dapp / digital currency for password cracking
#1
The hash rates of major crytocoin networks seem staggering (e.g. estimated 120,000,000 TH/s in bitcoin network https://www.blockchain.com/en/charts/hash-rate), even when compared to state of the art cracking systems (e.g. https://terahash.com).

What would it take to create a distributed app (e.g. https://www.dapp.com/) which can leverage various blockchain networks (e.g. based on how closely miner optimized hash matches target hash)? It seems like this could be useful for bruting junk passwords.

From an software architecture standpoint, what would be the biggest challenges or top reasons this is a stupid idea?

Perhaps a new coin (catcoin?) could be created to pay for proof of cracking work.

I am grateful for any insights more informed folks can share.

- Cheers
Reply
#2
https://security.stackexchange.com/quest...munication
~
Reply
#3
No.

I'm sure you'll get all the reasonable answers about how ASICs work and why they wouldn't work for cracking passwords/hashes in the same way, even if you could make them fast. I'm going to go a slightly different route here and discuss the blockchain/cryptocurrency aspect of this, though only briefly, since most people just assume you know better than to suggest it instead of explain why it doesn't make sense.

There are so many reasons this wouldn't work or even couldn't work that it's difficult to actually pick the largest/most important. Probably the most major is that you can't prove a hash didn't crack but that you did do the work to test it. You also can't crack some hashes, they are simply impossible. Couple those together and you have no way to prove that a miner did anything at all unless they produce verifiable cracks, which the second point very clearly says won't happen every time. Thus, miners could spend forever and be rewarded nothing, forever. Pooling resources and producing a shared payout is also not really possible to verify, since the first point still applies, and a miner could do nothing and just report " not found ". Blockchains only work in specific cases, and they really only do ~1 thing and that's keep data from changing, based on distributed consensus. They don't serve any other purpose, they don't work the way apparently 99% of people think or assume they do, and they are not a magically trustless money printing way to get people to contribute computing power to a distributed computational project. If they were a good idea and contributed meaningfully to distributed computing, BOINC/Folding@home and Gridcoin would be doing much better than they are. Reality sets in a little faster when your computations have actual weight or are supposed to produce real results.
Reply
#4
Thank you both for taking the time to reply. It really helped me understand some areas where there were huge gaps in my understanding in general.

Some of the details of what I understand about your post are as follows. Did I get this right?

A significant portion of the hashing power of cryptocurrency networks involve specialized ASICs used to perform specialized algorithms that are not relevant to password cracking. It may be possible to distribute cracking work for miners that run generalized hardware such as GPU or re-programmable FPGAs, but there are several other challenges that would have to be addressed first.

Its hard to write smart contracts for cracking when we do not know how to prove that a miner expended effort cracking a hash for which the plaintext was not recovered.

Decentralized computing is a subset of distributed computing and may not be a prudent approach to distributing workloads such as password cracking.

From other forum posts I understand Brain and Hashtopolis can be useful wrappers / features for distributing cracking jobs across multiple nodes.
Reply
#5
Correct, the major problem with distributing a workload where you may not find an answer and can not prove you did the work is something i would like to refer to as "Node Trust". Miners or "Nodes" must be either trusted, in say a HTP cluster where you control them and can reasonably assure they are doing the work properly and not cheating or having problems. Or Nodes must be able to perform the task in a "trustless" arrangement. With currencies like bitcoin, you are not rewarded for work that does not produce a valid result. This setup involves no trust that you did the work, and rewards only those who produce a result, based entirely on chance and only augmented by how much work you can do in a given amount of time. If applied to hash cracking, since it's not as much a probability and more reliant on the attacks involved, you could not _really_ produce a trustless working setup that rewarded users fairly for their work involved. The only option would be rewarding only for cracks. And while this _does_ work a little, more experienced crackers with better attacks and/or more hardware, would be able to collect the rewards, with little to no chance of a less experienced cracker or someone with less power of ever getting a reward. This inequality effectively ruins the concept since its inherently not fair and there's not really a way to make it fair. Random chance/probability like with bitcoin is _fair_ in that anyone, with any amount of power could produce a valid block, but those with more power tilt the probability in their favor.
Reply