hashcat Forum
Enforcing Untrusted parties to work - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Developer (https://hashcat.net/forum/forum-39.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-40.html)
+--- Thread: Enforcing Untrusted parties to work (/thread-9486.html)

Enforcing Untrusted parties to work - tomasvanagas - 09-04-2020

Hello, everyone,

I’m thinking about how hashcat could be used in decentralised way but I see one problem I would appreciate your advice on.

It would be fun using hashcat by paying cryptocurrency and getting the job done, but the problem is how can we be sure that other UNTRUSTED party did actually made the computing?

Only way I can think of is having some sort of proof of work in ex:
If you need to brute force WPA2 (-m 2500) in the process of brute-forcing look as well for a small value hash that you can send to other party to prove that the job has been made.

Two parties would communicate for example like this:
[*]Connection from Alice to Bob.

A: Hey, Buddy, Can you search 8 numbers on my WPA2 hash?

B: Sure, difficulty is 32 bits of zeroes, for every PoW 100 satoshis.
B: For fully cracked hash 300 sats.

A: Sure, go ahead.

[*]Sending hccapx from A --> B
[*]Sending 300 sats from A --> B

[*]Bob works on hash 8 numbers.

B: Look, i'm working on your AP! AliceAP:12341234 hash is 0000c8155f8284cd3072e44de9db6d684f85c57a5368c2722d33da532562fcd2

A: Okay, here is your extra 100 sats to keep you working.
[*]Sending 100 sats from A --> B

The micropayments could be arranged differently, but the point remains the same.

The micropayments are very small so there is no need to trust anyone, you can only robed by 300 sats which is a few cents. 
Bob is incentivized to keep the relationship with Alice to keep working and getting paid. 
There is no need to trust Bob that he is working - proof of work speaks for itself - just like in cryptocurrency.

I'm not that really familiar with WPA2 used hashes, this hash is just example.

Where this will NOT work?
With simple hashes, like sha1, md5, sha256, because other party might be precomputed hashes with zeroes and not searching for result.

Where this COULD work?
With salted or complex hashes like - salted md5, PMKID, WPA2, because other party can't precompute the results, because he discovers these hashes for the first time.

This is not perfect, but it could be first step we can start enforcing untrusted party to work and independently verify.

Hope I will introduce some discussion and waiting for the input!