Bitcoin Forum
November 02, 2024, 04:32:41 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [32] 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 »
  Print  
Author Topic: Activity & new membergroup limits  (Read 242455 times)
Hfleer
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


Changing avatars is currently not possible.


View Profile
August 12, 2014, 06:29:15 PM
 #621

Ok, gottcha!

But why did Theymos say that a few people will be able to tell what activity is needed? Was he referring to staff that has access to the secret seed?

I suppose some people have read-only access to the forum's code, which would contain the SQL query and hence the secret seed, but I don't know who those people are. They could be staff, developers, security contractors, whoever is hosting the forum, people working with the new forum, etc.

Makes sense. There is no need to worry for me anyway, I am so far away from this status Wink

█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
▓▓▓▓▓  BIT-X.comvvvvvvvvvvvvvvi
→ CREATE ACCOUNT 
▓▓▓▓▓
█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
August 12, 2014, 06:55:36 PM
 #622

But even after having a bigger samplesize of existing Legendary members you can't get any results, because you don't know what activity level each of those was needed for the status.

But you only have a narrow space possible, if you take into account that activity doesn't increase by more than 14 each period. That complicates things somewhat, but by looking at what members became Legendary in each activity-payday, it shouldn't be very complicated to find a suitable seed.
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1077



View Profile
August 12, 2014, 06:58:30 PM
 #623

But even after having a bigger samplesize of existing Legendary members you can't get any results, because you don't know what activity level each of those was needed for the status.

But you only have a narrow space possible, if you take into account that activity doesn't increase by more than 14 each period. That complicates things somewhat, but by looking at what members became Legendary in each activity-payday, it shouldn't be very complicated to find a suitable seed.

The real problem is that finding the correct seed is equivalent to the never-before-done task of pre-imaging SHA1, even given as much data as one could possibly desire.
theymos_away
Member
**
Offline Offline

Activity: 82
Merit: 26


View Profile
August 12, 2014, 07:47:38 PM
 #624

You're not going to find the secret seed technologically. Brute force is not practical, and SHA-1 is strongly believed to protect against other attacks you might think of. If the seed is ever published, it'll be because someone leaked it.
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
August 12, 2014, 08:08:32 PM
 #625

I must be missing something then.

Let's say I (user id 17768) achieve Legendary status next tuesday, when my activity goes from 798 to 812. That means that:

Code:
799  <= 775 + conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 812
24   <=       conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 37
0x18 <=            substr(sha1(concat('17768',secretSeed)), 1, 2)          <= 0x25

And by removing the substr(…, 1, 2) part we infer that secretSeed is either:

- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 18, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 19, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 1a, or
...
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 25.

And it isn't difficult to find those 14 possible seeds, right?
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1077



View Profile
August 12, 2014, 08:10:23 PM
 #626

I must be missing something then.

Let's say I (user id 17768) achieve Legendary status next tuesday, when my activity goes from 798 to 812. That means that:

Code:
799  <= 775 + conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 812
24   <=       conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 37
0x18 <=            substr(sha1(concat('17768',secretSeed)), 1, 2)          <= 0x25

And by removing the substr(…, 1, 2) part we infer that secretSeed is either:

- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 18, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 19, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 1a, or
...
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 25.

And it isn't difficult to find those 14 possible seeds, right?


You can find one seed (or even many seeds) that will work for your particular user id, but you will not be any closer to finding the secretSeed. To do that, you need more information, but once you have enough information, it becomes a brute-forcing problem, which is not feasible.

Seeds that work for you do not necessarily work for others. If SHA1 is strong (which so far it has proven to be), then there should be only one seed that works for everyone, and that one seed is impossible to find without searching through all possible seeds, requiring an impossible amount of computing resources.
theymos_away
Member
**
Offline Offline

Activity: 82
Merit: 26


View Profile
August 12, 2014, 08:56:33 PM
Last edit: August 12, 2014, 09:09:27 PM by theymos_away
 #627

I must be missing something then.

Let's say I (user id 17768) achieve Legendary status next tuesday, when my activity goes from 798 to 812. That means that:

Code:
799  <= 775 + conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 812
24   <=       conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 37
0x18 <=            substr(sha1(concat('17768',secretSeed)), 1, 2)          <= 0x25

And by removing the substr(…, 1, 2) part we infer that secretSeed is either:

- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 18, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 19, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 1a, or
...
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 25.

And it isn't difficult to find those 14 possible seeds, right?


That's like trying to find the equation of some particular line when you only have one point on the line. You can find an infinite number of possible lines, but there's essentially no chance that you'll find the correct line. And with SHA-1, you won't get any closer to finding the true "line" no matter how many points you have. There are very many possible seeds which would perfectly match the current list of Legendaries, but only one of them will also match all future Legendaries.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
August 12, 2014, 09:00:53 PM
 #628

I must be missing something then.

Let's say I (user id 17768) achieve Legendary status next tuesday, when my activity goes from 798 to 812. That means that:

Code:
799  <= 775 + conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 812
24   <=       conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 37
0x18 <=            substr(sha1(concat('17768',secretSeed)), 1, 2)          <= 0x25

And by removing the substr(…, 1, 2) part we infer that secretSeed is either:

- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 18, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 19, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 1a, or
...
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 25.

And it isn't difficult to find those 14 possible seeds, right?


The fact that you are missing is that SHA1 produces a 160 bit output.

That means that there are potentially 2152, or 5.7 X 1045 different seeds that will all result in a hash that starts with 19, and another 2152, or 5.7 X 1045 different seeds that will all result in a hash that starts with 0x19, and so on for all 14 possible values of the first 2 hex characters.

Any of those 8 X 1046 possible seeds will work to give YOU legendary status, but only ONE of those possible seeds is the one that Theymos is using and which will give EVERYONE legendary status.  How many different people do you suppose will have to attain legendary status before you will be able to whittle those 8 X 1046 possible seeds down to the 1 real seed to reliably predict when ANYBODY will attain legendary status?

Note, it would be much easier to brute force if you knew the possible range of the secret seed. For example, if you were told that the secret seed is a one byte unsigned integer, you'd only have to try 256 possibilities and could narrow it down pretty quickly.  On the other hand, if the seed is a 160 bit random number, you can just give up now.
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1077



View Profile
August 12, 2014, 09:03:47 PM
 #629

I must be missing something then.

Let's say I (user id 17768) achieve Legendary status next tuesday, when my activity goes from 798 to 812. That means that:

Code:
799  <= 775 + conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 812
24   <=       conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 37
0x18 <=            substr(sha1(concat('17768',secretSeed)), 1, 2)          <= 0x25

And by removing the substr(…, 1, 2) part we infer that secretSeed is either:

- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 18, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 19, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 1a, or
...
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 25.

And it isn't difficult to find those 14 possible seeds, right?


The fact that you are missing is that SHA1 produces a 160 bit output.

That means that there are potentially 2152, or 5.7 X 1045 different seeds that will all result in a hash that starts with 19, and another 2152, or 5.7 X 1045 different seeds that will all result in a hash that starts with 0x19, and so on for all 14 possible values of the first 2 hex characters.

Any of those 8 X 1046 possible seeds will work to give YOU legendary status, but only ONE of those possible seeds is the one that Theymos is using and which will give EVERYONE legendary status.  How many different people do you suppose will have to attain legendary status before you will be able to whittle those 8 X 1046 possible seeds down to the 1 real seed to reliably predict when ANYBODY will attain legendary status?

Note, it would be much easier to brute force if you knew the possible range of the secret seed. For example, if you were told that the secret seed is a one byte unsigned integer, you'd only have to try 256 possibilities and could narrow it down pretty quickly.  On the other hand, if the seed is a 160 bit random number, you can just give up now.

Your points relating to the hash function are correct, but the output length of SHA1 is not related, since the secret seed itself is not necessarily the result of a SHA1 hash. It could be longer or shorter than 160 bits. The forum is effectively using its own hash function, SUBSTR(SHA1, 2), which has only 8 bits of output.

In addition, the bottleneck is not so much the number of people that must attain legendary status—each person currently in the range eligible for legendary status will eliminate roughly half of remaining seeds. So a little more than the bit length of the secret seed of such people should be roughly enough. The problem is that such elimination requires a huge amount of computation power—brute-forcing the entire seed space.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
August 12, 2014, 09:17:09 PM
 #630

Your points relating to the hash function are correct, but the output length of SHA1 is not related, since the secret seed itself is not necessarily the result of a SHA1 hash. It could be longer or shorter than 160 bits.

True, however since we know nothing about the size of the secret seed, we are left with assuming that it could potentially be larger than 160 bits.

I rushed into answering this, and I'll admit that I may have overlooked an important point, but since the secret seed (concatenated with the userID) is passed through the digest function SHA1, it means that there are an infinite number of secret seeds that will all result in the exact same SHA1 value for all the current userIDs.  It is only necessary to find 1 of these infinite number of secret seeds to reliably predict when someone will achieve legendary status.  As such, the length of the output of SHA1 would seem to be relevant?

In addition, the bottleneck is not so much the number of people that must attain legendary status—each person currently in the range eligible for legendary status will eliminate roughly half of remaining seeds. So a little more than the bit length of the secret seed of such people should be roughly enough.

I hadn't thought of that.  I suppose you're right (I'll have to think about it a bit). Since we don't know the bit length of the secret seed, that could be 8 people, or 10,000 people (or anywhere inbetween). However, as you point out:

The problem is that such elimination requires a huge amount of computation power—brute-forcing the entire seed space.
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1077



View Profile
August 12, 2014, 09:32:16 PM
 #631

Your points relating to the hash function are correct, but the output length of SHA1 is not related, since the secret seed itself is not necessarily the result of a SHA1 hash. It could be longer or shorter than 160 bits.

True, however since we know nothing about the size of the secret seed, we are left with assuming that it could potentially be larger than 160 bits.

I rushed into answering this, and I'll admit that I may have overlooked an important point, but since the secret seed (concatenated with the userID) is passed through the digest function SHA1, it means that there are an infinite number of secret seeds that will all result in the exact same SHA1 value for all the current userIDs.  It is only necessary to find 1 of these infinite number of secret seeds to reliably predict when someone will achieve legendary status.  As such, the length of the output of SHA1 would seem to be relevant?


I would not be surprised if this was an unsolved cryptographic problem. If SHA1 were a random oracle (the ideal "perfect" hash function), then the output length is completely irrelevant, since each bit is completely independent of the other output bits and at the same time dependent on every bit of the input.

But the SHA1 algorithm is certainly not perfect, and internally uses 80 rounds of hashing, each round using 128 of every 512-bit chunk of the input. It's designed so that this is as difficult to exploit as possible, but I would not be surprised if 128, 160, or 512 bits were somehow "critical numbers" that subtly affected how the hash works. I suspect that there would be, but finding them is certainly not trivial.
Hfleer
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


Changing avatars is currently not possible.


View Profile
August 12, 2014, 09:45:55 PM
 #632

Theymos should just release the secret seed, most people are not able to calculate their level anyway, and the ones that can, can use it as an isider joke Wink

█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
▓▓▓▓▓  BIT-X.comvvvvvvvvvvvvvvi
→ CREATE ACCOUNT 
▓▓▓▓▓
█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
QuestionAuthority
Legendary
*
Offline Offline

Activity: 2156
Merit: 1393


You lead and I'll watch you walk away.


View Profile
August 12, 2014, 11:30:27 PM
 #633

Dree12, you and DannyHamilton have wayyyy too much time on your hands.

haploid23
Legendary
*
Offline Offline

Activity: 812
Merit: 1002



View Profile WWW
August 13, 2014, 02:01:02 AM
 #634

Dree12, you and DannyHamilton have wayyyy too much time on your hands.

So this is how you view someone with high technical knowledge? The fact that you're involved in bitcoin, relative to the average person, means you have wayyy too much time on your hands  Wink

rdnkjdi
Legendary
*
Offline Offline

Activity: 1256
Merit: 1009


View Profile
August 13, 2014, 02:06:55 AM
 #635

Just felt like this needed to be mentioned here.

https://bitcointalk.org/index.php?topic=728902.msg8308277#msg8308277
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1077



View Profile
August 13, 2014, 02:14:51 AM
 #636

Just felt like this needed to be mentioned here.

https://bitcointalk.org/index.php?topic=728902.msg8308277#msg8308277

This is the post you linked:

It's because they changed the rules when I was on vacation last winter.  My activity was over 2,000 but they dropped to zero cause I didn't log on for 2 weeks and then the rules changed and I had to start over.

I should have 5,000 activity now if I had only logged on while on vacation.  I would be one of only 218 legendary accounts -  the newest and highest level one can reach now.

Oh well, I should be hero in 2-4 weeks I think.  I'll take that and be happy.

This is nonsense and demonstrates a complete lack of understanding about how activity works. Activity does not decrease unless posts are deleted, and nobody has ever had an activity over 2000. Nor were the rules changed last winter. Nor would logging in have helped.

In addition, there is no way anyone is going to have an activity of 5000 for a very long time.
freedomno1
Legendary
*
Offline Offline

Activity: 1806
Merit: 1090


Learning the troll avoidance button :)


View Profile
August 13, 2014, 02:21:58 AM
 #637

Just felt like this needed to be mentioned here.

https://bitcointalk.org/index.php?topic=728902.msg8308277#msg8308277

This is the post you linked:

It's because they changed the rules when I was on vacation last winter.  My activity was over 2,000 but they dropped to zero cause I didn't log on for 2 weeks and then the rules changed and I had to start over.

I should have 5,000 activity now if I had only logged on while on vacation.  I would be one of only 218 legendary accounts -  the newest and highest level one can reach now.

Oh well, I should be hero in 2-4 weeks I think.  I'll take that and be happy.

This is nonsense and demonstrates a complete lack of understanding about how activity works. Activity does not decrease unless posts are deleted, and nobody has ever had an activity over 2000. Nor were the rules changed last winter. Nor would logging in have helped.

In addition, there is no way anyone is going to have an activity of 5000 for a very long time.

Well it was rank by posts back then
So it was possible to have the hero rank of course with the transition to activity ranks were nuked
But your right the above part that vlad mentioned is complete nonsense they didn't understand how the activity transition worked.

Believing in Bitcoins and it's ability to change the world
QuestionAuthority
Legendary
*
Offline Offline

Activity: 2156
Merit: 1393


You lead and I'll watch you walk away.


View Profile
August 13, 2014, 03:35:06 AM
 #638

Dree12, you and DannyHamilton have wayyyy too much time on your hands.

So this is how you view someone with high technical knowledge? The fact that you're involved in bitcoin, relative to the average person, means you have wayyy too much time on your hands  Wink

I have an excuse though. I'm retired, I've been a codehead since everyone here was in diapers and I love to fuck with know-it-all kids. Bitcointalk is the perfect hobby.  Grin

dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
August 13, 2014, 07:52:46 AM
 #639

Thanks dree12, theymos_away and DannyHamilton, now I think I have it (but I'll have to try to actually *see* it Smiley).
forsakenpnut
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
August 13, 2014, 08:15:47 AM
 #640

Thanks dree12, theymos_away and DannyHamilton, now I think I have it (but I'll have to try to actually *see* it Smiley).

Could you help me out with this? I dont understand. Does the time since the account is registered change something? Like my account is old does it increase faster?

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [32] 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!