[mlyle]

> In fact, we can play that game right now. The SHA256 hash [1] of "mlyle" is "CAD9051E126DA9BC7CB4048C4CA28804CCFEE0E3824F4E63FC151BC5E30B96D0". Using this information, please produce a password with the hash CAD9051E126DA9BC7CB4048C4CA28804CCFEE0E3824F4E63FC151BC5E30B96D1, differing only in the last bit. Ideally the shortest password using letters, numbers, and symbols in US ASCII, but honestly I'll take any binary string.

Just to note: this is not the game.

The game is, given a bunch of bits of the hash output, identify which of a known set of input produces that hash output.

Identifying which word in /usr/share/dict/words has the hash:

0f??????????????????????????????9d??????d2??????????????????????

is trivial.

Yes, enumerating all possible 14 character passwords is impractical... but if it was a 10 character password input, it again would be trivial.

The point is, the hints make it possible to know whether you've got the correct answer. You have an oracle, that tells you whether a given password you're considering is correct. Without this information, you don't have that oracle and cannot complete the search offline.

edit: woops, I didn't narrow the search space quite enough! There's two matching words.

    mlyle@powerbook ~ % time ./meh.py | grep '0f..............................9d......d2......................'
     0feeefd1e67f9c16131f9fa0c581cfef9d7f1fc3d2801f157c18d5dff5db4a53 abdominocystic
    0f6fe3980f4d7d6d642868e125ebb00a17a02cec9d8e9a6cd2cdce137b63735f feminility
    ./meh.py  0.22s user 0.01s system 89% cpu 0.264 total
    grep '0f..............................9d......d2......................'  0.21s user 0.00s system 83% cpu 0.260 total

[jerf]

"The game is, given a bunch of bits of the hash output, identify which of a known set of input produces that hash output."

No, it isn't. You don't have a list. This game generates a fully random password. I did one just now and the answer is "]=-CrGl0Sv.'L:". You don't have that on your list. This is Passwordle, not Wordle. Passwordle does not operate on a fixed list of answers.

Technically, it's drawing from a smaller set of possibilities than a full 256 bit search space but it's still large enough it won't matter.

You can not enumerate the possibilities for Passwordle.

Yes, if you cut the search space arbitrarily by something like 110 bits or so, the math works differently. So? That's not the game.

The difficulty of this game, and for that matter of reversing the hash in general, from a constant list is uninteresting. The whole point is stranding you in an infeasibly large search space.

Your strategy completely depends on having a list of precomputed hashes for the entire search space. You don't and can't, so your strategy is completely nonfunctional and useless. Pounding on the details of your nonfunctional strategy will not make it functional.

[mlyle]

> Yes, if you cut the search space arbitrarily by something like 110 bits or so, the math works differently. So? That's not the game.

See- the search space is already significantly under 256-110 bits.

The search space is a bit smaller than 92 bits in passwordle. If it drew uniformly from the possible characters it would be 92 bits; it's more like 87-88 bits since it does not draw uniformly.

This is out of reach of brute force--- as I've said the entire time-- but if it were just a few characters shorter it would be within reach. 11 is doable with a lot of computing; 9 would be trivially doable. They chose 14 characters of input.

This is an interesting offline-online tradeoff. 10 guesses doesn't get you far vs. a 9 character random password in practice. But 10 guesses with this oracle lets you defeat 9 character random passwords easily. (and provides enough information to defeat 14 character random passwords, but with no feasible search strategy known at this time).

This is very different from "provides no information whatsoever". I suspect you not appreciating this is why we have a difference of opinion.

> Your strategy completely depends on having a list of precomputed hashes for the entire search space.

It depends upon being able to do a meaningful amount of search offline-- either precomputed or before your last guess.