tAdd website page to the project for completeness - hashcrush - Compute Argon2id hashes
(HTM) git clone git://git.z3bra.org/hashcrush.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit 5f1044baaf25dfa2433ae40e58ccc14c0f7fd1b6
(DIR) parent a3cb200ef47fa85fb0c04c9b0b49395d6f424ed6
(HTM) Author: Willy Goiffon <contact@z3bra.org>
Date: Fri, 18 Aug 2023 12:14:29 +0200
Add website page to the project for completeness
Diffstat:
A goal.html | 130 +++++++++++++++++++++++++++++++
1 file changed, 130 insertions(+), 0 deletions(-)
---
(DIR) diff --git a/goal.html b/goal.html
t@@ -0,0 +1,130 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <meta name="author" content="z3bra">
+ <meta name="viewport" content="width=device-width">
+ <link rel="icon" type="image/gif" href="miner.gif" />
+ <title>🎉 Hashing Party</title>
+ <style type="text/css"><!--
+ body { max-width:540px;margin:auto;padding:1em;}
+ h1, h2, pre#list {text-align:center;}
+ details, p {margin:1em auto;text-align:left;}
+ pre {overflow:scroll;}
+ #progress {width:80%;margin:auto;background-color:lightgrey;}
+ #bar {height:2em;background-color:#2baf12;}
+ @media (prefers-color-scheme: dark) {
+ body { background-color: #1E1F21; color: #EEEFF1; }
+ #progress {background-color:#3E3F41;}
+ a { color: #BAD7FF; }
+}
+--></style>
+</head>
+<body>
+
+<h1 id=goal>Road to 3Gib!!</h1>
+<h2 id=size></h1>
+<div id="progress"><div id="bar"></div></div>
+<details open><summary>What's that?</summary>
+<p>
+I'm working on a CTF-like challenge for which I need to generate a database
+filled with random passwords and their corresponding argon2id hash.<br>
+Because argon2 is specifically made to take a long time to compute,
+my computers couldn't reach this goal in a reasonable amount of time.
+This website <strike>is</strike> was a call for help.
+</p>
+</details>
+<details><summary>You're cracking a database right?</summary>
+<p><b>No</b>.</p>
+<p>
+I know it sounds shady, but I do not need any specific password or salt,
+which this project generates randomly
+(see <a href="https://git.z3bra.org/hashcrush/file/tools/diceware.html#l22">here</a>,
+<a href="https://git.z3bra.org/hashcrush/file/hashgen/hashgen.go.html#l97">here</a>
+and <a href="https://git.z3bra.org/hashcrush/file/tools/hashdump.html#l7">there</a>),
+which would make the computed hashes way too random to be any useful as
+a real-world password cracking database.
+</p>
+</details>
+<details><summary>How do I help?</summary>
+<p>
+We reached the 3 Gib milestone on august 18<sup>th</sup> 2023.
+To this day, I do not need any more hashes. This project and the data are now in the public domain, so anyone can experiment with it. To compute your own records, follow the instructions below:
+<p>
+Clone the repository, and start crushing hashes! (<em>timeout at your discretion</em>)
+<pre>
+git clone git://git.z3bra.org/<a href='https://git.z3bra.org/hashcrush'>hashcrush.git</a>
+timeout 3h make -C hashcrush
+</pre>
+<p>
+Thanks!
+</p>
+</details>
+
+<pre id=list></pre>
+
+<script type='text/javascript'>
+/*
+ * Assumes "baseurl" provides directory listing for all the *.rec files
+ */
+var baseurl = "https://pub.z3bra.org/hashcrush/";
+var goal = 3221225472; // goal line
+var avg = 132; // average record size
+
+function getsize(url) {
+ var r = new XMLHttpRequest();
+ r.open("HEAD", url, false);
+ r.send(null);
+ return Number(r.getResponseHeader('content-length'));
+}
+
+function human(bytes, si=false, dp=1) {
+ const thresh = si ? 1000 : 1024;
+ if (Math.abs(bytes) < thresh) {
+ return bytes + ' B';
+ }
+ const units = si
+ ? ['kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB']
+ : ['KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB', 'ZiB', 'YiB'];
+ let u = -1;
+ const r = 10**dp;
+ do {
+ bytes /= thresh;
+ ++u;
+ } while (Math.round(Math.abs(bytes) * r) / r >= thresh && u < units.length - 1);
+ return bytes.toFixed(dp) + ' ' + units[u];
+}
+
+var http = new XMLHttpRequest();
+http.open("GET", baseurl, false);
+http.send(null);
+var doc = new DOMParser().parseFromString(http.response, "text/html");
+var pad = (document.documentElement.clientWidth) > 540 ? 44 : 24;
+
+var sz = 0;
+var pre = `\nfile ${"hash".padStart(pad-4)} ${"size".padStart(pad/2)}\n\n`;
+
+var a = doc.getElementsByTagName('a');
+for (i=0; i < a.length; i++) {
+ if (a[i].innerText.match(/\.rec$/)) {
+ var asz = getsize(baseurl + a[i].innerText);
+ var href = a[i].innerText;
+ sz += asz;
+
+ // append record metadata to the page
+ // hash count is a rough estimate based on filesize
+ var c = Math.floor(asz / (avg*1000))
+ var n = (c > 999) ? Math.floor(c/1000) + "M" : c + "K";
+ var hsz = human(asz).padStart(pad/2, ' ');;
+ var hct = n.padStart(pad - href.length, ' ');
+ pre += `<a href=${href}>${href}</a> ${hct} ${hsz}\n`;
+ }
+}
+
+document.getElementById('size').innerHTML = human(sz) + " / " + Math.ceil(sz / 132) + " hashes";
+document.getElementById('list').innerHTML = pre;
+document.getElementById('goal').innerText = "Congratulation!";
+document.getElementById("bar").style.width = Math.min(100, Math.floor(sz*100/goal)) + "%";
+</script>
+</body>
+</html>