consideration that the required activity for each member may not be divisible by 14), although it would probably take more effort/work then it is really worth.
If you can find the secret seed by looking at when people are promoted, then you've (more-or-less) broken SHA-1's preimage resistance. This has never been done before, so if you do it, you should probably publish a paper about it. This will probably show my newbieness in the world of encryption and cryptography. If I have many examples when one out of two variables is known and the other is unknown and the output is always the same, then I would think that it would be possible to determine what the unknown variable is. I would think it would be similar to figuring out the private key that was created using a weak RNG. I would think that someone would essentially use some level of computing power to "guess"/hash what the secret seed is based on the above known variables. I was under the understanding this is why bitcoin related gambling sites generally have their server seed expire after (usually) 24 hours and have their 'rolls' result in a number that is 4 digits (usually two before and two after a decimal). Although after reading a few wikipedia articles, a few stack exchange answers, and the beginning of a paper (it quickly became more advanced then what I could understand so further reading would have been futile), it sounds like my theory is incorrect. The problem is SHA-1 is in a universe of incredible big numbers. So basically no matter how big your sample is, you will not be able to narrow it down to THE key.
|
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5362
Merit: 13340
|
|
March 21, 2015, 07:27:18 PM |
|
If I have many examples when one out of two variables is known and the other is unknown and the output is always the same, then I would think that it would be possible to determine what the unknown variable is. I would think it would be similar to figuring out the private key that was created using a weak RNG.
I would think that someone would essentially use some level of computing power to "guess"/hash what the secret seed is based on the above known variables.
Nope: I must be missing something then. Let's say I (user id 17768) achieve Legendary status next tuesday, when my activity goes from 798 to 812. That means that: 799 <= 775 + conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 812 24 <= conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 37 0x18 <= substr(sha1(concat('17768',secretSeed)), 1, 2) <= 0x25 And by removing the substr(…, 1, 2) part we infer that secretSeed is either: - some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 18, or - some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 19, or - some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 1a, or ... - some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 25. And it isn't difficult to find those 14 possible seeds, right? That's like trying to find the equation of some particular line when you only have one point on the line. You can find an infinite number of possible lines, but there's essentially no chance that you'll find the correct line. And with SHA-1, you won't get any closer to finding the true "line" no matter how many points you have. There are very many possible seeds which would perfectly match the current list of Legendaries, but only one of them will also match all future Legendaries. I was under the understanding this is why bitcoin related gambling sites generally have their server seed expire after (usually) 24 hours and have their 'rolls' result in a number that is 4 digits (usually two before and two after a decimal).
I'm not sure exactly how those sorts of gambling sites do their provable fairness, but they may be trying to protect against a different type of attack.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2982
Merit: 2371
|
|
March 21, 2015, 07:48:24 PM |
|
If I have many examples when one out of two variables is known and the other is unknown and the output is always the same, then I would think that it would be possible to determine what the unknown variable is. I would think it would be similar to figuring out the private key that was created using a weak RNG.
I would think that someone would essentially use some level of computing power to "guess"/hash what the secret seed is based on the above known variables.
Nope: I must be missing something then. Let's say I (user id 17768) achieve Legendary status next tuesday, when my activity goes from 798 to 812. That means that: 799 <= 775 + conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 812 24 <= conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 37 0x18 <= substr(sha1(concat('17768',secretSeed)), 1, 2) <= 0x25 And by removing the substr(…, 1, 2) part we infer that secretSeed is either: - some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 18, or - some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 19, or - some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 1a, or ... - some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 25. And it isn't difficult to find those 14 possible seeds, right? That's like trying to find the equation of some particular line when you only have one point on the line. You can find an infinite number of possible lines, but there's essentially no chance that you'll find the correct line. And with SHA-1, you won't get any closer to finding the true "line" no matter how many points you have. There are very many possible seeds which would perfectly match the current list of Legendaries, but only one of them will also match all future Legendaries. Well at least I am not the first person to make this mistake. That's like trying to find the equation of some particular line when you only have one point on the line. You can find an infinite number of possible lines, but there's essentially no chance that you'll find the correct line. And with SHA-1, you won't get any closer to finding the true "line" no matter how many points you have. There are very many possible seeds which would perfectly match the current list of Legendaries, but only one of them will also match all future Legendaries. It sounds like a very simplified way of explaining it is that my (and dserrano5's) assumption was that the line is on a 2 demential plane, while in reality, the line is on a three demential plane, the two variables only make up the x and y coordinates (or the x/z, or the y/z but which one shouldn't matter), and that you need the third (missing) variable in order to accurately calculate when future legendary accounts will become legendary.
Out of curiosity, how would someone who can read your code be able to accurately predict when someone will become legendary without the secret seed?
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5362
Merit: 13340
|
|
March 21, 2015, 08:22:13 PM |
|
Out of curiosity, how would someone who can read your code be able to accurately predict when someone will become legendary without the secret seed?
I meant that the secret seed is in the code, so if you have access to it then you'll be able to calculate the number directly.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Vlad2Vlad
Legendary
Offline
Activity: 3052
Merit: 1534
www.ixcoin.net
|
|
March 21, 2015, 10:38:20 PM |
|
I meant that the secret seed is in the code, so if you have access to it then you'll be able to calculate the number directly.
I would like to know, Theymos - is there any way a regular forum member can take a peek? Thx! Cheers!
|
iXcoin - Welcome to the F U T U R E!
|
|
|
Frost
|
|
April 09, 2015, 05:02:57 PM |
|
-snip- Most probably on 1036. There are plenty old accounts that have "banked" activity. I would not be surprised if some of them could reach legendary just by posting. What do you mean by this?
|
|
|
|
Muhammed Zakir
|
|
April 09, 2015, 05:29:28 PM Last edit: April 09, 2015, 07:28:03 PM by Muhammed Zakir |
|
-snip- Most probably on 1036. There are plenty old accounts that have "banked" activity. I would not be surprised if some of them could reach legendary just by posting. What do you mean by this? Old accounts which is unused may have posts greater than activity. Activity of these accounts may increase by a lot by posting. CMIIW. Edit: I am striking out. It makes confusion. Refer to aramilus' post. Thank you!
|
|
|
|
Frost
|
|
April 09, 2015, 05:36:57 PM |
|
-snip- Most probably on 1036. There are plenty old accounts that have "banked" activity. I would not be surprised if some of them could reach legendary just by posting. What do you mean by this? Old accounts which is unused may have posts greater than activity. Activity of these accounts may increase by a lot by posting. CMIIW. I am member here since the end of 2013. It seems I have more posts than activity, the difference is 139. Does that mean my activity is not limited and I can increase it by 139 in a few weeks or months?
|
|
|
|
arallmuus
Legendary
Offline
Activity: 2702
Merit: 1426
|
|
April 09, 2015, 05:37:51 PM |
|
-snip- Most probably on 1036. There are plenty old accounts that have "banked" activity. I would not be surprised if some of them could reach legendary just by posting. What do you mean by this? Old accounts which is unused may have posts greater than activity. Activity of these accounts may increase by a lot by posting. CMIIW. Not really correct, if an account got the post count higher than the activity, the account will automatically get 14 activity despite that he only posted once in 2 weeks period What it meant by banking activity is that posting once or a few post which is less than 14 in a 2 weeks periods, since the post count is low, the activity count cant be higher than the post count The activity count will then be "banked" so that once the account posted some quite some posts, the activity could get higher as well, you can actually see this with an account that got the same activity and same post count EDIT : I am member here since the end of 2013. It seems I have more posts than activity, the difference is 139. Does that mean my activity is not limited and I can increase it by 139 in a few weeks or months?
You can only get 14 activity in 2 weeks period only if you posted at least once it the 2 weeks periods, so you will increase your activity by 14 in the next tuesday
|
| █▄ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ | THE #1 SOLANA CASINO | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | ........5,000+........ GAMES ......INSTANT...... WITHDRAWALS | ..........HUGE.......... REWARDS ............VIP............ PROGRAM | . PLAY NOW |
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3976
Merit: 2713
Join the world-leading crypto sportsbook NOW!
|
|
April 09, 2015, 05:39:47 PM |
|
-snip- Most probably on 1036. There are plenty old accounts that have "banked" activity. I would not be surprised if some of them could reach legendary just by posting. What do you mean by this? Old accounts which is unused may have posts greater than activity. Activity of these accounts may increase by a lot by posting. CMIIW. I am member here since the end of 2013. It seems I have more posts than activity, the difference is 139. Does that mean my activity is not limited and I can increase it by 139 in a few weeks or months? No. Sign up date is irrelevant. If you missed posting in a period those points are gone forever. You won't get any more points now until the 14th.
|
|
|
|
Frost
|
|
April 09, 2015, 05:44:53 PM |
|
That means Muhammed's statement was completely wrong?
|
|
|
|
arallmuus
Legendary
Offline
Activity: 2702
Merit: 1426
|
|
April 09, 2015, 05:48:32 PM |
|
That means Muhammed's statement was completely wrong?
Not completely wrong, he did got some point wrong but it is not completely wrong, for further information you can check on my previous post
|
| █▄ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ | THE #1 SOLANA CASINO | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | ........5,000+........ GAMES ......INSTANT...... WITHDRAWALS | ..........HUGE.......... REWARDS ............VIP............ PROGRAM | . PLAY NOW |
|
|
|
dothebeats
Legendary
Offline
Activity: 3766
Merit: 1354
|
|
April 09, 2015, 06:33:11 PM |
|
When's the last time we changed activity points? Because I've been seeing the same 322 points in my activity for four weeks now. I should have increased my activity to 336 if I'm not mistaken.
|
|
|
|
marcotheminer
Legendary
Offline
Activity: 2072
Merit: 1049
┴puoʎǝq ʞool┴
|
|
April 09, 2015, 06:35:18 PM |
|
When's the last time we changed activity points? Because I've been seeing the same 322 points in my activity for four weeks now. I should have increased my activity to 336 if I'm not mistaken.
Did you post in the last activity '2 weeks'?
|
|
|
|
Muhammed Zakir
|
|
April 09, 2015, 07:15:38 PM |
|
When's the last time we changed activity points? Because I've been seeing the same 322 points in my activity for four weeks now. I should have increased my activity to 336 if I'm not mistaken.
You can check the timings here: https://bitcointalk.org/index.php?topic=582736.0. NB: Rhread isn't updated with new timings, see the Google DOC. Are you sure about this? Sometimes you feel activity hasn't updated but it may have happened. I get that feeling sometimes. I don't think updates will be delayed for days. Did you post in the last activity '2 weeks'?
Yes, he did.
|
|
|
|
Frost
|
|
April 09, 2015, 07:22:36 PM |
|
That means Muhammed's statement was completely wrong?
Not completely wrong, he did got some point wrong but it is not completely wrong, for further information you can check on my previous post To be honest, I still don't get it.... You wrote "Not really correct, if an account got the post count higher than the activity, the account will automatically get 14 activity despite that he only posted once in 2 weeks period"... That extremely confusing to me. That means with 140 posts more than activity, I would need to make at least 1 post every two weeks, and that will add 14 activity to my account. So, with 2 posts in a month I can reach 28 activity. In other words, to reach plus 140 activity (my maximum activity), I need to post 1 post every two weeks over a timeframe of 5 months?
|
|
|
|
Muhammed Zakir
|
|
April 09, 2015, 07:26:17 PM |
|
That means Muhammed's statement was completely wrong?
Not completely wrong, he did got some point wrong but it is not completely wrong, for further information you can check on my previous post To be honest, I still don't get it.... You wrote "Not really correct, if an account got the post count higher than the activity, the account will automatically get 14 activity despite that he only posted once in 2 weeks period"... That extremely confusing to me. That means with 140 posts more than activity, I would need to make at least 1 post every two weeks, and that will add 14 activity to my account. So, with 2 posts in a month I can reach 28 activity. In other words, to reach plus 140 activity (my maximum activity), I need to post 1 post every two weeks over a timeframe of 5 months? Yes.
|
|
|
|
BTC786
|
|
May 09, 2015, 12:07:53 PM |
|
The activity number is determined in this way: time = number of two-week periods in which you've posted since your registration activity = min(time * 14, posts) Rough summary of what this means: If you post once per day on average, then you will eventually get the maximum number of activity points that you can get. Posting more than once per day on average is useless for increasing activity. The maximum number of activity points you can get is 1 per day, but your activity score only updates every two weeks. Therefore, it will take about 100 days to get 100 activity if you post once per day on average.Activity is updated every hour. The new membergroup limits work like this: Group | Requirement | Brand New | 0 posts | Newbie | (none) | Jr. Member | activity: 30 | Member | activity: 60 | Full Member | activity: 120 | Sr. Member | activity: 240 | Hero Member | activity: 480 |
I'm not 100% sure that the membergroups work correctly. Tell me if you see any bugs. What are the benefits for acquiring these accounts?
|
|
|
|
|