gitbrute could've been handy during the last Stripe CTF, for the 2nd task.
How'd you do that?
@karan commit hashes are just sha1 hashes. Since there are no limitations on how many times you can alter the commit, you can repeatedly alter it (though you would have to automate this for it to be at all effective) until the hash begins with the text you desire. It's the same idea behind Bitcoin vanity addresses.
That's smart dude.
This is great.
Yeah, level1 in Stripe CTF3 was pretty much this. https://github.com/ctfs/write-ups/tree/master/stripe-ctf3/level1#readme
I don't know enough about how the sha sums are generated (I assume it's based on commit contents + time of commit + commit message + "voodoo magic"), but assuming that each [a-f][0-9] is distributed uniformly and has an equal chance of appearing at any position, then the odds of generating deadbeef in the first 8 characters is
1 / 16^8 = 1 / 4,294,967,296 = 0.00000000023283064365386962890625
Right? So you end up having to generate a lot of hashes in order to get deadbeef.
@coldhawaiian That's per attempt.
If you go through 1 million attempts per second, the expected time to get a match would be 72 minutes.
I just knew there would be other uses for bitcoin mining hardware....
In case anyone cared how long it takes to get deadbeef, it took me about 30 minutes on MBP.
peterdietz:gitbrute peterdietz$ time go run gitbrute.go --prefix deadbeef
[master deadbeef] Merge pull request #3 from Jubobs/master
Author: Brad Fitzpatrick <firstname.lastname@example.org>
Then, it's a pretty normal looking git hash:
peterdietz:gitbrute peterdietz$ git log
Merge: 12179d7 37350ac
Author: Brad Fitzpatrick <brad@...>
Date: Fri Oct 17 07:14:08 2014 -0700
Merge pull request #3 from Jubobs/master
correct typo in README
One of the doomsday ideas of full-collision deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, yeah, that would take a looong time, but yeah, theoretical.