Distributed crypo-network discussion

Moderator: BarsMonster

Post Reply
User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Distributed crypo-network discussion

Post by BarsMonster » Fri Oct 03, 2008 6:25 am

If you've already seen an announcement on the BarsWF page, next version is going to be distributed. Here does basic conception, open for discussion:

1) You download client and earn points. You may need to earn some points(like ~1 hour of computation) before you will be able to spend them.
2) You may spent your points in the network by cracking hashes you need WHEN you need. I.e. You may gather 3 months of computation, and then spend them in 5 minutes.
3) Unsalted hashes are cracked together, so that everyone saves time. There will be weekly or daily "unsalted runs" for new bunches of all new unsalted hashes. Participating here costs much cheaper - like 0.05point per hour because of collaborative work.
4) You may setup any amount of clients working for your login. You may control them from the web interface (i.e. check status, run jobs on the whole supercomputer)
5) There is a cheat prevention scheme. All distributed projects suffer from fake packets (when someone just answers that "nothing found"). We will inject some extra hashes with guaranted result to each packet, as well as some non-resultative hashes. DB packups every 6 hours for easier cheat investigation and rollback.
6) There will be Windows(32 & 64), Linux(x64 Ubuntu, open for discussion, but I cannot provide alot of Linux builds) and (probably)MacOS binaries.
7) As it is being discussed in separate thread, compilation server will be used to provide optimized cubin kernels. Traffic non-encripted, but 2048-bit RSA signed.
8) Estimated traffic is 1mb / day / client.

Looking forward to hear you ideas or critique :-)

Update 1: After discussions we decided not to make source open. That's because there are some commercial competitors, and we are not going to make them any gifts :crazy:. Protocol still going to be open.

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by the_drag0n » Fri Oct 03, 2008 6:30 am

so you are planing on a hash cracking community ?
because that is what i read from it.

i dunno if i would use it because actually i dont crack to much hashes all in all.
but the idea itself is great. webcontrol of all pcs would make cracking more flexible.

well if you would add wpa support id be running my pc 24/7 for the next 2 weeks to gain enough "coins" to get cracking support with my wpa file ;)

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by BarsMonster » Fri Oct 03, 2008 6:34 am

Well, yes, that will not be just MD5. You may increase WPA chances by providing some examples of hashes and decrypted passwords.
Also, people participate in distributed projects not just because they need to know why proteins misfold (that's the goal of Folding@Home) :-)
There is also a competition and community :-)

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by BarsMonster » Fri Oct 03, 2008 6:42 am

Also you may sell your points :-)
I wonder how much 1month of CPU time @ 1gigaFLOP might cost :-)

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by the_drag0n » Fri Oct 03, 2008 6:43 am

BarsMonster wrote:Also you may sell your points :-)
I wonder how much 1month of CPU time @ 1gigaFLOP might cost :-)
good point ;) if youd allow that one could sell "cracking points" at the community.
btw is there any win prog that tells me how many flops i can do *asking stupid question* ?

edit: just wondered where my post went to ;) i see you dont like messy forums :P
edit2: you might want to stickie this post

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by BarsMonster » Fri Oct 03, 2008 6:48 am

Real FLOP - linpack
We are interested in "cracking FLOP" which is BarsWF MHash*0.441 = gigaFLOP, actually an integer operation not floating (although speed is the same on GPU)

I.e. 100MHash = 44.1 gigaFLOP

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by BarsMonster » Fri Oct 03, 2008 6:49 am

the_drag0n wrote:edit: just wondered where my post went to ;) i see you dont like messy forums :P
You post in separate thread. This thread is just about distributed computing. Just to easily track everything.

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by the_drag0n » Fri Oct 03, 2008 6:51 am

ah thanks for that.
would be 52.92 Giga Flops (CPU only) ;) not bad for a 500€ machine
Last edited by the_drag0n on Fri Oct 03, 2008 6:54 am, edited 1 time in total.

kiando
Posts: 64
Joined: Thu Oct 02, 2008 7:30 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by kiando » Fri Oct 03, 2008 8:29 am

o damn. I sould have read this before posting here

The cheat prevention system is a good idea.
We could also make it obligatory the check all hashes with a simple wordlist so that no power is wasted for keys like "test" and so on.

xprog
Posts: 14
Joined: Fri Oct 03, 2008 12:06 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by xprog » Fri Oct 03, 2008 9:15 pm

Would be nice if it only worked when im not on the pc, like if it could detect mouse/keystrokes and go idle. That way i could leave it running 24/7 and forget about it... and not have to open/close it constantly when i get on/get off the pc.

User avatar
hashkiller
Posts: 10
Joined: Fri Oct 03, 2008 10:03 pm
Contact:

Re: Distributed crypo-network discussion

Post by hashkiller » Fri Oct 03, 2008 10:23 pm

Your Idea sound great, would be very helpfull for me and my cracking community.

I also had some kind of distributed MD5 cacking in mind for my community but kicked the idea away and developed something more open to the users. Now it runs very smooth and is called opencrack.
Link: http://opencrack.hashkiller.com/
Every MD5 that is not found in our MD5 database (>125 GB of MySQL Data) will be added to this list, from where the users can download the list an try to crack the MD5 on thier own. Nearly no restrictions at all and also provided with an simple HTTP API. Currently we reach cracking rates at >40%.

After this experience i might say that a system with too much limitations against the user might keep them of using your system.
_________________

Other questions:
Will the communication between server and client be open source too ?
Might it be possible to write a own client that does cracking to but using wordlists instead of bruteforce for example ?
If yes, will it be possible to do so with simple languages like PHP/Curl ?
Visit my MD5 cracking Page: Hashkiller.com

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by BarsMonster » Sat Oct 04, 2008 3:47 am

Will the communication between server and client be open source too ?
Well, that is main thing which I am going to have opensource. I am not expecting anyone to extend the system, but this is to show that we are not trying to download anything to to compromise security of the computer. Also, some says that this will not help as if someone would find a vulnerability he would just use it sometime instead of sharing it. I would be recommending to run BarsWF software with very restricted access (r/w access to current folder only).
Might it be possible to write a own client that does cracking to but using wordlists instead of bruteforce for example ?
That is interesting question. I guess we would need to support wordlists natively, with some(or all) or JTR rules implemented. We would be unable to distribute this work as wordlists are quite large.
So the main question is how to motivate users with huge wordlists to help the comunity.
If yes, will it be possible to do so with simple languages like PHP/Curl ?
We can have public web API for PHP/Curl like things to retreive passwords for specific user, update if they are cracked. Also, it would be possible to get from the web-based interface.

About opencrack:
Is it about non-salted hashes only?
If you are not managing community efforts, they would try 7 symbols a-z again and again, right?

User avatar
styxx
Posts: 5
Joined: Sat Oct 04, 2008 9:56 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by styxx » Sat Oct 04, 2008 10:39 am

Damn, lots of Text, thanks to anyone who has enough time to read it ;)
Also, some says that this will not help as if someone would find a vulnerability he would just use it sometime instead of sharing it. I would be recommending to run BarsWF software with very restricted access (r/w access to current folder only).
By vulnerabilities i didn't mean exploits to gain access to clients (which actually should not be possible if we use client-TO-server requests only (not server-TO-client)), but exploits which could be used to fake real hashes, or gain extra points etc.
i.e. attacks against the whole idea or system of distributed cracking.
Of course it won't be a bad idea to run BarsWF with restricted access.
Would be nice if it only worked when im not on the pc, like if it could detect mouse/keystrokes and go idle. That way i could leave it running 24/7 and forget about it... and not have to open/close it constantly when i get on/get off the pc.
I already "talked" to BarsMonster about this idea.
The clientsoftware should/will definitely have an intelligent resource manager.
5) There is a cheat prevention scheme. All distributed projects suffer from fake packets (when someone just answers that "nothing found"). We will inject some extra hashes with guaranted result to each packet, as well as some non-resultative hashes. DB packups every 6 hours for easier cheat investigation and rollback.
In addition there will be private and public fake hashes. The reason is simple:
If we add private fake hashes only, an "attacker" could run the client two times and get two packages of the same "cracking task".
The "attacker" would be able to see which hash is the same in both packages: -> This one is in most cases the real hash.
Therefore the "attacker" could return "not found" for this hash without even trying to crack it and ruining the whole concept of distributed cracking at the same time.
If public hashes are added, two packages will have more than one identical hash.

For those who don't understand this concept, i will make a diagram later this day, containing the whole cheat prevention scheme.
Corrections and ideas are always welcome.
8) Most likely non-computing code would be open-source to be more trusted.
I don't believe that this will prevent people from stealing your code.
Personally i take no stock in packing or encrypting software. Those who like to steal your code will in most cases be able to, independent if you use "open-" or "close source".
You would do far better by choosing a good license.


Last point i would like to propose (without a quote) is a simple and clean client. All organization etc. should be done on the website.
There is one simple reason: I believe no one is really interested which packages the client is currently cracking (i am talking about the distributed client, the usual BarsWF should "stay" as it is), but likes to see the current progress of the hashes he or she inserted.
Therefore the website should be the major "tool" to manage your "stuff".

My idea of a client would be simple:
Start the program, insert Username and Password, see some information about cracking speed and todays earned points.
But i also like you idea, hashkiller. (own client)
And i totally agree to:
After this experience i might say that a system with too much limitations against the user might keep them of using your system.
So an interface for writing your own client would be the best idea.

User avatar
hashkiller
Posts: 10
Joined: Fri Oct 03, 2008 10:03 pm
Contact:

Re: Distributed crypo-network discussion

Post by hashkiller » Sat Oct 04, 2008 11:13 am

BarsMonster wrote:About opencrack:
Is it about non-salted hashes only?
If you are not managing community efforts, they would try 7 symbols a-z again and again, right?
It is completely MD5 only without salts or something like that. Only md5(md5()) is supported as a special method.

We are not managing efforts to gain extended rights or sth. Some users said in the discussion (RFC-Thread) the would not like to see something like a point based system, they did not want to have some sort of competition.
The only kind of showing efforts is on our stats page:
http://hashkiller.com/index.php?action=statistics
It is some sort of Top20 cracker list. But the main idea behind this is list was to find the system wich has the best crackingratio with hundret/thousands of MD5 at once, by the way, wordlists and GPU cracking showed up as some of the best methods.
I dont know what the users do for cracking, some are bruting, some are wordlisting and some others even have hashdirs running so even >7 chars words might be cracked.

__________________________________--

Another Thing you might have in mind, if the users can write his own client/cracking system, they might just write a system that will search online databases like our webcrack does. Just watch the stats page, collum webcrack to see what i mean:
http://hashkiller.com/index.php?action=statistics
These users that are searching online databases might have much better and faster results than bruting/wordlisting users with very less cpu-power and effort at all.
Visit my MD5 cracking Page: Hashkiller.com

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by the_drag0n » Sat Oct 04, 2008 11:33 am

i think a competition is usefull because that is the only reason why most people do distributed projects.
to see their names on the top ;)

about the online submission, i think this project will aim at very complicated hashes which can not be cracked via an onlinecracker.

User avatar
hashkiller
Posts: 10
Joined: Fri Oct 03, 2008 10:03 pm
Contact:

Re: Distributed crypo-network discussion

Post by hashkiller » Sat Oct 04, 2008 11:53 am

I think competition migth be some key element in this idea, i could not imagine your system without it.

If you need some hard, uncracked MD5, we have a nice growing archive with thousand of it :)
http://hashkiller.com/files/opencrack/notfound/
Visit my MD5 cracking Page: Hashkiller.com

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by BarsMonster » Sat Oct 04, 2008 12:25 pm

After this experience i might say that a system with too much limitations against the user might keep them of using your system.
Well, why some people still participate in projects without any rights (i.e. everything is limited) like Folding@home - "you cannot do anything with client, you may just spend you CPU time"?

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by BarsMonster » Sat Oct 04, 2008 12:28 pm

styxx wrote:Last point i would like to propose (without a quote) is a simple and clean client. All organization etc. should be done on the website.
There is one simple reason: I believe no one is really interested which packages the client is currently cracking (i am talking about the distributed client, the usual BarsWF should "stay" as it is), but likes to see the current progress of the hashes he or she inserted.
Therefore the website should be the major "tool" to manage your "stuff".
That is exactly how I see it.

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by BarsMonster » Sat Oct 04, 2008 12:35 pm

hashkiller wrote:Another Thing you might have in mind, if the users can write his own client/cracking system, they might just write a system that will search online databases like our webcrack does. Just watch the stats page, collum webcrack to see what i mean:
http://hashkiller.com/index.php?action=statistics
These users that are searching online databases might have much better and faster results than bruting/wordlisting users with very less cpu-power and effort at all.
Sure that's true for unsalted hashes. Everything we have now for hash cracking is very usefull for unsalted hashes. Especially rainbow tables distributed project - we may coloborate with them to check all non-salted hashes with rainbow tables first.

We might give an ability to export filtered list of hashes which we were unable to crack for using in 3rd party tools - but I do not see how we may benefit from alternative client (especially how it will earn points).
We might want to create a hugest possible wordlist to check all hashes against it on submission.

User avatar
hashkiller
Posts: 10
Joined: Fri Oct 03, 2008 10:03 pm
Contact:

Re: Distributed crypo-network discussion

Post by hashkiller » Sat Oct 04, 2008 2:37 pm

I do not know how much hashes you think to accept but rainbowtables might be a very unusefull choice for >100 hashes per run. By the way you may need much disk space and performant systems for this rainbowsystem.

It might be easier to ask our hashkiller database for unsalted MD5 first, it migth save you a lot of work.
Visit my MD5 cracking Page: Hashkiller.com

User avatar
styxx
Posts: 5
Joined: Sat Oct 04, 2008 9:56 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by styxx » Sat Oct 04, 2008 2:55 pm

http://hashkiller.com/index.php?action=md5webcrack
An interface would be good for this.

I don't think you would appreciate it, if we try to find a workaround for your captcha system, would you? ;)

Edit: Ok, i see:
Wenn Ihr Euch registriert müsst Ihr kein Captcha mehr lösen.
;)
It would be better if you could supply plain text only, without any HTML, because we would use your website only as database-frontend.
(A partnership would be great)

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by BarsMonster » Sun Oct 05, 2008 3:40 am

Agree with hashkiller DB checking. Unfortunately it is MD5 only, as we would have more.
I see that working with rainbowtables might not be easy, but I'll check what guys from rt would say.

User avatar
hashkiller
Posts: 10
Joined: Fri Oct 03, 2008 10:03 pm
Contact:

Re: Distributed crypo-network discussion

Post by hashkiller » Sun Oct 05, 2008 12:25 pm

The Captcha is just a short hand solution against "lazy/stupid l33t haxxor kiddies".

The Webcrack system might look like a very usefull thign but it is not really. First, the system work by asking all the diferent sites at once with a timeout of 5 seconds, not in a row one by one. The problem is, that many of the asked sites are not designed for this massive amount of request, even some of them suffered and went offline by the way.
I slightly look at the stats page will will show that there are only 4 databases worth asking.
Name Found Notfound Rate
Hashkiller.com 34143 292724 10.45%
insidepro.com 24112 291732 7.63%
gdataonline.com 9180 331611 2.69%
md5.cryptobitch.de 2247 106963 2.06%
All what could be found with the others was also found by these 4.
Also, the webcrack is realy resource intensive at our site, so a interface will not work out for long and i would not install it because of the load.

I would appreciate that that hashkiller is currently one of the best resources for normal MD5 cracking.
Visit my MD5 cracking Page: Hashkiller.com

User avatar
styxx
Posts: 5
Joined: Sat Oct 04, 2008 9:56 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: Distributed crypo-network discussion

Post by styxx » Sun Oct 05, 2008 3:01 pm

hashkiller wrote:Also, the webcrack is realy resource intensive at our site, so a interface will not work out for long and i would not install it because of the load.
See your point, so a partnership might be the best idea:

Before a hash can be inserted on the BarsWF page, there should be a (Banner?) link to hashkiller.com where People can check their hashes first. Therefore your site will gain more visitors.

If people dont use your service it is their "problem".
If the hash is already cracked on hashkiller, you should be able to crack it (again) on BarsWF.
I mean, anyone can spend his/her points on what he/she wants to. Their should be no regulation.

Would be great if you could create a bannerlink (i can give you one soon) on your site, if your search engine does not find a result.
Both projects will profit in this way.

User avatar
hashkiller
Posts: 10
Joined: Fri Oct 03, 2008 10:03 pm
Contact:

Re: Distributed crypo-network discussion

Post by hashkiller » Mon Oct 06, 2008 7:24 pm

A partnership or something like that would be nice.

______________________________________________

One last thing a have to mention:
What if somebody adds a MD5 to the System, an does allready know the Plain?
Example:
He adds "b34d7bb23c87c0c8fdbc55a11640ae10" and knows the Plain allready "VeryVerySecurePass123456" because he generated the MD5 by himself. So he could earn thousands of Points he just "faked".
Visit my MD5 cracking Page: Hashkiller.com

Post Reply
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Who is online

Users browsing this forum: No registered users and 1 guest