

Hack this for 20 BTC - scranglis
https://keybase.io/warp/
Updated link: https:&#x2F;&#x2F;keybase.io&#x2F;warp
======
tobyjsullivan
I don't think it's down. It's responding with a 403 FORBIDDEN. I think that's
the challenge.

Edit: I was so wrong. Just a bad URL:
[https://keybase.io/warp](https://keybase.io/warp)

~~~
maxtaco
Sorry, it's been fixed on the posted URL too.

------
bl4kd3th
[https://keybase.io/warp](https://keybase.io/warp)

without the slash. The challenges are down the middle. 20BTC challenge at the
bottom.

------
projectmeshnet
[https://keybase.io/warp](https://keybase.io/warp) works for me.

------
malgorithms
Hi everyone - just a quick update. (1) the URL is broken because the poster
put it wrong (there shouldn't be a slash), not because the site is down. And
(2) the github repository linked to is now public, not private. Enjoy the
challenge. The first should fall fast.

~~~
aidos
I don't have time to really look at this at the moment (which is a shame
because I love these sorts of puzzles). It looks as though it's pretty much a
challenge in brute forcing though. I don't know anything about the algorithms
used for the key generation but I'm assuming they're already very battle
tested (though not infallible) and an amateur, like myself, isn't going to be
able to find any sort of kink in the armour.

Maybe I'm going mad but it seems that Challenge 4 is one of the easier ones -
there are only about 3000 keys to generate in that case. The final challenge
is obviously leagues above that with 128,063,081,718,016 combinations (by my
reckoning - I may have miscalculated).

Either way, great marketing hack :)

------
rex_gsd
I found a bug, when you generate a wallet you can press the clear and reset
button and the generate button remains enabled. This allows the user to
generate a wallet using an empty string.

This is using Chrome 31.0.1650.57 m

All tips greatly received : 1Li2Dq9L49mJmCYcEh4n2eSQ9B6eWKCgBv

------
wernerb
Busy with challenge #3, which seems a lot harder than challenge #4.. The
amount of username combinations are larger, and there is no specification as
to if they only mean "submitters" or also commentators. Also there are no
username lists available for reddit so you have to parse it from reddit
manually... Again, the rewards seem a bit skewed from the supplied text file
challenge #3 got.

For example, did the OP consider that reddit posts can dissapear? Therre is a
max amount of pages you can go through at /r/Bitcoin/ Or did they mean from
the top posts? Again, hard puzzle.

------
kens
Am I confused, or did a submission of a broken link get 14 upvotes and a
position on the HN front page? Why are people upvoting a broken link?

Edit: it looks like the article just received a heavy scoring penalty and is
now on page 3.

~~~
malgorithms
This is a good question: I posted the correct link 2 hours ago. It would be
nice if everyone moved over there...
[https://news.ycombinator.com/item?id=6764619](https://news.ycombinator.com/item?id=6764619)

------
maaku
If you are interested in earning some bitcoin, there is currently a 25BTC
bounty to solve a mysterious leveldb corruption issue on Mac OS X. Inquire the
devs on #bitcoin-dev on Freenode for more information.

------
scranglis
Sorry, bad link, but I can't edit my original post:
[https://keybase.io/warp](https://keybase.io/warp)

------
Sambdala
Brute forced the 1 BTC award.

The HN user was 'petercooper'.

~~~
aristidesfl
Did you use the site generator or did you implement in another language?

~~~
Sambdala
Using the console:

I wrote a wrapper function around the site generator that took a callback so
the next string to test would be called recursively. If a public key matched
the public key I was aiming for, I dumped the response to the console,
otherwise I just called the wrapper function again.

Then I wrote a function that iterated over a list of strings and output an
array with all the possible permutations.

Then I just fed an array of the userids of the top 20 users into that function
and fed that function into my wrapper.

I opened 5 browser windows and fed each of them 20 userids to take advantage
of multiple cores, but I'm not entirely sure that makes sense to do.

------
Artemis2
It seems that's already done.

------
pearjuice
>This passphrase is the username of someone in the Hacker News top 100 karma
list as of November 19, 2013. However, we dropped 2 characters from his or her
username.

That is definitely an empty string. _hint_ pg _hint_

~~~
allstruck
I tried an empty string with no luck (had to enable the form button first).

EDIT: Not sure what you meant anyway, I don't see a pg on the top 100 list...

------
MichaelGG
"And (2) you can "salt" your passphrase with your email address"

Uh, can't you do that anyways? Just... add your email to your passphrase?

~~~
malgorithms
Yes, of course. But structuring it this way encourages users who wouldn't have
otherwise done it to do so. We were prompted to build this feature because of
how much money has gone through brainwallet with poor passphrases.

------
alexkus
It may not be hacked. It may just be returning 403 for everyone anyway.

------
chid
The linked github is broken. They haven't uploaded the source.

~~~
malgorithms
fixed, thanks for the reminder!

~~~
chid
Thanks, it's up now.

------
iancarroll
It's down. Someone exploited it or just attacked it for fun.

------
Shalle
Is it possible to contact u at freenode or something?

------
maxtaco
Was out to dinner. Fixed it, sorry for the 403.

------
mushrew
for scrypt, does r = 1 and p = 8, or are those values swapped in the
pseudocode?

~~~
maxtaco
Thanks for pointing that out, it's bug in the pseudocode, but it's right here
in the params file
([https://github.com/keybase/warpwallet/blob/master/src/json/p...](https://github.com/keybase/warpwallet/blob/master/src/json/params.json)).
I'll fix it now.

------
TheSisb2
Server mishap or DDoS?

------
Siecje
Where do you login?

