Members Online
Total Online: 41 Web Spiders: 18
Guests Online: 38
Members Online: 3
Registered Members: 70190 Newest Member: CrOnUs
|
View Thread
| Author |
RE: javascript 16 |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: God |
|
|
s33us00n wrote:
Somebody told me that the words have the same length(4 letters) and the number has 4 digits....
The number probably makes sense as well ^^
http://uber0n.webs.com/ |
  
|
| Author |
RE: javascript 16 |
Bejker
Member
Posts: 7
Location: Srbija - Serbia
Joined: 08.03.07
Rank: HBH Guru |
|
Prime Numbers...are easier way.
Brute Force is good option if you were planing to live ten thousand years...
(JS16) 
Great!  Now i just need 743 posts to solve the challenge...(That's not going to happen  )
(Other 16)
Edited by Bejker on 09-10-08 00:24 |
|
|
| Author |
RE: javascript 16 |
s33us00n
Member
Posts: 19
Location: Bucharest
Joined: 05.04.08
Rank: Uber Elite |
|
I finally solved it. I have to say that it was useful and i learned many things from it, even if it wasn't fair with those false positives. |
|
| Author |
RE: javascript 16 |
kennyboy93
Member
Posts: 2
Location:
Joined: 29.12.07
Rank: HBH Guru |
|
The password can be a random jumble of letters.
Also, the first letter doesn't matter, since addition to 'sum' from it is multiplied by i, which is zero for the first letter.
I solved it with a recursive brute-force thingy in C, which ran and gave me an answer in the blink of an eye. I was able to generate 500000 valid passwords (which work) in under half a minute.
If anyone doesn't believe me, just PM me.
-ken |
|
|
| Author |
RE: javascript 16 |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
The challenge was changed a week or two ago. The first version only accepted one answer, not all of them. The answer it accepted was in a wordnumberword format. Hence the confusion.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: javascript 16 |
kennyboy93
Member
Posts: 2
Location:
Joined: 29.12.07
Rank: HBH Guru |
|
*bashes head on table*
Sorry about that.
While I'm here, I'll just point out that symbols also give false positives. [If someone has already mentioned this, disregard me].
-ken
Edited by kennyboy93 on 24-01-09 14:11 |
|
|
| Author |
RE: javascript 16 |
sashquatch
Member
Posts: 1
Location: Singaara Chennai
Joined: 03.09.09
Rank: Moderate |
|
am not studyin anythin for my semesters coz of this friggin challenge!!!
been doodling algorithms for 4 hrs on the trot now... damn this thing!!!
I heard Microsoft is coming up with a vacuum cleaner. I guess now we will finally have an Microsoft product that wont suck :-D |
|
|
| Author |
RE: javascript 16 |
Slim420
Member
Posts: 5
Location:
Joined: 20.01.10
Rank: Wiseman |
|
Well so far I've seen multiple posts in this thread that say its "numberWORDnumber" and a few that say its "wordNUMBERword", also that there are two words of the same length, that would make the "numberWORDnumber" format not possible.
I plan on trying a completely different approach than trying to bruteforce the checksum.
I just wanted to point out that the people coming to this thread for help are jsut gonna leave more confused than they were before reading it.
On that note, I think its a great challenge. I wouldnt want the last challenge in the category to be very easy (because then where is the challenge?). I know I used the same method for js challenges like 9-14 and was hoping they get a little harder (as they did).
*EDIT*
I recently started looking at other js 16 thread and saw that system_meltdown has stated:
Password format: wordNUMBERword.
So that should make this sooo much easier.
Edited by Slim420 on 22-01-10 16:12 |
|
|
| Author |
RE: javascript 16 |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
although the original password was in the stated format, the php scblockedript to check the answer was updated to accept any password that will pass with the same checksum, as it was considered too hard due to large number of collisions (im almost certain that's not how you spell that)
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: javascript 16 |
HawQmaster
Member
Posts: 3
Location:
Joined: 23.01.10
Rank: Newbie |
|
Hi all!
A coworker just pointed me to this challenge. It was really fun to take. Thanks a lot!
I think it was a really good idea to change the task so that every password matching the checksum is accepted. It makes the challenge both more fun (because, IMHO, math and optimization are more fun than dictionary attacks) and more realistic (because real-world servers should only store hashed passwords anyway, so there is no point in having "one true" password in this challenge).
Some of the problems that people had with "false positives" before the change could have been avoided, though. For example, hts007 pointed out in one thread that he had lots of false positives with 9 characters. In that case, his generator cannot be correct, since there are no solutions with 9 characters, not even false positives.
Some people mentioned earlier that the password must have exactly 12 characters for mathematical reasons. This is not completely true. If you also allow passwords that contain spaces, the password can have either 12 or 18 characters. I know that there was a "no spaces" hint given, but that was before the change. After the change, passwords with spaces can be just as valid.
If you make some reasonable restrictions about the use of spaces to mimic human passphrase choices (namely no spaces at the beginning or at the end of the string, only one space beween every pair of "words"), the total count of correct solutions with 18 characters shrinks to an amyzingly small number: only 43206 combinations of 17 characters (the first character is ignored by the algorithm and can thus be anything) match the checksum. With 12 characters, however, the number is still far greater.
Regarding only passwords without spaces, I have written a mathematically optimized generator (using C) that produces approximately 100,000 _correct_ solutions per second on my desktop PC (faster than my console can scroll). If anyone of you can do better, let me know :-). I randomly picked one of these solutions to complete the challenge. When I tried another one, a got a "wrong password" page (i.e. the Javascblockedript decided that the solution was correct, but the server didn't). I assume that this is only because I am not allowed to take the same challenge twice, which is a pity. Perhaps someone could at least implement an error message that is less misleading.
BTW: I found it a bit of a pain that I had to complete some more challenges just to be able to post here, because I was only interested in this particular challenge. OTOH, as a professional numericist, I shouldn't be doing these things anyway ;-)
Anyway, it was a nice challenge.
Have fun, and greetings from Germany,
H.
|
|
|
| Author |
RE: javascript 16 |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
I am pretty sure I used password with less then 12 characters, although I'm not certain because it's been a while since I completed this mission and the code for bruteforcing is gone. I do have one simple reason to think this though, I was linear bruteforcing(in perl, and by that time the code was lacking any optimisation what so ever, so it was pretty slow), starting on 8 character long passwords, and I was able to produce valid password within a day. And there is no way in hell it would be possible for my scblockedript to compare that many combinations... Otherwise I liked your post.
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: javascript 16 |
HawQmaster
Member
Posts: 3
Location:
Joined: 23.01.10
Rank: Newbie |
|
Hi clone4,
I am pretty sure I used password with less then 12 characters
It is pretty easy to show that all solutions have no less than 12 characters, and all solutions without spaces have no more than 12 characters (making 12 characters the only choice for passwords without spaces).
To calculate the checksum, every part of the sum is multiplied by the number of characters. This means that the password length must be a divisor of the whole sum (minus one, because it starts with 1 instead of 0). Therefore, the password length must be a divisor of 88692588.
The prime factors of 88692588 are: 2, 2, 3, 3, 2463683. Since we can obviously exclude passwords that are several megabytes large, we have only the factors 2, 2, 3, 3 left. The only numbers that can be built with these factors are 2, 3, 4, 6, 9, 12, 18, 36. Therefore the length of the password must be one of these eight numbers. All others in between (5, 7, 8, 10, 11, 13...) can be completely ignored, because they cannot provide a solution.
Now check the possible numbers around the magic 12, namely 9 and 18. If you take only 9 characters, the highest possible checksum that you can achieve (by choosing the password "@@@@@@@@@") is still smaller than the required sum. Thus, all password with 9 or less characters are too small. If you take 18 characters, the smallest checksum that you can achieve without spaces (by choosing the password "aaaaaaaaaaaaaaaaaa") is already too large. This leaves us with the only valid number between 9 and 18: All solutions without spaces have exactly 12 characters.
in perl, and by that time the code was lacking any optimisation what so ever, so it was pretty slow
I'm sure that you're aware of this, so just as a hint to everyone else: Choosing a faster language (say, C instead of PHP) and "tactical" optimizations (like clever memory management) can perhaps speed up your program by a factor of 10, or even 100. But choosing the right algorithm can easily yield a factor of 1000000. My generator's speed comes not from calculating a bazillion checksums per second, but from avoiding to calculate these.
|
|
|
| Author |
RE: javascript 16 |
NeoInDark
Member
Posts: 20
Location:
Joined: 11.01.10
Rank: God |
|
1. "The password actually MAKES SENSE. It's not just random." : system_meltdown
2. "12~18 chars."
3. "wordNUMBERword"
Reading these hints, i coded my cpp in 10 min, then found password in 51 seconds !
Edited by NeoInDark on 27-01-10 23:41 |
|
|
| Author |
RE: javascript 16 |
HawQmaster
Member
Posts: 3
Location:
Joined: 23.01.10
Rank: Newbie |
|
Hi NeoInDark,
1. "The password actually MAKES SENSE. It's not just random." : system_meltdown
[...]
3. "wordNUMBERword"
These two hints are no longer valid, since the rules for this challenge were changed (around the beginning of 2009, as pointed out earlier in this thread). There are countless valid solutions now, and most of these actually neither make sense nor conform to the named format.
2. "12~18 chars."
This hint stays true, because it follows mathematically from the generation of the checksum (see posts above), which was not changed. The range "12~18", however, is a somewhat misleading way to put it. To be more specific, the length of any solution is either 12 or 18 characters, not something in between. Most solutions have 12 characters. Some have 18 characters (but only if you include spaces). But there can be no solutions with 13, 14, 15, 16 or 17 characters.
Reading these hints, i coded my cpp in 10 min, then found password in 51 seconds !
Under the old version of this challenge, this would be quite an accomplishment. With the new rules, however, 51 seconds for one solution is pretty slow (compare my numbers above).
It can of course be fun to solve this challenge as if the rules didn't change, because the old version was harder and one can learn a lot about dictionary attacks when doing so. The problem is that the results of such a game can no longer be tested, because the old validator is no longer around. Noone can check if a proposed solution is "the one" that was originally intended by the old version of this challenge. Today there are numerous different passwords that conform to the wordNUMBERword format and make sense and are accepted as correct by the challenge. How would one know if he had really found "the" password?
Since this is no longer possible, there is simply no point in regarding hints 1 and 3 at all. They no longer apply.
That said, I really think that the new rules for this challenge are better. They are easier, but I guess that this challenge is still hard for a lot of people. You don't get to learn as much about dictionaries, but if you try to write a generator that is as fast as possible (as I did), you can still learn a lot. For examble about the effectiveness of "cutting trees" when implementing a tree search over an exponentially large space (implementers of chess programs can also tell a tale about that). Or about the golden rule: Don't invent your own hash function or encryption when you want something to be secure. These (especially the last one) are lessons that could not be learnt from the old version of this challenge. |
|
|
| Author |
RE: javascript 16 |
NeoInDark
Member
Posts: 20
Location:
Joined: 11.01.10
Rank: God |
|
Hi HawQmaster,
Thnx for ur points about solution,
but i was trying to pass the challenge by one acceptable password.
btw, i agree with u, we can solve it better and nice
|
|
|
| Author |
RE: javascript 16 |
zero_ryuki
Member
Posts: 6
Location:
Joined: 02.02.07
Rank: God |
|
|
i did it with 'try and error the sum' then just find the right answer |
|
|
| Author |
RE: javascript 16 |
goluhaque
Member
Posts: 194
Location: India
Joined: 17.02.10
Rank: Hacker Level 1
Warn Level: 30
|
|
I coded my program, and got a _lot_ of positives/collisions ....and the surprise? None worked.
That applause I receive from y'all on posting this post would have gotten me drunk on power if I hadn't already been high on life. |
|
|
| Author |
RE: javascript 16 |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
goluhaque wrote:
I coded my program, and got a _lot_ of positives/collisions ....and the surprise? None worked.
Then your program isn't calculating correctly.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: javascript 16 |
goluhaque
Member
Posts: 194
Location: India
Joined: 17.02.10
Rank: Hacker Level 1
Warn Level: 30
|
|
spyware wrote:
goluhaque wrote:
I coded my program, and got a _lot_ of positives/collisions ....and the surprise? None worked.
Then your program isn't calculating correctly.
It did. I checked the checksum and edited the scblockedript a little bit to make it alert something(like true) if the value of the password==checksum.
That applause I receive from y'all on posting this post would have gotten me drunk on power if I hadn't already been high on life. |
|
|
|
|
|
Main:
