Beat The Hash

April 1st, 2013. xkcd released a comic called Externalities. This was one of the gimmicky comics I love so much. The comic changed as different external influences changed such as whatever the Nth word on a Wikipedia page was, how much had been donated to the Wikimedia foundation, or what school was winning a rather unique hashing competition. This project is focused on that hashing competition.

The original rules were simple. There was a 1024 bit hash output posted online in hex. It was computed using Skein-1024 v1.3. The super simple site had a field to input a .edu domain, another field for your input value, a submit button, and just a line or two about the rules. You’d put in a valid school domain and any value you wanted to enter. The value was hashed and compared to the posted output. Your score was the Hamming Distance between the two. That’s how many bits are different between the two outputs. The lower that number, the better your score. If you provided an input lower than that school’s score then the score was updated on the CSV leader board page. For about a week schools shot up and down the leader board beating each other out a little at a time. Carnegie Mellon won. I believe their score was something in the high 300s. Now the competition is over and the sub-domain (almamater.xkcd.com) 404s as if it never existed.

I loved the challenge. I’d never written a miner before so progress was slow but I got my school of choice down to the low 400s. It was a real hands on learning experience for me. In a day or two I had a decent C# CPU miner burning through billions of hashes over the next couple of days.  There was no guidance as to what kind of input was used to generate the target output so I incremented a number and turned it into a Base64 string to hash. I figured that would meet my needs. The input on the site only allowed strings so I didn’t attempt hashing raw binary data.

Fast Forward to June 2015. Occasionally throughout the 2 years since it closed the hash competition would pop back into my mind. That month I decided to make it a reality. I hunted around online and found the original hash that was posted for the original competition. I bought the domain BeatTheHash.com and then… nothing. I sat on the domain, at least until September when I finally pushed myself to recreate the original competition. I have so many ideas of what I want to add to it, but for now I just need something out there. If you go there now you’ll find a dull, unprofessional looking page. You could call it laziness but I call it a homage to the original. Both excuses are equally true I guess.

You can put in any username you want (note that I do sanitize it before we have a Little Bobby Tables disaster) and any string you want to be hashed and scored. Don’t worry, I don’t manipulate your inputs at all before hashing them. You’re scored against the original hash and the results page is updated if need be. Only your best (lowest) score is saved.

I want this project, both as it is now as it it will be when I expand on the concept, to insight people to learn more about cryptography. It’s an easy stepping stone to find a Skein library and create a for loop spitting out thousands of hashes. I think a competitive spirit and a natural drive to learn will push people to do more. For loops are a start, but what about the other cores of your processor? How can you be efficient to increase your hashes per second just that little bit more? There are open source miners for other hashing algorithms, how do they work? You’ve probably heard most crypto currency miners use GPUs… How can you do that? What if the algorithm could be improved, tweaked, or optimized for performance so you can edge out the other users on the site? A little at a time, and perhaps with the help of the community, I want people to realize that cryptography isn’t impossibly difficult. After all, this “game” is just a preimage attack that’s scored and ranked.

I hope you all enjoy and play around with the site. I’m attempting to be social so please follow me at @BeatTheHash on twitter. I’m thinking about setting up a forum, IRC, or some other community for users to interact and talk shop about their approach to the game.