Wednesday, April 12, 2017

MyriadCoin : The Untold Story of the Invincible Blockchain

One of my favorite security mechanisms built into a cryptocurrency is the concept of the Multi-Algorithm PoW.  This means separate, floating difficulties that automatically adjust to ensure that miners on all algorithms get paid out equally.

The first coin I ever saw do this was RuCoin, released back in 2011, which worked with sha256 and scrypt.  I first heard about it in 2013 at the Bitcoin conference in San Jose.  ASIC miners for Bitcoin were finally starting to ship, and there was quite a bit of discussion around whether or not Bitcoin should switch up its Proof of Work algorithm, and exactly how it should do that.  As a huge proponent of trust agility, this idea that a cryptocoin could have two PoW algorithms with independently floating difficulties really blew my mind.  To extend on that, I really liked the idea of pluggable PoW algorithms that could be added and removed from a blockchain as needed, and could be reincentivized on a schedule.

Enter the Myriad

For some reason, RuCoin never released source, and eventually RuCoin died, but in early 2014, the hero of our story arrived, and it was called MyriadCoin.

Myriad was really interesting to me because it didn't just have two PoW algorithms, it had *five*, all floating independently.  To understand why this is a massive security advancement, you first need to understand how 51% attacks are executed.

How to perform an effective 51% attack:

ASIC Coin: One of the key threat actors in this scenario is a nation state able to manufacture custom ASICs to attack a network.  Algorithms that are ASIC friendly are, by design, extremely cheap to implement in hardware.  This also means that the security of the network is 100% dependent on the production lines of ASIC manufacturers who may or may not be open to the public about their product.

GPU Coin: These coins have algorithms that are a bit more expensive to implement in hardware.  The cheapest way for an attacker to attack a GPU Coin would likely be to spin up the required number of GPUs in Amazon's EC2 environment for just long enough to perform a double spend.

CPU Coin:  These coins bring crypto currencies back to their roots, as the most efficient way to mine these coins is on a CPU.  Usually this means that they require significant amounts of memory, or memory bandwidth, that isn't generally available on GPUs.  Unfortunately, what this means is that an attacker with a large botnet would not have a lot of trouble dominating the network for short periods of time, since they often can control 10s of millions of CPUs at any given time.

How MyriadCoin defends against 51% attacks:

Here's where the magic happens.  MyriadCoin has five different proof of work algorithms that all adjust difficulty dynamically.  Two of them ASIC algorithms, two of them GPU algorithms, and one of them a CPU algorithm.

sha256/scrypt: First up, sha256 and scrypt, our favorite PoW algorithms from Bitcoin and Litecoin.  MyriadCoin can also be merge mined with Bitcoin and Litecoin, so you can use your ASICs to mine Bitcoin and Litecoin, and also get some extra MYR on the side for free.

groestl/skein: Groestl and Skein were actually both SHA3 finalists, and the SHA-3 competition required that the algorithms could be cheaply implemented in hardware.  This means that they could be mined with FPGAs, or even ASICs some day, but they are currently being mined with GPUs.

yescrypt: I take some personal pride in this one.  YesCrypt is a CPU centric hashing algorithm created by SolarDesigner, infosec legend and creator of the John The Ripper password cracking toolset.  It was created for the Password Hashing Competition and was a finalist.  It was heavily inspired by scrypt, with a lot of extra defenses against TMTO attacks.  When MyriadCoin launched, an algorithm called Qubit was sitting in this spot, but I pushed for yescrypt pretty heavily on IRC and Reddit for a long time, and it finally got included.

The important part of this is that for any feasible 51% attack, an attacker would need to pin down at least three of the five algorithms, and very few attackers are capable of such feats.  Nation states who might be able to attack ASIC algorithms, and corporations who might be able to attack GPU algorithms, typically don't have the ability to operate large botnets, and those with the ability to operate large botnets generally don't have the physical presence required to operate large GPU or ASIC mines.  Furthermore, for any attack of extended duration, any algorithms that are getting pinned down would be deprioritized during the regular difficulty adjustments, so even pinning down three algorithms would not work for long.

The Tragedy of Vertcoin

A interesting case study in this area is that of Vertcoin.  It has had not one, but two major PoW changes in its history.  The first to run from ASIC mining, and the second to curb the threat of botnet takeovers.  Vertcoin was marketed, from the beginning, as the GPU forever coin.  It launched with a modified version of the scrypt algorithm that used an N-value of 11 rather than the N-value of 10, used by Litecoin, Doge, etc.  They also had the ability to easily bump to higher N values as needed for some extra memory requirements to presumably avoid the impending ASIC apocalypse that Litecoin and family were facing.

Unfortunately, in a move that no one expected, when KnC released their Titan ASIC miner for Litecoin, they included with it hardware support for a TMTO attack (mentioned earlier when discussing yescrypt) that effectively made the Titan miner work on Scrypt coins of any N value, notably targeting Vertcoin.

At that point, Vertcoin had no choice but to fork, and switch to a Password Hashing Competition finalist, Lyra2.  This worked well, but this wasn't the end of their problems.  Lyra2 was designed to be run on CPUs, so it became so popular on Botnets that they needed to fork once again in 2015 after it became clear that a single botnet was controlling more than 50% of the mining power.

Lessons for Bitcoin

With all this AsicBoost drama, and renewed talk of PoW switching, I still think that if this ever were to happen on the Bitcoin blockchain, there would need to be a gradual transition.  Maybe at first 99% of the mining rewards would still go to the SHA256 miners, and 1% would go to MAGICHASH, the magical perfect PoW algorithm that everyone wants to switch to.  The cut received by MAGICHASH could be gradually increased, and after a year it could be 50/50 rewards, and after two years, SHA256 could be phased out completely.  Of course, if the Bitcoin community can't even agree how to scale block size, it's hard to imagine that they'll be modifying their PoW algorithm any time soon.

Tuesday, March 28, 2017

LaceNet : A set of suggested implementations of Neural Lace technology

Well, he's done it.  Elon has finally launched the venture he's calling "Neuralink".

Prerequisites:  If you have not heard of Neural Lace, you have homework:

Basically, there exists a technology such that a tiny mesh can be injected into a human brain.  Neurons are attracted to, and grow on to the mesh.  Neurons that have grown to the mesh can then be individually addressed by a wire coming out of the Brain.  As of last July, it was announced that a research group was able to do the injection without causing any harm to the test subject, and without the test subject rejecting the mesh by forming scar tissue around it, which has been a huge problem with previous iterations of Deep Brain Stimulation setups.

Disclaimer: I am a Computer Scientist who likes to get lost in Wikipedia articles.  I have no formal training in human brain anatomy, nor do I have any inside information on how Neural Lace technology functions beyond the articles mentioned above.

The LaceNet Module:

I'd like to share my vision for what I'm calling the LaceNet Module.  The LaceNet module is a small Bluetooth micro-controller, approximately the size of a dime, with an on board battery that should last a week or longer.  It will be capable of communicating with other LaceNet Modules, storing configuration data, and pairing to a cellphone, where it can be configured with a custom LaceNet App.

The LaceNet Module should be attachable via neodymium magnets to the LaceNet Base, which is a dumb analog multiplexer attached to the back of the skull.  Any number of Neural Lace meshes can be attached to the LaceNet Base.  Probably just a few at first, and then more as new utility is explored.

The theory is that LaceNet Modules can be easily detached, and the user will simply revert back to Human Brain 1.0.  The modules will also be easy to upgrade, and so long as there are standards for how the modules communicate with the base, you can even have competing companies building lighter weight, longer lasting, or more capable modules without needing any sort of intrusive surgical procedures.

The easiest way to program early versions of LaceNet modules will be with a regular smartphone, and the app.  It shouldn't necessarily need to always be connected with the phone, but if you want to schedule something like recurring stimulation montages at certain times of day, you would be able to easily control timing from the app, which would then load the schedule into the module.

The Shared Neuron Architecture:

The obvious first application of Nerual Lace technology is Deep Brain Stimulation.  The important parts of the brain are well mapped, and with this new technology, stimulation can be cleaner and more controlled than it has ever been in the past.  What I'd like to talk about instead is something I haven't heard anyone else talking about, and what I'm calling the Shared Neuron Architecture.

Imagine having a mesh implanted in your prefrontal cortex in an area commonly used for problem solving.  Now imagine that a colleague has done the same.  Now imagine that any neural stimulation recorded from the neurons on your mesh get sent to the mesh of your colleague, and vice versa.  It might take your two brains some time to adapt to the confusion, maybe even years, but once it does, problems that you are thinking about could inspire solutions from your colleague, and problems your colleague is thinking about could inspire solutions from you.  In time, this would allow the two of you to directly draw off each others experiences.

Access control would be critical for a system like this, as well as training.  These things could be managed in the LaceNet App, but ideally a recording of per user neural affinity would be stored in the module itself.  I'd imagine when you're at work you'd be more interested in sharing neurons with coworkers, and maybe at different times of the day you would prefer to share more with friends or family.

Human brain latency is relatively high.  High enough that, should you feel like it, you could share neurons across the internet, though early use cases would probably be sharing neurons module to module.  Sharing the same neurons with multiple people should also be completely possible, so long as you adjust for relative amounts of influence.

Now imagine a 5-8 graph, that is, a large, connected graph, where everyone is connected to somewhere between 5 to 8 people.  I don't think it would be feasible to share neurons with more than that many people, as it would get extremely noisy.  However, if your connections were arranged in a graph to filter out less interesting problems and relay more interesting problems, you could, in a sense, be connected to thousands, or millions, or billions of people simultaneously.  At that point the LaceNet becomes a globally distributed problem solving machine able to take advantage of the entirety of human consciousness to solve any problems it comes up with.

Training Audio Channels:

Maybe I should save this for the next blog post, but I have a number of ideas around how to solve a much more difficult problem, direct communication.  The Shared Neural Architecture is great for expressing bursts of thought in the form of analog pulses, but it's useless for any sort of detailed expression.

I feel like the most straightforward way to deal with this problem is to re-purpose the parts of the brain used for transmitting and receiving audio.  This is going to require a lot of training at first, but will enable us to communicate at high speeds with the people and machines around us, and it can all go over the same LaceNet architecture described above.

Saturday, March 11, 2017

Now you're thinking with Qubes!

So I've finally done it.  This is may be my fourth attempt to use QubesOS, and I think it's really going to stick this time.  After yet another Ubuntu boot failure due to their inability to QA day to day LUKS usage, I've spent an uncomfortable week forcing myself to adapt to all the fun little quirks that come with an ultra secure operating system, and I think I'm finally getting the hang of it.

I thought it would be fun to write up a summary of the problems I encountered in my first week of using Qubes, and how I realigned my way to thinking to come up with a workable solution.

Quick Architecture Summary:

For those of you not super familiar with QubesOS, it's essentially a desktop Linux distro that makes heavy use of the Xen hypervisor to compartmentalize the ever-loving crap out of every activity that you would normally want to do on a computer.  There exist Template VMs which contain the base operating systems, and there are App VMs which are made to contain your apps.  In your App VMs, anything you touch outside of your home directory gets wiped at reboot, so if you want to install stuff, you need to install it in your Template VMs.  Template VMs are also firewalled such that they can't touch anything on the internet except for update servers.  There are also Service VMs that manage your network and firewall configurations, but you typically don't need to touch them.

Problem #1  Decoration time!

One thing that I actually *really really* like about Qubes is that every compartmentalized VM uses colorized window decorations to give you an instant, visceral understanding of the privilege level you're in the window you're typing into.  For example, all if your work windows could be blue, and all your personal windows could be green.  The mappings of which colors go to which VMs is always configurable at any time.

I also need to figure out how I want to compartmentalize my data, which is the key feature of Qubes.  This machine is my personal desktop system at home which I use for things such as:
  1. Shitposting on reddit
  2. Browsing random onion sites
  3. Playing with interesting new crypto-currencies
  4. Playing around with weird machine learning stuff
  5. Managing random servers via SSH
  6. Downloading and serving up TV shows to my various devices
Why have I been doing this all on one machine for so many years you ask?  Shut up, that's why.  There are obviously some clear security wins to be had by breaking some of this out.  I started by making a VM called "browsing", which I colored green.  Then I made a VM called "media" which I made purple.  Then I decided to make my cryptocoin VMs yellow (It's a nice, golden yellow), and figured I'd make my SSH VM and weird code VMs all blue.  This is where all my SSH keys go.  It's nice to know that if my browser gets popped, I don't lose all my keys too.

An awesome thing about the latest release is that QubesOS 3.2 now comes by default with a VM called "anon-whonix" for Tor browsing, which is colored red.  It uses the same workstation/gateway model that Whonix uses, and it all works just beautifully out of the box.

Problem #2 Redhat Sucks!

I dunno, for one reason or another, I've never been a RedHat fan.  I know Joanna loves it, but it's just not my thing.  This has killed me in my previous attempts at running Qubes, but this time, there was a simple, one line solution.

[user@dom0 ~]$ sudo qubes-dom0-update qubes-template-debian-8

If you want something else, check out the template documentation on the qubes documentation page :  You can actually install Ubuntu, Kali, Arch, even Windows as a template VM.  Debian works find for me now though, so moving on.  Another neat thing here is that I didn't need to rebuild my browsing VM.  Since my AppVM is really just a home directory, I easily swaped the underlying template from Fedora to Ubuntu, and everything was good to go.

Problem #3 USB is hard.

The last time I tried QubesOS was the previous release, 3.1.  Back then, if you wanted to use a USB stick, it was open heart surgery time.  USB sticks had to be wired to AppVMs manually on the command line, and if you forgot to detach any USB devices, and rebooted, you'd get some crazy cascading failures that would prevent even the Service VMs from coming up.  I'm happy to say, that's all changed now in 3.2.  Now you just plug in a USB device, right click on the App VM you want to attach it to, and you're golden.  It even works nicely with my LUKS encrypted USB sticks.  I just open the file browser from the drop-down menu, and I can see my encrypted device.  When I click on it, it prompts for my LUKS passphrase in a nice, graphical, password prompt.  How handy!

Problem #4 FIghting with Plex

I use Plex as my primary media server, which led to some complications.  First of all, there isn't really a Debian version of Plex available, so I ended up just using a Fedora template.  Remember that things you install in your AppVM don't stick around on reboot.  Also, if you install Plex in your Fedora template, then any time you boot any AppVM that uses Fedora as a base, you be running a happy little plex server in your AppVM too, which is undesirable.

I ended up creating my own Template VM for Plex.  Sure, it seems a bit silly to have a Template VM in use with only one App VM, but if it's stupid, and it works, it's not stupid.

This worked pretty well, but I had another problem.  Plex likes to store all its data in /var/lib/plexmediaserver, so it gets wiped at each reboot, requiring me to reconfigure the server each time I restart the media VM.  I originally solved this by just configuring Plex in the Template VM.  One problem is that I needed internet access to set up Plex with my online account  (remember Template VMs typically only access update servers).  There's actually a button in the Firewall Configuration for the VM to allow full internet access for five minutes.

Still though, my viewing data was not being saved across reboots, so everything would need to re-thumbnail, re-encode, and show up as new.  The solution that finally hit me was simple.  From the Template VM:

cp -avr /var/lib/plexmediaserver /home/user/plexmediaserver
mv /var/lib/plexmediaserver /var/lib/plexmediaserver-bak
ln -s /home/user/plexmediaserver /var/lib/plexmediaserver

Since the plex data is now in my home directory, when I configure it from my App VM, now the data will persist.  Everything works exactly as expected now.

Problem #5 It's getting crowded in here!

I like to install my base operating systems on SSDs, but unfortunately, the SSD in this system is only a few hundred gigs.  The bitcoin blockchain alone is over 100 gigs these days, and media servers tend to fill up quick.  I've got this nice 6tb drive sitting right here too, but none of my AppVMs can access it, except one at a time.

I'll admit that I spent way too long scheming on fancy bindmount setups, or some shared filesystem situation.  I also almost broke down and re-partitioned my 6tb drive so I could share out mount points individually, but I didn't want to risk data loss.

My eventual obvious breakthrough was simlinks.  I ran this from Dom0 after shutting down all running AppVMs.

cp -avr /var/lib/qubes/appvms /mnt/6t/appvms
mv /var/lib/qubes/appvms /var/lib/qubes/appvms-bak
ln -s /mnt/6t/appvms /var/lib/qubes/appvms

I actually came up with this solution before the final step of my Plex configuration, and you'll note how similar they look, but I figured it would be weird to revisit the Plex thing later.

I also edited my crypttab and fstab to make sure the 6tb drive gets attached at boot.  After this, I was able to go into the AppVM settings for each AppVM and set the disk storage to be as large as the AppVM would need to get.  There seems to be a 1tb maximum unfortunately.  I don't know if that's a Xen limitation, or just an arbitrary value that some Qubes developer thought would be more data than anyone would need, but I do have a VM that wants 4tb, though I can make due without it for a while.

Problem #6 OMG the CIA is hacking everyone!

Conveniently, the Vault 7 Wikileaks leak happened this week.  A few clicks later, and I had my shiny new red Wikileaks AppVM.  This was pretty neat, because in the AppVM, I was able to apt-get install qbittorrent, download the torrent file in my browsing VM, send it over to the wikileaks VM, and download it there.

Once the passphrase was announced, I could dig through it, without fear of any browser exploits or PDF exploits.  Not that Wikileaks would ever release malicious files, but it felt really good to be able to dig through them in a completely isolated environment.

This is also when I got really used to how copy and paste works in Qubes.  This is actually super neat.  From my green browsing VM, I could go to twitter, pull up the wikileaks tweet with the crazy long 7zip password, and then "ctrl+c" like normal.  Now, this put the password into my "browse" copy buffer.  Then, with the browse window up front, I pressed "ctrl+shift+c" which indicated to qubes that I wanted to pass around my copy buffer to another VM.  Once I alt-tabbed over to my wikileaks VM, I pressed "ctrl-shift-v" to load the password into the copy buffer on the wikileaks VM.  Then I right clicked and said "paste" in the context menu.  This was so much slicker than how VMWare does copy and paste when it works, and much less frustrating than trying to hand type data across VMs.  It's also pretty damn secure.  A shared copy buffer across all AppVMs would be a disaster, but this method seems very precise and simple enough that after doing it a few times you start to do it without thinking.

Problem #7 Oh crap, I probably just said too much

#YOLO.  I'm a firm believer in Kerckhoffs's principle.  That is to say, knowledge of how I deploy my security should only serve to discourage any potential attackers.  Even a potential exposure on my end in the name of education is a net win for everyone.  If you understood most of what the hell I was taking about in this post, you're probabally ready to try out Qubes.

Friday, March 10, 2017

EmpirePanel : Hack with Friends!


You may be familiar with what was once called "PowerShell Empire", and is now referred to simply as "Empire".  It's the hot new post-exploitation framework with a lot of fancy features.  One major drawback, however, is that Empire lacks any real multiplayer support.  I noticed that Empire is, at its core, a Flask app, so why the hell not extend it into a fully functional web interface for collaborative hacking?


  • A nice, pretty, web interface for Empire
  • Mulitplayer support
  • Functional parity with command line version
  • Minimal invasiveness to the existing Empire code base

High Level Architecture:

EmpirePanel is based on AdminLTE, and is decorated with AngularJS.  It is implemented entirely in HTML and JavaScript except for a minor tweak to enable the new routes in the core Empire code.  All interaction with Empire is done with JavaScript via the provided Empire API.


git clone
cd EmpirePanel/setup/
cd ..
./empire --rest --username admin --password admin

Then from a browser, visit, and log in with the user/pass you set.

You should then be presented with a page looking like this:

Awesome, now lets start hacking.  First we need to create a listener.  I'm using for this listener because that's the IP for my vmware host.

Great.  Now once we have the listener, we click into it, and generate a launcher:

This launcher is the command we run on our target system.  Once we run it, we see an agent pop up.

Okay, let's click into it and see what sorts of things we can do :

Things That Work:

  • Creating and destroying listeners
  • Generating a launchers
  • Collecting agents
  • Running shell commands on agents
  • Running modules on agents

Things That Don't Work Yet:

  • Some agent commands, like rename, ps, etc
  • UI layout consistency
  • AngularJS syncing issues

Fixing Things That Don't Work:

Of course, everything is on github ( and I accept pull requests.  All of my EmpirePanel work is concentrated on two files, empire.js, and index.html in the /static/ directory.

Future Plans:

This demo is only compatible with the 1.5 version of Empire.  Hopefully the API for 2.0 will stabilize soon and I'll be able to port it over, and hopefully, one day get the code upstream.  Maybe this work will simply inspire someone who knows what they're doing to come along and do it all the right way, who knows?  I guess that's all part of the magic of Open Source.  Enjoy!

Sunday, January 15, 2017

Becoming a Multi-Galactic Species in our Lifetime

Thanks to the efforts of Elon Musk and those working with him, it is likely that we will soon become a multi-planetary species.  In this post I consider what we need to become a Multi-Galactic species within our lifetime.  First, I want to establish a few ground rules to eliminate some obvious methods to cheat our way to this goal.

1 : No Immortality 
While longevity technology will certainly advance quite significantly in the next 50 years, this isn't what I mean by "in our lifetime".

2 : No faster than light travel (It's the law!)
While we may stumble across warp drives or wormholes in the coming years, we can't count on it, so we should plan accordingly.  This includes faster than light communication.

3 : No magical energy sources
Zero Point Energy, and similar concepts of pulling energy out of the universe are neat for sci-fi, but unnecessary to achieve these goals.

I believe it is possible that the first humans to set foot in the Andromeda galaxy could very well already be alive today.

In general, the trick here is to get a spacecraft constantly accelerating at 9.8m/s^2.  Not only will this rate of acceleration be maximally comfortable to the passengers, since it would perfectly simulate the gravity of earth, but the craft would very quickly reach relativistic speeds. To passengers on this ship, a journey to Alpha Centauri (4.37 light years away) would take ~3.6 years (while 6 years would pass on earth).  It would take about 14 years to get to our new earth-like neighbor, Kepler 452-b (1400 light years away).  Finally, Andromeda, at a distance of 2.5 million light years, would take about 28 years of travel from the perspective of the passengers on board.  By the way, the travel time is nearly cut in half if the passengers are willing to get pushed at 2g.

You may notice from those travel calculators the insane amount of fuel required to make such a journey, but what if the ships didn't need to carry any fuel at all?  I think the most realistic way forward for interstellar, and ultimately intergalactic, travel is for our stars themselves to constantly beam the required energy directly to the vessels in flight.

We have already shown that we can very efficiently convert energy fired from lasers back into useful power using "reverse lasers".  Energy sent this way could be collected, directed, or reflected, and used by something like a solar sail, or maybe to charge a photon rocket.  This is along the lines of existing laser propulsion systems, such as the one that promises to send crafts to Mars in 3 days.

Of course, there are many scary pitfalls of traveling like this.  Losing contact with your power source could potentially leave you stranded, which is why it is also important to build a network of these systems on any star we can reach.  I imagine our system here at home would be a network of satellites orbiting our sun, like a Dyson Swarm that collects energy from the sun and very carefully fires it towards customers.  Presumably, before any humans are sent to other star systems, a kit of equipment would be sent ahead first, and since no humans will be aboard, they could potentially arrive much sooner, and have time to establish the communication requirements to "catch" incoming ships.  If there happen to be sufficient resources around the star, the satellites could even establish mining operations, and build more satellites to send out to nearby neighbors.  This network of colonized stars could also act as a galactic communications grid.

Interestingly, because of how drastic the relativistic effects of intergalactic travel are, by the time we get to Andromeda, every star could be completely mapped, categorized, terraformed, and ready for its new human inhabitants.

Monday, April 11, 2016

The Enslaved Oracle, and the Future of Superintelligence

The emergence of Superintelligent AI is coming, but what form will it take?  One potential avenue for this emergence that I feel is under-discussed, is that of the "Enslaved Oracle".  In this scenario, the first few Artificial General Intelligence lifeforms that are created are created in secret, and are used by their creators to gain a tactical advantage in their respective fields.

The primary appeal to this scenario is that it could be happening today.  It is very possible that researchers at Google, Goldman Sachs, or even the NSA have cracked the key barriers in general intelligence, and have successfully created and bound highly intelligent artificial lifeforms.  Presumably they would have "read-only" access to the internet, and are given the sole task of predicting future events for the benefit of their respective organizations.

Of course, this *probably* isn't happening today, but more and more companies are utilizing machine learning and predictive modeling, and you could imagine that the most successful programs would generate the most profit, which would lead to an increase in investment in predictive modeling, creating a cascading effect towards Superintelligence.

In most Superintelligence breakout scenarios, the AI ends up hacking into, and using the world's existing computing infrastructure to achieve ultimate enlightenment, but there is a key gap there between science fiction and reality.  As it turns out, specially designed neuromorphic processing hardware is many orders of magnitude more power performant than modern computing platforms for the purpose of AI simulation.  This means that with the right architecture, investing even a few million dollars in a neuromorphic computing platform, you could outperform the combined power of every computer on the planet.  This leads me to believe that early superintellegent AI are likely to be centralized, and will not easily migrate away from the cyber primordial soup that they were birthed in.

Democratizing Superintelligence

Is the Enslaved Oracle Scenario an unequivocally "bad thing" for the future of humanity?  I'm not too worried.  For some reason I have this faith that even an oligarchy of Superintelligent AI controlling humanity through corporate puppetry will still have a level of benevolence above and beyond what we are seeing from our existing human leadership.  That said, I am not a huge fan of technological disparity, so I've also thought through several scenarios where the emergence of such technologies occurs more in a more populist way.

As an avid follower of all things crypto, two new technologies that I'm a huge fan of are the Ethereum computing platform, which offers decentralized and cryptographically verified "smart contracts", and Augur, built on Ethereum, which is a decentralized prediction market.

How do these technologies play into the future of superintelligence?  Well, I think that there's a very good chance that these technologies, or others like it, could be the key to monetizing the hobbyist neuromorphic processor market.  Much the same way that custom ASIC companies exploded selling customized ASICs for Bitcoin mining, it's very possible that in the near future, eager crypto miners will be running neuromorphic mining rigs in an attempt to win big on these emerging prediction markets.

Imagine asking a question, in the form of publishing a contract to a prediction market.  You could ask what the weather would be like next week, which real estate investment would be more profitable in 10 years, what protein structures would be best for fighting some new disease outbreak, and you would instantly have a world full of intelligent machinery working on your problems.  The great thing at this point is that even if large corporations had developed "Enslaved Oracles", it would be to their benefit to participate in this global "Super Oracle".  Hardware companies sell more hardware.  Software companies sell better predictive algorithms, and the world's neuromorphic computing infrastructure runs hot, guiding humanity through our next stages of existence.

Tuesday, August 25, 2015

What I learned from cracking 4000 Ashley Madison passwords

The Plan

When the Ashley Madison database first got dumped, there was an interesting contingent of researchers talking about how pointless it would be to crack the passwords, since Ashley Madison was using salted bcrypt with a cost of 12.  I thought it might be a fun experiment to run the hashes on a cracking rig of mine to see what I could actually get out of it.

The Rig

My cracking rig is your typical milk carton style setup, as seen on Silicon Valley.

It was originally purchased a couple years ago as a cryptocoin mining rig for about $1500 in bitcoins.  Pretty much just a stack of four ATI R9 290s running PIMP (  PIMP is a Debian based USB boot environment designed for plug and play cryptocoin mining.  I find it super convenient to use because it deals with all the GPU driver BS, and by default gives you the most optimized setup for whatever cards you're using.  To give it the magical cracking powers, I dropped the most recent oclHashcat in there as well.

The Procedure

So, the data showed up in the form of a mysqldump.

gunzip member_login.dump.gz
tr , '\n' < member_login.dump > tmp.txt # switching commas for newlines
grep "\$2a" tmp.txt > tmp2.txt # grepping out hashes
tr -d "\'" < tmp2.txt > am.txt # removing single quotes

Holy cow, this thing has 36 *million* hashes in it.  The leak was still pretty new at the time, so I hadn't realized how many accounts were actually in the dump, but just the file of hashes themselves was 2.1 gigs.  I moved the file over to the cracking rig and ..

oclHashcat v1.36 starting...
Counting lines in am.txt
ERROR: Insufficient memory available

Huh.  Well that sucks.  I use head to grab the first million lines, and the thing fires up just great.  This is my first time seeing the real benchmarks for the crack, and it looks something like this:

Speed.GPU.#1...: 39 H/s
Speed.GPU.#2...: 39 H/s
Speed.GPU.#3...: 39 H/s
Speed.GPU.#4...: 39 H/s
Speed.GPU.#*...: 156 H/s

Yes, that's right, 156 hashes per second.  To someone who's used to cracking md5 passwords, this looks pretty disappointing, but it's bcrypt, so I'll take what I can get.  I start seeing how many hashes I can do at a time.  I double to 2 million hashes, then 4, and finally I see the Insufficient Memory error again when I hit 8 million hashes.  I drop it down to 6 million, and that seems to work just fine.  So my final list of hashes to crack is the first 6 million hashes from the database dump.

My final command looks like this:

./oclHashcat32.bin -m3200 -a0 am2.txt rockyou.txt --force --weak-hash-threshold 0
This is just a super basic -a0 attack using the famous rockyou.txt wordlist.  I also set a script to take a snapshot how how many passwords I had cracked every 10 minutes.

And now.. we wait..

The Data

So, after five days and three hours, I hit 4000 passwords, which I figured was a good time to stop.  I pulled the 10 minute snapshots together, and as it turns out, this is what the final graph of cracks over time looked like:

Now, of course what immediately jumped out at me was how insanely linear this is.  It comes to about 32.6 cracked passwords discovered per hour.  I had expected the curve to shoot up and level off over time as passwords became more rare.  This could be because I was still in the "dumb password" phase, but it's hard to tell.  It may not look like it at first, but there are 741 data points in this graph.

Some interesting numbers, of the 4007 cracked passwords in the final list, only 1191 of them were unique.  Dropping the list of cracked passwords into, we get a nice list of the most popular passwords cracked so far.  Here's the top 20 for your amusement:

123456 202
password 105
12345 99
qwerty 32
12345678 31
ashley 28
baseball 27
abc123 27
696969 23
111111 21
football 20
fuckyou 20
madison 20
asshole 19
superman 19
fuckme 19
hockey 19
123456789 19
hunter 18
harley 18

So, maybe these passwords were all throwaways.  It may also be infeasible to crack any given bcrypt password, but given enough users, it doesn't matter if passwords are bcrypted and salted, a ton of passwords are eventually going to pop out.

This is the goodbye message I got when I stopped the crack.

Session.Name...: oclHashcat
Status.........: Aborted
Input.Mode.....: File (rockyou.txt)
Hash.Target....: File (am2.txt)
Hash.Type......: bcrypt, Blowfish(OpenBSD)
Time.Started...: Thu Aug 20 11:40:32 2015 (5 days, 3 hours)
Time.Estimated.: 0 secs
Speed.GPU.#1...: 39 H/s
Speed.GPU.#2...: 39 H/s
Speed.GPU.#3...: 39 H/s
Speed.GPU.#4...: 39 H/s
Speed.GPU.#*...: 156 H/s
Recovered......: 4007/6000000 (0.07%) Digests, 4007/6000000 (0.07%) Salts
Progress.......: 60396544/86002302412928 (0.00%)
Rejected.......: 0/60396544 (0.00%)
Restore.Point..: 0/14343296 (0.00%)

As you can see, the crack still had quite a ways to go when I aborted it.

All my data from this study can be found here:

am-checkpoints.txt : log of passwords cracked every 10 minutes
am-freq.txt : frequency count of cracked passwords
am-pass.txt : final list of cracked passwords
am-sorted.txt : list of passwords, sorted alphabetically
am.pot : oclHashcat potfile generated by the crack

thanks everyone!  you can follow me on the tweeters @deanpierce


/u/rallias has pointed out that uniq -c will do a frequency count, and I'm dumb for using a website :-)