I must be missing something then.
Let's say I (user id 17768) achieve Legendary status next tuesday, when my activity goes from 798 to 812. That means that:
799 <= 775 + conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 812
24 <= conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 37
0x18 <= substr(sha1(concat('17768',secretSeed)), 1, 2) <= 0x25
And by removing the substr(
, 1, 2) part we infer that secretSeed is either:
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 18, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 19, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 1a, or
...
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 25.
And it isn't difficult to find those 14 possible seeds, right?
You can find one seed (or even many seeds) that will work for your particular user id, but you will not be any closer to finding the
. To do that, you need more information, but once you have enough information, it becomes a brute-forcing problem, which is not feasible.
Seeds that work for you do not necessarily work for others. If SHA1 is strong (which so far it has proven to be), then there should be only one seed that works for everyone, and that one seed is impossible to find without searching through all possible seeds, requiring an impossible amount of computing resources.