Hacker News new | ask | show | jobs
by mcpar-land 390 days ago
> Normally, it is undesirable for users’ passwords to be cracked. However, in the case of law enforcement, we often need to obtain suspects’ passwords in order to access encrypted evidence. The obvious solution is to build powerful (and expensive) dictionary cryptanalysis computers. A less obvious approach is to use the distributed power of web users’ computers, as has been done in the Seti@Home (https://setiathome.berkeley.edu/ — suspended project) or Folding@Home projects (https://foldingathome.org/). The proposed approach can therefore support law enforcement activities while providing the desired functionality to the web community

"You're not allowed to visit this website unless you submit your computer to being part of the fed's password cracking botnet" that's a whole fresh hell. A better use case is right there in their own description! I'd love my captchas to be little Folding@Home problems.
5 comments
downrightmike 390 days ago
That is shady as hell. Welp this is dead on the vine
link
tiagozip 389 days ago
btw no, cap does not contribute to any "fed botnet". you can build the WASM binaries yourself and compare the hashes. added a clarification about that to the docs.
link
GoblinSlayer 390 days ago
Bitcoin network used to bruteforce 85 bits per year, which is slightly bigger than capacity of [a-z0-9]{16}
link
ronsor 390 days ago
Can't we just submit bogus hashes?
link
ethersteeds 390 days ago
Generally that is countered by asking for a mix of known and unknown solutions; your accuracy on the unknown is assessed through your accuracy on the known.
link
VladVladikoff 390 days ago
Is it possible to do some other sort of cryptographic trick than simply seeding the mix with known and knowns. Some sort of sum of many answers combined? Maybe it isn’t possible in this use case though (brute forcing passwords). For example is crypto POW really just doing a mix of known and unknowns or is there more cryptographic magic to it than that?
link
GoblinSlayer 390 days ago
But there are only a few suspect passwords, you can just know all of them, and thus reliably differentiate.
link
p0w3n3d 389 days ago
2030: to enter the site you must allow us to mine few ethereal on your pc...
link
leshenka 389 days ago
You better not show me any ads if you want my system to make some crypto for you then.

We’ll, who am I kidding

link
p0w3n3d 389 days ago
Then the ads and the crypto and the blood sample testing for genome stealing it is
link