Guessing game

Chris Vogel · Post by **Chris Vogel** » Wed Jun 25, 2008 10:12 pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

How am I feeling at this exact moment?

Answer in MD5 checksum: ef97b40b2245d3690c745cd6e8c663db
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIYvf/YKLKXJTvB1MRAjNWAJ4sp4lduajrcdZMtfwdnG06KEJzPwCcDRNZ
VeyPsqqeth8jGZzAld6O5Q4=
=QM+7
-----END PGP SIGNATURE-----

Observations:<ul><li>I’ve given the MD5 checksum of my answer, meaning I’ve set the answer in stone without actually giving you the answer. (If someone I didn’t like guessed the right answer, I couldn’t just change the answer.)</li><li>I can’t change the checksum either, because the “This post has been edited by Chris Vogel” thing would show.</li><li>Administrators could edit my checksum without anyone knowing, but that would invalidate my OpenPGP signature.</li></ul>
Flaws:<ul><li>I could give the administrators a different signed message and bribe them to secretly replace it. Alternatively, I could hack into an administrator account. (Administrators can optionally edit messages without the little “edited by” message.)</li><li>The administrators could get their hands on my private key and crack the passphrase, letting them sign a new checksum with my key.</li><li>The administrators could sign their own message and replace it with mine, fooling anyone who validates the signature (or just assumes it’s valid) without actually checking to see who owns the key.</li><li>The administrators could change the key information I have listed in the post signature to match theirs. They could also hack into my Web site and change the key information there, as well as my phone number, address, etc. This would fool people who actually did try to make sure the OpenPGP key belonged to me.</li><li>Obvious words, e.g., the English words for different moods, are probably in an MD5 hash database.</li></ul>
I’d like to turn this into a discussion of security instead of my mood, hence this topic’s location. If one wants to play such a guessing game over the Internet, what’s the best way to carry it out?

Archived topic from Anythingforums, old topic ID:3601, old post ID:66231

fragged one · Post by **fragged one** » Tue Jul 08, 2008 12:03 am

Archived topic from Anythingforums, old topic ID:3601, old post ID:66331

Red Squirrel · Post by **Red Squirrel** » Tue Jul 08, 2008 4:42 pm

I through that hash in my cracking program and it came out with "ok.". I win?

Archived topic from Anythingforums, old topic ID:3601, old post ID:66342

Chris Vogel · Post by **Chris Vogel** » Tue Jul 08, 2008 7:28 pm

Red Squirrel wrote: I through that hash in my cracking program and it came out with "ok.". I win?

Err, no.

Archived topic from Anythingforums, old topic ID:3601, old post ID:66346

Red Squirrel · Post by **Red Squirrel** » Tue Jul 08, 2008 7:31 pm

oh wait, I used the wrong algorthm.

The answer is 42!

Archived topic from Anythingforums, old topic ID:3601, old post ID:66347

flowergirlajg · Post by **flowergirlajg** » Sun Jul 20, 2008 1:50 am

AHHHH!

Archived topic from Anythingforums, old topic ID:3601, old post ID:66416